彈簧安全性從版本3遷移到4後無法工作

Question

最近我從Spring Security 3遷移到了第4版。一切運行良好，但現在沒有任何效果。

這裏是我的spring-security.xml：

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
    http://www.springframework.org/schema/beans/spring-beans-4.2.xsd 
    http://www.springframework.org/schema/security 
    http://www.springframework.org/schema/security/spring-security-4.0.xsd"> 

    <http auto-config="true" use-expressions="true"> 
     <intercept-url pattern="/home.MRCMPU" access="permitAll"/> 
     <intercept-url pattern="/loginFailure.MRCMPU" access="permitAll"/> 
     <intercept-url pattern="/*.MRCMPU" access="permitAll"/> 
     <intercept-url pattern="/con" access="permitAll"/> 

     <form-login 
      login-page="/home.MRCMPU" 
      login-processing-url="/login" authentication-success-handler-ref="AuthenticationSuccess" 
      authentication-failure-handler-ref="AuthenticationFailure" username-parameter="username" password-parameter="password" /> 
     <logout logout-url="/logout.MRCMPU" success-handler-ref="Logout" invalidate-session="true" delete-cookies="true"/> 
    </http> 

    <authentication-manager> 
     <authentication-provider user-service-ref="Authentication"/> 
    </authentication-manager> 
</beans:beans> 

任何人都可以找到這段代碼的衝突？

Answer 1

您在這裏錯過了很多推薦的bean。

1. user-service-ref="Authentication"
2. success-handler-ref="Logout"
3. authentication-success-handler-ref="AuthenticationSuccess"
4. authentication-failure-handler-ref="AuthenticationFailure"

對於上面提到的參考文獻，你應該有豆否則，像

命名爲 '退出' 無豆一世s定義

異常將被拋出。

添加bean類像

<bean id="Authentication" 
    class="class which you need to refer"> 
</bean> 

Answer 2

我終於清除了它自己。 禁用CSRF利用XML

<csrf disabled="true"/> 

，但我怎麼能做到這一點，而無需禁用CSRF令牌