如何解决 Spring Security 配置

Posted

技术标签:

【中文标题】如何解决 Spring Security 配置【英文标题】:How can I solve Spring Security config 【发布时间】:2015-10-10 13:18:21 【问题描述】:

我想将 spring-Security 集成到 myapp(我使用 Spring MVC)

我无法理解这些问题:

cvc-complex-type.2.3: Element 'beans:beans' cannot have character [children], because the type's content type is element-only.

cvc-complex-type.2.3: Element 'http' cannot have character [children], because the type's content type is element-only.

cvc-complex-type.2.3: Element 'session-management' cannot have character [children], because the type's content type is element-only.

cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'autentication-manager'.

下面是 XML 配置。

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns="http://www.springframework.org/schema/security" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    xsi:schemaLocation="http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd
          http://www.springframework.org/schema/beans              
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd">

   <!-- Global Security Settings -->
   <global-method-security pre-post-annotations="enabled" />

   <http auto-config="true">
      <session-management invalid-session-url="/login?time=1">
         <concurrency-control max-sessions="1" expired-url="/login?time=1" />
      </session-management>
      <form-login login-page="/login" login-processing-url="/login.do" default-target-url="/home" always-use-default-target="true" authentication-failure-url="/login?err=1" username-parameter="username" password-parameter="password" />
      <logout logout-url="/logout" logout-success-url="/login?out=1" delete-cookies="JSESSIONID" invalidate-session="true" />
      <intercept-url requires-channel="https" pattern="/login*" access="permitAll" />
      <intercept-url requires-channel="https" pattern="/home/**" access="hasRole('10000_10000')" />
   </http>

   <!-- Authentication Providers for Form Login -->
   <autentication-manager alias="authenticationManager">
      <authentication-provider user-service-ref="LoginService">
         <password-encoder ref="passwordEncoder" />
      </authentication-provider>
   </autentication-manager>

   <!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database -->
   <beans:bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />

   <!-- A custom service where Spring will retrieve users and their corresponding access levels  -->
   <beans:bean id="LoginService" class="com.pfe.service.imp.LoginServiceImp" />
   <!-- ADD THE DATASOURCES HERE -->
</beans:beans>

下面是异常堆栈跟踪。

GRAVE: Exception lors de l'envoi de l'évènement contexte initialisé (context initialized) à l'instance de classe d'écoute (listener) org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 24 in XML document from ServletContext resource [/WEB-INF/security-config.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 24; columnNumber: 29; cvc-complex-type.2.3 : L'élément 'session-management' ne doit comporter aucun enfant ([children]) de type caractère, car le type porte le type de contenu "element-only".
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:396)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
    at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
    at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:522)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:436)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5016)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5528)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)
Caused by: org.xml.sax.SAXParseException; lineNumber: 24; columnNumber: 29; cvc-complex-type.2.3 : L'élément 'session-management' ne doit comporter aucun enfant ([children]) de type caractère, car le type porte le type de contenu "element-only".
    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(Unknown Source)
    at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.elementLocallyValidComplexType(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.elementLocallyValidType(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.processElementContent(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleEndElement(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.endElement(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanEndElement(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(Unknown Source)
    at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(Unknown Source)
    at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(Unknown Source)
    at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:75)
    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:388)
    ... 22 more

juil. 21, 2015 8:35:43 AM org.apache.catalina.core.StandardContext startInternal
GRAVE: One or more listeners failed to start. Full details will be found in the appropriate container log file
juil. 21, 2015 8:35:43 AM org.apache.catalina.core.StandardContext startInternal
GRAVE: Erreur de démarrage du contexte [/TRyGED] suite aux erreurs précédentes
juil. 21, 2015 8:35:43 AM org.apache.catalina.core.ApplicationContext log
INFOS: Closing Spring root WebApplicationContext
juil. 21, 2015 8:35:43 AM org.apache.catalina.core.StandardContext listenerStop
GRAVE: Exception lors de l'envoi de l'évènement contexte détruit (context destroyed) à l'instance de classe d'écoute org.springframework.web.context.ContextLoaderListener
java.lang.IllegalStateException: BeanFactory not initialized or already closed - call 'refresh' before accessing beans via the ApplicationContext
    at org.springframework.context.support.AbstractRefreshableApplicationContext.getBeanFactory(AbstractRefreshableApplicationContext.java:172)
    at org.springframework.context.support.AbstractApplicationContext.destroyBeans(AbstractApplicationContext.java:1066)
    at org.springframework.context.support.AbstractApplicationContext.doClose(AbstractApplicationContext.java:1040)
    at org.springframework.context.support.AbstractApplicationContext.close(AbstractApplicationContext.java:988)
    at org.springframework.web.context.ContextLoader.closeWebApplicationContext(ContextLoader.java:541)
    at org.springframework.web.context.ContextLoaderListener.contextDestroyed(ContextLoaderListener.java:142)
    at org.apache.catalina.core.StandardContext.listenerStop(StandardContext.java:5063)
    at org.apache.catalina.core.StandardContext.stopInternal(StandardContext.java:5723)
    at org.apache.catalina.util.LifecycleBase.stop(LifecycleBase.java:232)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:160)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1575)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1565)
    at java.util.concurrent.FutureTask.run(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
    at java.lang.Thread.run(Unknown Source)

【问题讨论】:

能否请您发布您的安全 XML 配置文件内容? 【参考方案1】:

一旦对 XML 文件进行了不正确的解析,就会弹出此类错误。 Eclipse 尝试验证这些文件并给出 cvc-complex-type.2.3 错误。

如果您从某处复制了这些配置,则可能会在空格、换行符和不同位置之间出现一些不可见的奇怪字符。

尝试从文件中删除所有空格和换行符/回车符并保存文件。

如果您在 Linux 环境下工作,那么下面的命令将在您的 XML 配置中检测这些不可见的字符,这些字符可能会导致问题。

cat -v /path/to/file-name.xml

您还可以使用任何高级文本编辑器,如 BBEdit、NotePad++ 等来检测这些字符。

【讨论】:

是的! ,我重写文件 能否请您将此答案标记为正确答案?

以上是关于如何解决 Spring Security 配置的主要内容,如果未能解决你的问题,请参考以下文章

如何使用 Spring-Security 3 和 Hibernate 4 将 spring security xml 配置 hibernate 转换为 java config

如何在 Spring WebFlux Security(Reactive Spring Security)配置中将多个用户角色添加到单个 pathMatcher/Route?

如何在 Spring Boot 中使用 Spring Security 配置 CORS? [复制]

如何使用 spring-security-saml2 配置服务提供者以使用 EncryptedAssertions?

如何配置 Spring Security SAML 以与 Okta 一起使用?

如何使用 Spring Security SAML 配置远程发现?