spring-security-samples-preauth-xml 示例未能 运行
spring-security-samples-preauth-xml example fails to run
项目:
https://github.com/spring-projects/spring-security/tree/master/samples/preauth-xml
尝试运行上述项目时,出现以下异常:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#ec8a0ac': Cannot resolve reference to bean 'fsi' while setting constructor argument with key [4]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'fsi' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ROLE_USER, ROLE_SUPERVISOR, ROLE_USER]
XML 错误相关代码:
<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource">
<sec:filter-security-metadata-source>
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:filter-security-metadata-source>
</property>
</bean>
在tomcat6和7上试过运行,还是出现同样的错误。任何提示或帮助将不胜感激。谢谢。
示例未正确迁移到 Spring Security 4。我记录了一个错误(SEC-2966) and fixed it。问题是 Spring Security 4 中的 use-expression 属性已更改默认为真。所以我们需要明确声明为假:
<sec:filter-security-metadata-source use-expressions="false">
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:filter-security-metadata-source>
是的,这就是我面临的问题。但是我使用了 use-expressions="true" 并更改了 access="hasAnyRole('ROLE_USER')" 这不起作用并得到了同样的错误。
我假设当您更改访问权限以使用 hasAnyRole 或 hasRole 时,使用 use-expressions="true" 应该有效。它对我不起作用。
当我更改 use-expressions="false" 然后 access="ROLE_USER"
时它起作用了
奇怪..
谢谢罗布
项目: https://github.com/spring-projects/spring-security/tree/master/samples/preauth-xml
尝试运行上述项目时,出现以下异常:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#ec8a0ac': Cannot resolve reference to bean 'fsi' while setting constructor argument with key [4]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'fsi' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ROLE_USER, ROLE_SUPERVISOR, ROLE_USER]
XML 错误相关代码:
<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="securityMetadataSource">
<sec:filter-security-metadata-source>
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:filter-security-metadata-source>
</property>
</bean>
在tomcat6和7上试过运行,还是出现同样的错误。任何提示或帮助将不胜感激。谢谢。
示例未正确迁移到 Spring Security 4。我记录了一个错误(SEC-2966) and fixed it。问题是 Spring Security 4 中的 use-expression 属性已更改默认为真。所以我们需要明确声明为假:
<sec:filter-security-metadata-source use-expressions="false">
<sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
<sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
<sec:intercept-url pattern="/**" access="ROLE_USER"/>
</sec:filter-security-metadata-source>
是的,这就是我面临的问题。但是我使用了 use-expressions="true" 并更改了 access="hasAnyRole('ROLE_USER')" 这不起作用并得到了同样的错误。
我假设当您更改访问权限以使用 hasAnyRole 或 hasRole 时,使用 use-expressions="true" 应该有效。它对我不起作用。
当我更改 use-expressions="false" 然后 access="ROLE_USER"
时它起作用了奇怪..
谢谢罗布