1. 首頁
  2. 問答
  3. Spring安全錯誤

Spring安全錯誤

2014-04-16 94 views
0

嗨,我是春季安全新手,嘗試通過spring security應用身份驗證和授權。Spring安全錯誤

運行應用程序時我收到此異常:

javax.servlet.ServletException: java.lang.NoClassDefFoundError:org/springframework/security/access/expression/SecurityExpressionHandler 

description The server encountered an internal error that prevented it from fulfilling this request. 

exception 
org.apache.jasper.JasperException: javax.servlet.ServletException: java.lang.NoClassDefFoundError: org/springframework/security/access/expression/SecurityExpressionHandler 
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:549) 
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:455) 
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390) 
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:727) 
org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238) 
org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:263) 
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1208) 
org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:992) 
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939) 
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856) 
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936) 
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:620) 
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812) 
javax.servlet.http.HttpServlet.service(HttpServlet.java:727) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368) 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109) 
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:109) 
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380) 
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169) 
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343) 
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

web.xml文件:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xmlns="http://java.sun.com/xml/ns/javaee" 
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> 
<display-name>bsolPortalWebApp</display-name> 
<welcome-file-list> 
<welcome-file>login.jsp</welcome-file> 
</welcome-file-list> 
<servlet> 
<servlet-name>springDispatcher</servlet-name> 
<servlet-class> 
     org.springframework.web.servlet.DispatcherServlet 
    </servlet-class> 
    <init-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value>/WEB-INF/config/spring-context.xml</param-value> 
</init-param> 
<load-on-startup>1</load-on-startup> 
</servlet> 

<servlet-mapping> 
<servlet-name>springDispatcher</servlet-name> 
<url-pattern>/</url-pattern> 
</servlet-mapping> 

<listener> 
    <listener-class> 
       org.springframework.web.context.ContextLoaderListener 
      </listener-class> 
</listener> 


<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/config/spring-context.xml, 
     /WEB-INF/config/spring-security.xml 
    </param-value> 
</context-param> 

    <filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class> 
       org.springframework.web.filter.DelegatingFilterProxy 
      </filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 
    </web-app>

我的彈簧security.xml文件是

<beans:beans xmlns="http://www.springframework.org/schema/security" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd"> 

<http auto-config="true"> 
    <intercept-url pattern="/PoolB/*" requires-channel="http"   access="ROLE_USER,ROLE_ADMIN" />   
    <form-login login-page="/login" default-target-url="/PoolB/Welcome" authentication-failure-url="/loginfailed" />        
logout logout-success-url="/logout" />   
</http> 
    <authentication-manager> 
    <authentication-provider> 
    <user-service> 
    <user name="abc" password="abc" authorities="ROLE_USER" /> 
    <user name="xyz" password="xyz" authorities="ROLE_USER" /> 
    </user-service> 
    </authentication-provider> 
    </authentication-manager> 
    </beans:beans>

登錄.jsp文件是:

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 
<html> 
<head> 
<title>Login Page</title> 

<link href="${pageContext.request.contextPath}/resources/css/background.css" rel="stylesheet" > 

    <style> 
    .errorblock { 
color: #ff0000; 
background-color: #ffEEEE; 
border: 3px solid #ff0000; 
padding: 8px; 
margin: 16px; 
    margin-right:500px; 
    margin-left:500px; 
    } 
    </style> 

</head> 
<body onload='document.f.j_username.focus();'> 
<h3>Login with Username and Password (Authentication with Database)</h3> 
<c:if test="${not empty error}"> 
<div class="errorblock"> 
     Your login attempt was not successful, try again.<br /> Caused : 
    ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} 
</div> 
</c:if>     
<form name='f' action="<c:url value='j_spring_security_check' />" method='POST'> 
<table align="center"> 
     <tr> 
    <td>User:</td> 
    <td><input type='text' name='j_username' value='' id='uname'> 
    </td> 
    </tr> 
    <tr> 
    <td>Password:</td> 
    <td><input type='password' name='j_password' id='pword'/> 
    </td> 
    </tr>   
    <tr> 
    <td><input type="submit" value="Login"></td> 
    <td><input name="reset" type="Reset" /></td> 
    </tr> 
</table> 
</form> 
</body> 
</html>

