Spring Security XML錯誤 - cvc-complex-type.2.4.a：發現無效內容以元素'csrf'開頭

Question

我在我的web應用程序項目中使用Spring Security。我想在我的Spring應用程序中啓用csrf保護。 我的應用程序上下文的security.xml如下

<?xml version="1.0" encoding="UTF-8"?> 

<beans:beans xmlns="http://www.springframework.org/schema/security" 
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.0.xsd"> 

    <global-method-security secured-annotations="enabled"/> 

    <http disable-url-rewriting="true" auto-config="false" access-decision-manager-ref="accessDecisionManager" entry-point-ref="authenticationEntryPoint"> 
     <intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/> 
     <intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
     <intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/> 
<!-- Enable CSRF protection --> 
     <csrf /> 
    <access-denied-handler ref="accessDeniedHandler"/>   
    </http> 
<!-- Remaining information --> 
</beans:beans> 

我使用Spring 3.0.5罐子爲我的項目。

雖然雖然運行時，我收到以下錯誤

SEVERE: Exception sending context initialized event to listener 
instance of class org.springframework.web.context.ContextLoaderListener 
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: 
nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: 
Invalid content was found starting with element 'csrf'. 
One of 
'{"http://www.springframework.org/schema/security":intercept-url, 
"http://www.springframework.org/schema/security":access-denied-handler, 
"http://www.springframework.org/schema/security":form-login, 
"http://www.springframework.org/schema/security":openid-login, 
"http://www.springframework.org/schema/security":x509, 
"http://www.springframework.org/schema/security":http-basic, 
"http://www.springframework.org/schema/security":logout, 
"http://www.springframework.org/schema/security":session-management, 
"http://www.springframework.org/schema/security":remember-me, 
"http://www.springframework.org/schema/security":anonymous, 
"http://www.springframework.org/schema/security":port-mappings, 
"http://www.springframework.org/schema/security":custom-filter, 
"http://www.springframework.org/schema/security":request-cache}' 
is expected. 

我試圖尋找對谷歌這個錯誤。我發現了幾個類似的地方，但他們都說這個錯誤是由於Spring 3.2+的一些變化造成的。但是，在我的情況下，我正在使用Spring 3.0.5。

任何幫助，將不勝感激。

Answer 1

我覺得CSRF快捷春季安全與版本3.2.0（見blogpost）

也許你應該體諒更新使用Spring版本

Answer 2

從更新後得到了同樣的錯誤介紹
春天3.2.5 4.2.0
春季安全3.1.4至4.0.2

我不得不
0123改變模式位置http://www.springframework.org/schema/security/spring-security.xsd
到
http://www.springframework.org/schema/security/spring-security-4.0.xsd

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
xmlns:osgi="http://www.springframework.org/schema/osgi" xmlns:context="http://www.springframework.org/schema/context" 
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd 
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd 
      http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd 
      http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> 

在你的情況下，<CSRF>元素不會在春季3.0.5存在。
因此，更新至少3.2將是解決方案。