1. 首頁
  2. 問答
  3. Java Spring Security AccessDecisionManager:UnanimousBased無法解析表達式'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'

Java Spring Security AccessDecisionManager:UnanimousBased無法解析表達式'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'

2014-11-14 18 views
1

我嘗試使用spring安全性進行一些簡單的記憶認證,但是當我試圖實現accessDecisionManager時發現了這個錯誤。這裏的錯誤日誌:Java Spring Security AccessDecisionManager:UnanimousBased無法解析表達式'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'

org.springframework.beans.factory.BeanCreationException:錯誤 與名製作豆「org.springframework.security.filterChains」: 無法解析參考豆 「org.springframework.security .web.DefaultSecurityFilterChain#0',而 用鍵[0]設置bean屬性'sourceList';嵌套的例外是 org.springframework.beans.factory.BeanCreationException:錯誤 創建名稱爲 「org.springframework.security.web.DefaultSecurityFilterChain#0」豆: 無法解析參考豆 「org.springframework.security.web .access.intercept.FilterSecurityInterceptor#0' while set constructor argument with key [10];嵌套的異常是 org.springframework.beans.factory.BeanCreationException:錯誤 創建Bean的名稱爲 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': 無法創建內部bean'(內部bean)' [org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] while set bean property'securityMetadataSource';嵌套異常 is org.springframework.beans.factory.BeanCreationException:錯誤 創建名爲'(內部bean)#19'的bean:Bean 的實例化失敗;嵌套的異常是 org.springframework.beans.BeanInstantiationException:無法 實例化bean類 [org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: 構造拋出異常;嵌套的例外是 java.lang.IllegalArgumentException異常:無法解析表達式 'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'

,這是我的XML文件。 的web.xml

<web-app id="WebApp_ID" version="2.4" 
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> 

<display-name>Spring Security Eksplorasi</display-name> 
<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<!-- Spring MVC --> 
<servlet> 
    <servlet-name>kampus</servlet-name> 
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
    <load-on-startup>1</load-on-startup> 
</servlet> 
<servlet-mapping> 
    <servlet-name>kampus</servlet-name> 
    <url-pattern>/</url-pattern> 
</servlet-mapping> 

<!-- Spring Security --> 
<filter> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
</filter> 

<filter-mapping> 
    <filter-name>springSecurityFilterChain</filter-name> 
    <url-pattern>/*</url-pattern> 
</filter-mapping> 

<listener> 
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> 
</listener> 

<context-param> 
    <param-name>contextConfigLocation</param-name> 
    <param-value> 
     /WEB-INF/spring-database.xml, 
     /WEB-INF/spring-security.xml 
    </param-value> 
</context-param>

所以這是對你的幫助的朋友我的彈簧security.xml文件

<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:security="http://www.springframework.org/schema/security" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:beans="http://www.springframework.org/schema/beans" 
xsi:schemaLocation="http://www.springframework.org/schema/beans 
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 

    <beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> 
     <beans:property name="decisionVoters"> 
      <beans:list> 
       <beans:bean class="org.springframework.security.access.vote.RoleVoter"> 
        <beans:property name="rolePrefix" value="ROLE_"/> 
       </beans:bean> 
       <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/> 
      </beans:list> 
     </beans:property> 
    </beans:bean> 

    <security:http auto-config="true" use-expressions="true" access-decision-manager-ref="accessDecisionManager"> 
     <security:remember-me key="kampus-rememberme" data-source-ref="dataSource" /> 
     <security:intercept-url pattern="/admin/*" access="ROLE_ADMIN, IS_AUTHENTICATED_FULLY" /> 
     <security:access-denied-handler error-page="/403" /> 
     <security:form-login 
      login-page="/login" 
      default-target-url="/welcome" 
      authentication-failure-url="/login?error" 
      username-parameter="username" 
      password-parameter="password" /> 
     <security:logout logout-success-url="/login?logout" /> 
     <!-- enable csrf protection 
     <csrf/>--> 
    </security:http> 
    <!-- 
    <bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> 
     <constructor-arg> 
      <list> 
       <bean class="org.springframework.security.access.vote.RoleVoter" /> 
       <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> 
      </list> 
     </constructor-arg> 
    </bean> 
    --> 

    <security:authentication-manager> 
     <security:authentication-provider> 
      <security:jdbc-user-service data-source-ref="dataSource" 
       users-by-username-query= 
        "select username,password, status from users where username=?" 
       authorities-by-username-query= 
        "select username, role from user_roles where username =? " /> 
     </security:authentication-provider> 
    </security:authentication-manager> 

</beans>

千恩萬謝。

來源

2014-11-14 dadang1234

回答

2

也許你只需要在訪問屬性中刪除空格:

access="ROLE_ADMIN, IS_AUTHENTICATED_FULLY" 


access="ROLE_ADMIN,IS_AUTHENTICATED_FULLY"

如果這不起作用,嘗試這樣的:

access="hasAnyRole('ROLE_ADMIN', 'IS_AUTHENTICATED_FULLY')"

類似問題:Spring Security 3 specify multiple intercept-url access roles

檢查Teja的答案。

來源

2014-11-14 15:52:26

+0

我試過了,但應用仍顯示相同的錯誤。 – dadang1234 2014-11-14 16:00:51

+0

當我不使用accessDecisionManager bean並刪除access-decision-manager-ref屬性時,該應用程序運行良好。問題是我想用這個bean更安全,而不僅僅是記住我。對不起,英文不好:( – dadang1234 2014-11-14 16:05:11

+0

然後它可能與角色前綴有關,你定義了'',但是你的角色IS_AUTHENTICATED_FULLY不是以「ROLE_ 「你可以檢查嗎?使它成爲'ROLE_IS_AUTHENTICATED_FULLY'只是爲了測試。 – 2014-11-14 16:10:54

0

您正在使用expression based access control(默認情況下,你明確地use-expressions="true"聲明它),並ROLE_ADMIN, IS_AUTHENTICATED_FULLY不是有效的表達,但「舊風格」的角色列表,以便要麼設置use-expressionsfalse或替代的「舊式」的角色列表表情hasRole('ROLE_ADMIN') or isFullyAuthenticated()

來源

2015-06-16 21:55:41

相關問題

 相關問題