Spring Security 4. 指定访问决策管理器时出现异常
Posted
技术标签:
【中文标题】Spring Security 4. 指定访问决策管理器时出现异常【英文标题】:Spring Security 4. Exception when specifying access decision manager 【发布时间】:2015-12-07 07:35:06 【问题描述】:我在我的 Java 项目中使用 Spring Security 4。当我在 http 元素中指定标签 access-decision-manager-ref 时,我有这个异常:
org.springframework.beans.factory.BeanCreationException:创建名为“org.springframework.security.filterChains”的bean时出错:设置bean属性时无法解析对bean“org.springframework.security.web.DefaultSecurityFilterChain#0”的引用'sourceList' 键为 [0];嵌套异常是 org.springframework.beans.factory.BeanCreationException:创建名为 'org.springframework.security.web.DefaultSecurityFilterChain#0' 的 bean 时出错:无法解析对 bean 'org.springframework.security.web.access.intercept 的引用。 FilterSecurityInterceptor#0' 同时使用键 [13] 设置构造函数参数;嵌套异常是 org.springframework.beans.factory.BeanCreationException:创建名为 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' 的 bean 时出错:调用 init 方法失败;嵌套异常是 java.lang.IllegalArgumentException:不支持的配置属性:[hasRole('ADMIN')]
这是我的xml配置文件:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"
use-expressions="true">
<security:intercept-url pattern="/admin/*"
access="hasRole('ADMIN')" />
<security:remember-me key="terror-key" />
<security:logout delete-cookies="JSESSIONID"
success-handler-ref="logoutRedirectToAny" />
<security:form-login login-page="/custom_login"
authentication-failure-handler-ref="serverErrorHandler" />
</security:http>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
<security:authentication-manager>
<security:authentication-provider
user-service-ref="inMemoryUserServiceWithCustomUser" />
</security:authentication-manager>
<bean id="inMemoryUserServiceWithCustomUser"
class="com.apress.pss.terrormovies.spring.CustomInMemoryUserDetailsManager">
<constructor-arg>
<list>
<bean class="com.apress.pss.terrormovies.model.User">
<constructor-arg value="admin" />
<constructor-arg value="admin" />
<constructor-arg>
<list>
<bean
class="org.springframework.security.core.authority.SimpleGrantedAuthority">
<constructor-arg value="ROLE_ADMIN" />
</bean>
</list>
</constructor-arg>
<constructor-arg value="Scarioni" />
</bean>
</list>
</constructor-arg>
</bean>
<bean id="logoutRedirectToAny"
class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<property name="targetUrlParameter" value="redirectTo" />
</bean>
<bean id="serverErrorHandler" class="com.apress.pss.terrormovies.security.ServerErrorFailureHandler"/>
</beans>
【问题讨论】:
【参考方案1】:如果你想使用带有自定义 AccessDecisionManager 的表达式,你还需要一个表达式投票器,例如。
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<constructor-arg>
<list>
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
【讨论】:
以上是关于Spring Security 4. 指定访问决策管理器时出现异常的主要内容,如果未能解决你的问题,请参考以下文章
Spring Security 4. 指定访问决策管理器时出现异常
Spring Security应用开发(15)层次化角色体系
spring security3.1升级到4.1问题访问/j_spring_security_check 404
Spring Security入门(3-5)Spring Security 的鉴权 - 决策管理器和投票器