【问题标题】:spring-security-samples-preauth-xml example fails to runspring-security-samples-preauth-xml 示例无法运行
【发布时间】:2015-07-17 22:54:08
【问题描述】:

项目: https://github.com/spring-projects/spring-security/tree/master/samples/preauth-xml

在尝试运行上述项目时,出现以下异常:

Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#ec8a0ac': Cannot resolve reference to bean 'fsi' while setting constructor argument with key [4]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'fsi' defined in ServletContext resource [/WEB-INF/applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ROLE_USER, ROLE_SUPERVISOR, ROLE_USER]

与错误相关的XML代码:

<bean id="fsi" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="authenticationManager" ref="authenticationManager"/>
        <property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
        <property name="securityMetadataSource">
            <sec:filter-security-metadata-source>
                <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
                <sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
                <sec:intercept-url pattern="/**" access="ROLE_USER"/>
            </sec:filter-security-metadata-source>
        </property>
    </bean>

尝试在tomcat 6和7上运行它,出现同样的错误。任何提示或帮助将不胜感激。谢谢。

【问题讨论】:

    标签: java xml spring spring-security


    【解决方案1】:

    是的,这就是我面临的问题。但是我做了 use-expressions="true" 并更改了 access="hasAnyRole('ROLE_USER')" 这不起作用并得到了同样的错误。

    我认为当您将访问权限更改为使用 hasAnyRole 或 hasRole 时,使用 use-expressions="true" 应该可以工作。它对我不起作用。

    当我更改了 use-expressions="false" 然后 access="ROLE_USER"

    奇怪..

    谢谢罗伯

    【讨论】:

      【解决方案2】:

      示例未正确迁移到 Spring Security 4。我记录了一个错误 (SEC-2966) 和 fixed it。问题是 Spring Security 4 中的 use-expression 属性默认更改为 true。所以我们需要明确声明为假:

      <sec:filter-security-metadata-source use-expressions="false">
          <sec:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
          <sec:intercept-url pattern="/secure/**" access="ROLE_USER"/>
          <sec:intercept-url pattern="/**" access="ROLE_USER"/>
      </sec:filter-security-metadata-source>
      

      【讨论】:

      • 谢谢你,罗布。以为我要疯了一秒钟!
      • 好答案,对我也有帮助
      猜你喜欢
      • 2013-05-03
      • 2012-05-24
      • 1970-01-01
      • 2017-04-01
      • 2012-03-13
      • 2014-08-06
      • 2015-08-18
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多