设置Spring Security:从元素'security:http'开始发现无效内容
Tim*_*m B 2 java spring spring-security
我正在尝试配置这里找到的spring-security,并且似乎已经限制了我对XML文件如何工作的理解.
按照说明我已经向applicationContext.xml添加了spring security,如下所示:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:security="http://www.springframework.org/schema/security">
那一步部署得很好.
然后我去了web.xml并添加了:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
那仍然很好.
然后我尝试添加
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
其中我也尝试过
<security:http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
在这两种情况下,当我尝试部署应用程序时,我看到了一个错误:
Error occurred during deployment: Exception while deploying the app [OmegaRM] : org.xml.sax.SAXParseException; lineNumber: 53; columnNumber: 39; Deployment descriptor file WEB-INF/web.xml in archive [web]. cvc-complex-type.2.4.a: Invalid content was found starting with element 'security:http'. One of '{"http://xmlns.jcp.org/xml/ns/javaee":module-name, "http://xmlns.jcp.org/xml/ns/javaee":description, "http://xmlns.jcp.org/xml/ns/javaee":display-name, "http://xmlns.jcp.org/xml/ns/javaee":icon, "http://xmlns.jcp.org/xml/ns/javaee":distributable, "http://xmlns.jcp.org/xml/ns/javaee":context-param, "http://xmlns.jcp.org/xml/ns/javaee":filter, "http://xmlns.jcp.org/xml/ns/javaee":filter-mapping, "http://xmlns.jcp.org/xml/ns/javaee":listener, "http://xmlns.jcp.org/xml/ns/javaee":servlet, "http://xmlns.jcp.org/xml/ns/javaee":servlet-mapping, "http://xmlns.jcp.org/xml/ns/javaee":session-config, "http://xmlns.jcp.org/xml/ns/javaee":mime-mapping, "http://xmlns.jcp.org/xml/ns/javaee":welcome-file-list, "http://xmlns.jcp.org/xml/ns/javaee":error-page, "http://xmlns.jcp.org/xml/ns/javaee":jsp-config, "http://xmlns.jcp.org/xml/ns/javaee":security-constraint, "http://xmlns.jcp.org/xml/ns/javaee":login-config, "http://xmlns.jcp.org/xml/ns/javaee":security-role, "http://xmlns.jcp.org/xml/ns/javaee":env-entry, "http://xmlns.jcp.org/xml/ns/javaee":ejb-ref, "http://xmlns.jcp.org/xml/ns/javaee":ejb-local-ref, "http://xmlns.jcp.org/xml/ns/javaee":service-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-env-ref, "http://xmlns.jcp.org/xml/ns/javaee":message-destination-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-context-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-unit-ref, "http://xmlns.jcp.org/xml/ns/javaee":post-construct, "http://xmlns.jcp.org/xml/ns/javaee":pre-destroy, "http://xmlns.jcp.org/xml/ns/javaee":data-source, "http://xmlns.jcp.org/xml/ns/javaee":jms-connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":jms-destination, "http://xmlns.jcp.org/xml/ns/javaee":mail-session, "http://xmlns.jcp.org/xml/ns/javaee":connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":administered-object, "http://xmlns.jcp.org/xml/ns/javaee":message-destination, "http://xmlns.jcp.org/xml/ns/javaee":locale-encoding-mapping-list, "http://xmlns.jcp.org/xml/ns/javaee":deny-uncovered-http-methods, "http://xmlns.jcp.org/xml/ns/javaee":absolute-ordering}' is expected.. Please see server.log for more details.
我不明白我在配置中缺少什么来显示此错误.我已经尝试为标签添加安全性,如下所示,它没有任何区别:
<web-app version="3.1"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
我确实发现了同样的错误:
那里推荐的解决方案是使用我已经尝试过的安全命名空间.
所以我的问题是,是否有人知道我在这里做错了吗?
如果可能的话,我也非常感谢有关如何确定Spring中哪些文件的配置以及它们如何粘合在一起的链接和/或更一般的解释!到目前为止,我已经运行了一些应用程序,但我不觉得我正确地理解了我为使它们工作所做的一切!
我已将以下JAR添加到项目库中:
您也url-intercept需要安全命名空间.
<security:intercept-url pattern="/**" access="ROLE_USER" />
如果您的安全配置在其自己的应用程序配置xml中,则可以使用安全性作为默认命名空间,从而避免必须为所有内容添加前缀security:.例如:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config='true'>
<intercept-url pattern="/**" access="ROLE_USER" />
</http>
...
</beans:beans>
然后从主应用程序配置中,您可以导入安全配置.例如,假设您的安全配置是名称security-application-config.xml,您可以像这样导入它.
//in your application-config.xml
<import resource="security-application-config.xml"/>
<import resource="mongo-application-config.xml"/>
| 归档时间: |
|
| 查看次数: |
9223 次 |
| 最近记录: |