我无法弄清楚问题。我经历了许多春季安全问题,但无法理解我的错误。
我的POM.xml(部分)
<!--depencdency for Spring Security-->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.5.RELEASE</version>
</dependency>
的web.xml
<context-param>
<param-name>spring.profiles.active</param-name>
<param-value>web</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</context-param>
<servlet>
<servlet-name>mvc-dispatcher-servlet</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher-servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>
org.sitemesh.config.ConfigurableSiteMeshFilter
</filter-class>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
弹簧security.xml文件
<security:http auto-config="true" use-expressions="true" entry-point-ref="authenticationEntryPoint"
authentication-manager-ref="authenticationManager">
<security:intercept-url access="hasRole('0101-01-VIEW')" pattern="/personalInformation.jsp"/>
<security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrentSessionFilter"/>
<security:custom-filter before="FORM_LOGIN_FILTER" ref="authFilter"/>
<security:custom-filter after="EXCEPTION_TRANSLATION_FILTER" ref="ajaxTimeoutRedirectFilter"/>
<security:form-login always-use-default-target="false" authentication-failure-url="/login?error"
default-target-url="/home" login-page="/login"
login-processing-url="/auth"
authentication-details-source-ref="authenticationDetialsSource"
username-parameter="username" password-parameter="password"
authentication-success-handler-ref="loginSuccessHandler"
authentication-failure-handler-ref="loginFailureHandler"/>
<security:logout logout-url="/logout" success-handler-ref="loginSuccessHandler"
invalidate-session="true" delete-cookies="JESSIONID"/>
<security:session-management session-authentication-strategy-ref="sas" invalid-session-url="/login"/>
<security:access-denied-handler ref="accessDeniedHandler"/>
<security:http-basic/>
<security:csrf/>
</security:http>
<security:authentication-manager alias="authenticationManager" erase-credentials="true">
<security:authentication-provider ref="authenticationProvider"/>
</security:authentication-manager>
<bean class="org.springframework.security.core.session.SessionRegistryImpl" id="sessionRegistry"/>
<bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEncoder"/>
<bean class="com.security.WebAuthenticationDetialsSource" id="authenticationDetialsSource"/>
<bean class="com.security.AjaxTimeoutRedirectFilter" id="ajaxTimeoutRedirectFilter"/>
<bean class="com.security.WebAuthenticationProvider" id="authenticationProvider">
<property name="loginSerivice" ref="loginService"/>
<property name="authenticationDetialsSource" ref="authenticationDetialsSource"/>
<property name="passwordEncoder" ref="passwordEncoder"/>
</bean>
<bean class="com.security.AuthenticationEntryPoint" id="authenticationEntryPoint">
<constructor-arg name="loginFormUrl" value="/login"/>
</bean>
<bean class="com.security.WebAccessDeniedHandler" id="accessDeniedHandler">
<property name="accessDeniedUrl" value="403"/>
<property name="loginSerivice" ref="loginService"/>
</bean>
<bean class="com.security.LoginSuccessHandler" id="loginSuccessHandler">
<constructor-arg name="defaultTargetUrl" value="/home"/>
<property name="loginSerivice" ref="loginService"/>
</bean>
<bean class="com.security.LoginFailureHandler" id="loginFailureHandler">
<constructor-arg name="defaultFailureUrl" value="/login?error"/>
<property name="loginSerivice" ref="loginService"/>
</bean>
<bean class="com.security.LogoutSuccessHandler" id="logoutSuccessHandler">
<constructor-arg name="defaultTargetUrl" value="/login"/>
</bean>
<bean class="com.security.LogoutFailureHandler" id="logoutFailureHandler">
<property name="loginSerivice" ref="loginService"/>
</bean>
<bean class="org.springframework.security.web.session.ConcurrentSessionFilter" id="concurrentSessionFilter">
<constructor-arg name="sessionRegistry" ref="sessionRegistry"/>
<constructor-arg name="expiredUrl" value="/login"/>
</bean>
<bean class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter" id="authFilter">
