【发布时间】:2015-06-24 13:41:44
【问题描述】:
我正在尝试为 jboss 设置一个 spring 安全命名空间,但是每次我尝试启动服务器时,我都会收到错误
安全命名空间不支持元素装饰 [过滤器链]
代码如下:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<security:global-method-security secured-annotations="enabled"/>
<bean xml:id="customSecurityFilter" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain pattern="/login.jsp*" filters="none"/>
<security:filter-chain pattern="/MaintenanceLogin.jsp*" filters="none"/>
<security:filter-chain pattern="/PortalLogin.jsp*" filters="none"/>
</bean>
<security:http>
<security:custom-filter ref="customSecurityFilter" before="FIRST"/>
<!-- Override default login and logout pages -->
<security:form-login login-page="/login.jsp"
default-target-url="/DisplayAlerts.action"
authentication-failure-url="/login.jsp?login_error=1" />
<security:logout logout-url="/j_spring_security_logout" logout-success-url="/login.jsp" />
</security:http>
请帮忙
【问题讨论】:
-
只需添加多个
<security:http />元素而不是filter-chains。添加<security:http pattern="/login.jsp" security="none" />或通过指定<security:intercept-url pattern="/login.jsp" access="permitAll" />简单地允许所有对这些URL 的访问。你把它弄得太复杂了。 -
执行上述任一操作都会导致
Security namespace does not support decoration of element [filter-chain]错误 -
你当然要删除自定义过滤器...
-
我不能直接删除它。必须有自定义过滤器才能访问登录页面,而无需先登录。
-
是的,你可以...这就是我告诉你要添加的配置的重点。
标签: spring security spring-security