您好我是Spring安全3的新手,但在此网站的帮助下,我成功开发了身份验证和授权。现在我想从context-security.xml中删除intercept-url模式。我希望获取特定用户表单数据库的权限并动态创建。我在这里......
<beans:bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<custom-filter before="FIRST" ref="requestMappings"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="accessDecisionManager" />
<beans:property name="objectDefinitionSource" ref="requestMappings" />
</beans:bean>
<beans:bean id="requestMappings" class="com.nmmc.common.security.repository.RequestMappingFactoryBean" />
<http auto-config="true" once-per-request="false">
<!-- Restrict URLs based on role -->
<intercept-url pattern="/login.works" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/login/validate.works" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/css/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-page="/login.works" login-processing-url="/j_spring_security_check"
default-target-url="/login/validate.works"
authentication-failure-url="/login.works" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/login.works" invalidate-session="true" />
<session-management invalid-session-url="/login.works"
session-fixation-protection="none">
<concurrency-control max-sessions="50"
error-if-maximum-exceeded="true" />
</session-management>
</http>
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider"></authentication-provider>
</authentication-manager>
<beans:bean id="customAuthenticationProvider"
class="com.nmmc.common.security.repository.CustomAuthenticationProvider"></beans:bean>
在RequestMappingFactoryBean
中import org.springframework.beans.factory.FactoryBean;
public class RequestMappingFactoryBean implements FactoryBean{
private final static String EOL = System.getProperty("line.separator");
public Object getObject() throws Exception
{
StringBuffer sb = new StringBuffer();
sb.append("CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON");
sb.append(EOL);
sb.append("PATTERN_TYPE_APACHE_ANT");
sb.append(EOL);
sb.append("/**login.works=IS_AUTHENTICATED_ANONYMOUSLY");
sb.append(EOL);
sb.append("/user/**=ROLE_ADMIN");
return sb.toString();
}
public Class getObjectType()
{
return String.class;
}
public boolean isSingleton()
{
return true;
}
}
当我从
中删除ref时<custom-filter before="FIRST" ref="requestMappings"/>
然后它给出错误,必须定义ref,如果我定义它并运行我的应用程序它会给出错误,如
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Security namespace does not support decoration of element [custom-filter]
这就是为什么我定义为给定。 我的代码是否有任何变化来运行它?
答案 0 :(得分:1)