<property name="sessionAuthenticationStrategy" ref="sas"/>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy"
id="sas">
<constructor-arg>
<list>
<bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<constructor-arg ref="sessionRegistry"/>
<property name="maximumSessions" value="1"/>
<property name="exceptionIfMaximumExceeded" value="true"/>
</bean>
<bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"/>
<bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<constructor-arg ref="sessionRegistry"/>
</bean>
</list>
</constructor-arg>
</bean>
LoginSuccessHandler类:
public class LoginSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
private ILoginSerivice loginSerivice;
public void setLoginSerivice(ILoginSerivice loginSerivice) {
this.loginSerivice = loginSerivice;
}
public LoginSuccessHandler(String defaultTargetUrl) {
super(defaultTargetUrl);
}
@Override
public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
super.onAuthenticationSuccess(request, response, authentication);
LoginDTO user = (LoginDTO) authentication.getPrincipal();
HttpSession session = request.getSession(true);
int sessionTimeOut = user.getSessionTimeOut() * 60;
session.setMaxInactiveInterval(sessionTimeOut);
if (user.getKeepLoginRecordYN()) {
String workStationIp = request.getRemoteAddr();
loginSerivice.keepLoginRecord(user.getUserName(),user.getBranchCode(),workStationIp);
}
}
}
错误文件:
org.springframework.beans.factory.BeanCreationException: Error creating
bean with name 'org.springframework.security.filterChains':
Cannot resolve reference to bean org.springframework.security.web
.DefaultSecurityFilterChain#0'while setting bean property 'sourceList' with key [0]; nested exception is
org.springframework.beans.factory.BeanCreationException: Error creating bean with name
'org.springframework.security.web.DefaultSecurityFilterChain#0':
Cannot create inner bean '(inner bean)#5fa7c2' of type
[org.springframework.security.web.authentication.logout.LogoutFilter]
while setting constructor argument with key [4]; nested exception is
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name '(inner bean)#5fa7c2': Unsatisfied dependency
expressed through constructor argument with index 0 of type
[java.lang.String]: Could not convert constructor argument value of type
[com.security.LoginSuccessHandler] to required type [java.lang.String]:
Failed to convert value of type 'com.security.LoginSuccessHandler' to
required type 'java.lang.String'; nested exception is
java.lang.IllegalStateException: Cannot convert value of type
[com.security.LoginSuccessHandler] to required type [java.lang.String]:
no matching editors or conversion strategy found
Related cause:
org.springframework.beans.factory.UnsatisfiedDependencyException: Error
creating bean with name '(inner bean)#5fa7c2': Unsatisfied dependency
expressed through constructor argument with index 0 of type [org.springframework.security.web.authentication.logout.LogoutSuccessHandler]
: Could not convert constructor argument value of type
[com.security.LoginSuccessHandler] to required type [org.springframework.security.web.authentication.logout.LogoutSuccessHandler]
: Failed to convert value of type 'com.security.LoginSuccessHandler'
to required type'org.springframework.security.web.authentication.logout. LogoutSuccessHandler';
nested exception is java.lang.IllegalStateException: Cannot convert
value of type [com.security.LoginSuccessHandler]
to required type org.springframework.security.web.authentication.logout.LogoutSuccessHandler]
: no matching editors or conversion strategy found
答案 0 :(得分:2)
我同意M. Deinum的评论;错误消息指出Spring期望''' <summary>
''' Runs the auth check.
''' </summary>
''' <param name="authToken">The auth token.</param>
Public Shared Sub AuthCheck(ByVal authToken As AuthToken)
'This is a "comment" - oh yeah
If Not authToken.Equals(foo, StringComparison.OrdinalIgnoreCase) Then 'else
Throw New Exception("don't count this as a comment!") 'comment here
End If
End Sub
,但您在以下配置块中传递了LogoutSuccessHandler:
LoginSuccessHandler