我嘗試使用spring安全性進行一些簡單的記憶認證,但是當我試圖實現accessDecisionManager時發現了這個錯誤。這裏的錯誤日誌:Java Spring Security AccessDecisionManager:UnanimousBased無法解析表達式'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'
org.springframework.beans.factory.BeanCreationException:錯誤 與名製作豆「org.springframework.security.filterChains」: 無法解析參考豆 「org.springframework.security .web.DefaultSecurityFilterChain#0',而 用鍵[0]設置bean屬性'sourceList';嵌套的例外是 org.springframework.beans.factory.BeanCreationException:錯誤 創建名稱爲 「org.springframework.security.web.DefaultSecurityFilterChain#0」豆: 無法解析參考豆 「org.springframework.security.web .access.intercept.FilterSecurityInterceptor#0' while set constructor argument with key [10];嵌套的異常是 org.springframework.beans.factory.BeanCreationException:錯誤 創建Bean的名稱爲 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': 無法創建內部bean'(內部bean)' [org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource] while set bean property'securityMetadataSource';嵌套異常 is org.springframework.beans.factory.BeanCreationException:錯誤 創建名爲'(內部bean)#19'的bean:Bean 的實例化失敗;嵌套的異常是 org.springframework.beans.BeanInstantiationException:無法 實例化bean類 [org.springframework.security.web.access.expression.ExpressionBasedFilterInvocationSecurityMetadataSource]: 構造拋出異常;嵌套的例外是 java.lang.IllegalArgumentException異常:無法解析表達式 'ROLE_ADMIN,IS_AUTHENTICATED_FULLY'
,這是我的XML文件。 的web.xml
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring Security Eksplorasi</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring MVC -->
<servlet>
<servlet-name>kampus</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>kampus</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-database.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
所以這是對你的幫助的朋友我的彈簧security.xml文件
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value="ROLE_"/>
</beans:bean>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</beans:list>
</beans:property>
</beans:bean>
<security:http auto-config="true" use-expressions="true" access-decision-manager-ref="accessDecisionManager">
<security:remember-me key="kampus-rememberme" data-source-ref="dataSource" />
<security:intercept-url pattern="/admin/*" access="ROLE_ADMIN, IS_AUTHENTICATED_FULLY" />
<security:access-denied-handler error-page="/403" />
<security:form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<security:logout logout-success-url="/login?logout" />
<!-- enable csrf protection
<csrf/>-->
</security:http>
<!--
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
-->
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query=
"select username,password, status from users where username=?"
authorities-by-username-query=
"select username, role from user_roles where username =? " />
</security:authentication-provider>
</security:authentication-manager>
</beans>
千恩萬謝。
我試過了,但應用仍顯示相同的錯誤。 – dadang1234 2014-11-14 16:00:51
當我不使用accessDecisionManager bean並刪除access-decision-manager-ref屬性時,該應用程序運行良好。問題是我想用這個bean更安全,而不僅僅是記住我。對不起,英文不好:( – dadang1234 2014-11-14 16:05:11
然後它可能與角色前綴有關,你定義了' ',但是你的角色IS_AUTHENTICATED_FULLY不是以「ROLE_ 「你可以檢查嗎?使它成爲'ROLE_IS_AUTHENTICATED_FULLY'只是爲了測試。 –
2014-11-14 16:10:54