Spring Security DelegatingFilterProxy无限递归

时间:2017-04-21 13:49:11

标签: java spring spring-security

在启动网络应用程序后第一次请求(到主页)后,我有这个例外。

java.lang.StackOverflowError: null
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.3.7.RELEASE.jar:4.3.7.RELEASE...

web.xml 包含DelegatingFilterProxy 

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

applicationContext.xml 还包含id为&#34; springSecurityFilterChain&#34;

的bean 
<context:component-scan base-package="controllers, services, hibernate.dao" />
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>

security.xml文件 

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
         xmlns:beans="http://www.springframework.org/schema/beans"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="
         http://www.springframework.org/schema/beans
         http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
         http://www.springframework.org/schema/security
         http://www.springframework.org/schema/security/spring-security-4.2.xsd"> 
<http auto-config="true" use-expressions="true">
    <intercept-url pattern="/admin**" access="hasRole('ROLE_ADMIN')" />

    <!-- access denied page -->
    <access-denied-handler error-page="/403" />
    <form-login
            login-page="/login"
            default-target-url="/home"
            authentication-failure-url="/login?error"
            username-parameter="username"
            password-parameter="password" />
    <logout logout-success-url="/login?logout" />
    <!-- enable csrf protection -->
    <csrf />
</http>

<authentication-manager>
    <authentication-provider user-service-ref="userDetailsService" >
        <password-encoder hash="md5" />
    </authentication-provider>
</authentication-manager>

有任何想法吗?

2 个答案:

答案 0 :(得分:1)

试试这个,

的web.xml 

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee  http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd"
id="WebApp_ID" version="3.1">
<display-name>SpringWebSecurity</display-name>

<servlet>
    <servlet-name>myservlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
WEB-INF/myservlet-servlet.xml
</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>myservlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>


<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
</param-value>
</context-param>
   <listener>
    <listener- class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>


<!-- Bellow filters are for spring security -->
<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

</web-app>

然后你的myservlet-servlet.xml应该类似于下面的

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jdbc="http://www.springframework.org/schema/jdbc" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.3.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
    http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang-4.3.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.3.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd">



<context:component-scan base-package="kumar.amit.safims.controller">

</context:component-scan>


<!-- Put this to handle all static resources eg:. css,js,images etc -->
<mvc:resources location="/resources/" mapping="/resources/**" />
<mvc:annotation-driven />
<context:annotation-config />


<bean 
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
    <property name="prefix" value="/WEB-INF/views/jsp/" />
    <property name="suffix" value=".jsp" />

</bean>



</bean>
</beans>

您的ApplicationContext.xml应类似于下面的内容: 注意:这里没什么特别的,除非你在这里有自己的豆子, 无需写入或提示springSecurityFilterChain HERE,

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"   xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.3.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd">

<context:component-scan base-package="kumar.amit.safims" />


<context:annotation-config />

<!-- To make @Transaction work add this -->
<tx:annotation-driven />

<!-- Write all your beans here which are not part of view layers -->
<!-- Initialization for data source -->
<bean id="dataSource"
    class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="org.mariadb.jdbc.Driver" />
    <property name="url" value="jdbc:mariadb://localhost:3306/safims" />
    <property name="username" value="root" />
    <property name="password" value="hariOm2" />
</bean>
</beans>

最后安全上下文,您可以给出任何名称,我已经给出了security-context.xml,但请确保您在web.xml中提到了这个名称,如下所示:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>WEB-INF/myservlet-servlet.xml
WEB-INF/security-context.xml
WEB-INF/applicationContext.xml
</param-value>
</context-param>
<listener>
    <listener- class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

注意:将文件中的xmlns命名空间设置为安全性或复制pase my file,然后根据需要进行修改。 security-context.xml文件将如下所示:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"  xmlns:security="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">


<context:component-scan base-package="kumar.amit.safims.service.security">

</context:component-scan>

<!-- Add this bean here to make use of expression at view or jsp level  and 
    nothing else -->
<bean
     class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

<security:http auto-config="true" use-expressions="true">

    <!-- To get the default login form just disable the http-basic auth  -->
    <!-- <security:http-basic/> -->
    <security:form-login login-page="/login"
        login-processing-url="/login" username-parameter="customEmail"
        password-parameter="customPassword" default-target-url="/postLogin"
        always-use-default-target="true" authentication-failure-url="/login?error=true" />

    <!-- for logout functionality -->
    <security:logout logout-url="/logout" 
        invalidate-session="true" logout-success-url="/login?logout=true" />

    <security:intercept-url pattern="/server"   access="hasRole('ROLE_ADMIN') " />
    <security:intercept-url pattern="/driverLicense" access="hasRole('ROLE_FACULTY') OR hasRole('ROLE_ADMIN') " />
    <security:intercept-url pattern="/user/*" access="hasRole('ROLE_FACULTY') OR hasRole('ROLE_ADMIN')" />
    <security:intercept-url pattern="/resources/**" access="permitAll" />
    <security:intercept-url pattern="/**" access="hasRole('ROLE_ANONYMOUS') OR hasRole('ROLE_ADMIN') OR  hasRole('ROLE_FACULTY') OR hasRole('ROLE_STUDENT')" />

</security:http>


<security:authentication-manager>
    <security:authentication-provider
        user-service-ref="customUserDetailsService" />
</security:authentication-manager>
</beans>

注意:请随意澄清。快乐的编码,欢呼!!!!!!

答案 1 :(得分:-1)

试试这个: 首先从applicationContext.xml文件中删除此行,因为当您使用...标签时,Spring安全性会自行创建一个,因此需要像您一样明确添加。

<bean id="springSecurityFilterChain"  class="org.springframework.web.filter.DelegatingFilterProxy"/>

注意:更清晰的提供弹簧安全上下文文件

相关问题
最新问题