我正在使用Spring Security运行NTLM,我收到以下错误
org.springframework.beans.factory.NoSuchBeanDefinitionException:没有定义名为'springSecurityFilterChain'的bean
如何解决此错误?
我在web.xml中定义了以下内容
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
更新1
我解决了这个错误,现在我正在
org.springframework.beans.factory.NoSuchBeanDefinitionException:没有定义名为'filterSecurityInterceptor'的bean
我有以下
<bean id="springSecurityFilterChain" class="org.acegisecurity.util.FilterChainProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=httpSessionContextIntegrationFilter, exceptionTranslationFilter, ntlmFilter, filterSecurityInterceptor
</value>
</property>
</bean>`
我改变了我的applicationContext.xml,因为像@Sean一样,Patrick Floyd提到一些元素已经老了,已经死了并埋葬了。但是我现在还有其他错误需要修复: - )
由于
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
<!--<authentication-manager alias="_authenticationManager"></authentication-manager>-->
<security:authentication-provider>
<security:user-service>
<security:user name="testuser" password="PASSWORD" authorities="ROLE_USER, ROLE_ADMIN"/>
<security:user name="administrator" password="PASSWORD" authorities="ROLE_USER,ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
<bean id="userDetailsAuthenticationProvider"
class="com.icesoft.icefaces.security.UserDetailsAuthenticationProvider">
<security:custom-authentication-provider/>
</bean>
<bean id="ntlmEntryPoint"
class="org.springframework.security.ui.ntlm.NtlmProcessingFilterEntryPoint">
<property name="authenticationFailureUrl" value="/accessDenied.jspx"/>
</bean>
<bean id="ntlmFilter" class="org.springframework.security.ui.ntlm.NtlmProcessingFilter">
<security:custom-filter position="NTLM_FILTER"/>
<property name="stripDomain" value="true"/>
<property name="defaultDomain" value="domain"/>
<property name="netbiosWINS" value="domain"/>
<property name="authenticationManager" ref="_authenticationManager"/>
</bean>
<bean id="exceptionTranslationFilter"
class="org.springframework.security.ui.ExceptionTranslationFilter">
<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
</bean>
<security:http access-decision-manager-ref="accessDecisionManager"
entry-point-ref="ntlmEntryPoint">
<security:intercept-url pattern="/accessDenied.jspx" filters="none"/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
<bean id="accessDecisionManager" class="org.springframework.security.vote.UnanimousBased">
<property name="allowIfAllAbstainDecisions" value="false"/>
<property name="decisionVoters">
<list>
<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter"/>
</list>
</property>
</bean>
</beans>
答案 0 :(得分:41)
请注意,过滤器实际上是一个 DelegatingFilterProxy,而不是 实际实现的类 过滤器的逻辑。什么 DelegatingFilterProxy的确是委托 Filter的方法通过bean 这是从春天获得的 应用程序上下文。这使得 bean受益于Spring网站 应用上下文生命周期支持 和配置灵活性。的的 bean必须实现 javax.servlet.Filter,它必须有 与中的同名 过滤器名称元素。阅读Javadoc for DelegatingFilterProxy获取更多信息 信息
您需要定义一个名为springSecurityFilterChain的bean,它在您的应用程序上下文中实现javax.servlet.Filter。
来自Getting Started with Security Namespace Configuration:
如果您熟悉pre-namespace 你可以使用框架的版本 可能已经大致猜到了什么 继续在这里。
<http>元素是 负责创建一个FilterChainProxy和过滤器bean 它使用。常见问题如 错误的过滤顺序是否定的 过滤器问题的时间越长 职位是预定义的。
答案 1 :(得分:6)
肖恩·帕特里克·弗洛伊德是绝对正确的,但我认为值得一提的是一个解决方案,这对我来说花了很多时间。
您只需添加@ImportResource注释即可。
@Configuration
@EnableWebMvc
@ComponentScan(basePackages = {"org.company"})
@ImportResource({"classpath:security.xml"})
public class CompanyWebMvcConfiguration extends WebMvcConfigurerAdapter {
}
security.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http use-expressions="true">
<access-denied-handler error-page="/error"/>
</http>
答案 2 :(得分:3)
在Java配置中,您可以使用以下注释:
[HttpPost()]
[Route("api/products/{id:int}")]
public HttpResponseMessage AddProduct([FromUri()] int id, [FromBody()] Product product)
{
// Add product
}
这将导入定义@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
}
bean的org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration配置类。
答案 3 :(得分:1)
请提供最小配置的弹簧安全文件
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.3.xsd“&gt;
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>