文件Welcome.jsp中是:

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO- 8859-1"%> 
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %> 
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> 
<html> 
<head> 
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 
<title>Insert title here</title> 
</head> 
<body> 
Hi U R Succesfully Loged in. 
<br/> 
<security:authorize access="hasRole('ROLE_ADMIN')"> 
<p> 
<a href="..../ScorpioWebApp/PoolB/insert">InsertRecord</a> 
</p> 
</security:authorize> 
<a href="..../ScorpioWebApp/PoolB/View">RetriveRecord</a> 
</body>

和增加的罐子:

1.com.springsource.org.apache.commons.logging-1.1.1.jar 
2.com.springsource.org.apache.log4j-1.2.15.jar 
3.javax.servlet.jsp.jstl-1.2.1.jar 
4.jstl-1.2.jar 
5.log4j-1.2.11.jar 
6.log4j.jar 
7.spring-aop-3.0.3.RELEASE.jar 
8.spring-aop-3.2.5.RELEASE.jar 
9.spring-aspects-3.2.5.RELEASE.jar 
10.spring-beans-3.2.5.RELEASE.jar 
11.spring-build-src-3.2.5.RELEASE.jar 
12.spring-context-3.2.5.RELEASE.jar 
13.spring-context-support-3.2.5.RELEASE.jar 
14.spring-core-3.2.5.RELEASE.jar 
15.spring-expression-3.2.5.RELEASE.jar 
16.spring-instrument-3.2.5.RELEASE.jar 
17.spring-instrument-tomcat-3.2.5.RELEASE.jar 
18.spring-jdbc-3.2.5.RELEASE.jar 
19.spring-jms-3.2.5.RELEASE.jar 
20.spring-mobile-device-1.1.0.RELEASE.jar 
21.spring-orm-3.2.5.RELEASE.jar 
22.spring-oxm-3.2.5.RELEASE.jar 
23.spring-security-config-3.0.5.RELEASE.jar 
24.spring-security-core-3.0.5.RELEASE.jar 
25.spring-security-taglibs-3.1.0.RELEASE.jar 
26.spring-security-web-3.0.5.RELEASE.jar 
27.spring-struts-3.2.5.RELEASE.jar 
28.spring-test-3.2.5.RELEASE.jar 
29.spring-tx-3.2.5.RELEASE.jar 
30.spring-web-3.2.5.RELEASE.jar 
31.spring-webmvc-3.2.5.RELEASE.jar 
32.spring-webmvc-portlet-3.2.5.RELEASE.jar 
33.sqljdbc4.jar

誰能幫我解決這個問題..

It was the problem with jar only. I added 3.1.0 version of all spring security jars and as per the suggestiong from other users added the following bean to spring configuration 

<bean id="webexpressionHandler" class="org.springframework.security.web.access.exp

來源

2014-04-16 user3541321

回答

1

問題似乎這是因爲您在使用security-taglibs-3.1.0.RELEASE時將Spring Security 3.0.x依賴項添加到類路徑中。 嘗試使用Spring Security的3.1.X的所有依賴

SecurityExpressionHandler加入的Spring Security 3.1

UPDATE

您還需要更新spring.security.xml的XSD引用

和以下bean添加到彈簧配置

<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

來源

2014-04-16 15:32:27 geoand

+0

嗨,我糾正了現在我使用的3.1.0版本的所有彈簧安全瓶的jar依賴關係,然後運行時,我正在收到「HTTP狀態404異常」。請讓我知道如果還有其他事情需要改變。奇怪的是我有一次使用舊的罐子,然後我沒有得到這個錯誤,並能夠看到登錄頁面,但添加彈簧安全3.1.0罐子後,我得到這個錯誤.. – user3541321

+0

在spring-security.xml ,請嘗試更改所有對Spring 3.0的引用以彈出3.1並查看是否有幫助 – geoand

+0

檢查我更新的答案 – geoand

相關問題

 相關問題