java – Spring安全配置错误:bean具有相同的’order’值

前端之家收集整理的这篇文章主要介绍了java – Spring安全配置错误:bean具有相同的’order’值前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。
我有一个Web应用程序,我在其中实现 spring security,我的spring-security.xml是
<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <!-- ENABLE HTTP SECURITY -->
    <http auto-config="false" access-denied-page="/accessDenied.html">

        <!-- INTERCEPT URL FOR RESOURCES ACCESS -->
        <intercept-url pattern="/admin/" access="hasRole('ADMIN_ROLE')" />
        <intercept-url pattern="/users/" access="hasRole('USER_ROLE')" />
        <intercept-url pattern="/**" access="permitAll" />

        <!-- CUSTOME FILTER -->
        <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
        <custom-filter position="FORM_LOGIN_FILTER" ref="AuthFilter" />

        <!-- SESSION MANAGEMENT CONFIG -->
        <session-management
            session-authentication-strategy-ref="session-management" />

        <!-- FORM LOGIN CONFIG -->
        <form-login login-page="/loginForm"
            authentication-failure-url="/error.html" default-target-url="/welcome.html" />
        <logout logout-success-url="/loggedout.html"
            invalidate-session="true" />
    </http>
    <!-- SERVICES  -->
    <beans:bean id="customEncoder" class="com.rep.security.CustomPasswordEncoder"></beans:bean>
    <beans:bean id="customUserService" class="com.rep.security.CustomUserDetailService"></beans:bean>

    <!-- AUTHENICATION MANAGER CONFIG -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="customUserService">
            <password-encoder ref="customEncoder"></password-encoder>
        </authentication-provider>
    </authentication-manager>

    <!-- CONCURRENCY FILEER CONFIG -->
    <beans:bean id="concurrencyFilter"
        class="org.springframework.security.web.session.ConcurrentSessionFilter">
        <beans:property name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="expiredUrl" value="/timeout.html" />
    </beans:bean>

    <beans:bean id="AuthFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <beans:property name="sessionAuthenticationStrategy"
            ref="session-management" />
        <beans:property name="authenticationManager" ref="authenticationManager" />
    </beans:bean>

    <beans:bean id="session-management"
        class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
        <beans:constructor-arg name="sessionRegistry"
            ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="1" />
    </beans:bean>

    <beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl" />
</beans:beans>

在jboss上运行应用程序时,我遇到了这个错误

15:40:02,470 ERROR [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 59) Context initialization Failed: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<AuthFilter>' and 'Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factorybeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters,please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.

任何人都可以告诉我,我正在关注[Spring Doc ioc] session management的问题配置

解决方法

你应该阅读 4.3.6. Adding in Your Own FiltersTable 1. Standard Filter Aliases and Ordering

If you’ve used Spring Security before,you’ll know that the framework
maintains a chain of filters in order to apply its services.

The order of the filters is always strictly enforced when using the
namespace. When the application context is being created,the filter
beans are sorted by the namespace handling code and the standard
Spring Security filters each have an alias in the namespace and a
well-known position.

您的< login-form>正在使用带别名FORM_LOGIN_FILTER的过滤器.此外,您还添加了另一个具有相同位置的过滤器(position =“FORM_LOGIN_FILTER”ref =“AuthFilter”).所以你收到错误信息

Filter beans <AuthFilter> and Root bean: class
[UsernamePasswordAuthenticationFilter]
have the same order value

所以我认为如果你想要两者,你需要改变位置:

<custom-filter after="FORM_LOGIN_FILTER" ref="AuthFilter" />

要么

<custom-filter before="FORM_LOGIN_FILTER" ref="AuthFilter" />

猜你在找的Java相关文章