那些遇到过的问题

小编Ali*_*ina的帖子

Could not autowire field:private org.springframework.security.crypto.password.PasswordEncoder;

I'm migrating to spring security 4.0.1 using java config instead of xml. When I autowire PasswordEncoder, it gives me the following error:

HTTP Status 500 - org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.UsersComponent': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.springframework.security.crypto.password.PasswordEncoder com.car.component.impl.UsersComponentImpl.passwordEncoder; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.crypto.password.PasswordEncoder] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}

我将发布我的所有配置文件.我不知道我哪里错了. …

java spring spring-security

Ali*_*ina
2015 12-17
8
推荐指数
2
解决办法
1万
查看次数

HTTP状态403 - 未找到预期的CSRF令牌.你的会话已经过期了吗?

我正在使用spring security 4.0.1.我一登录,就会显示我的仪表板.当我点击某些内容时,它会给我以下错误页面:

HTTP状态403 - 未找到预期的CSRF令牌.你的会话已经过期了吗?

我已经对它进行了一些研究,它说我需要添加这个http.csrf().disable().我无法添加它,因为它告诉我该方法并且未定义类型httpsecurity.

请在下面找到配置代码: 

 @Configuration
 @EnableWebSecurity
 public class SecurityConfiguration extends WebSecurityConfigurerAdapter {


    @Autowired
    @Qualifier("userDetailsServiceImpl")
    UserDetailsService userDetailsService;

    @Autowired
    SuccessHandler successHandler;

    @Autowired
    FailureHandler failureHandler;


    @Autowired
     public void configureGlobalSecurity(AuthenticationManagerBuilder auth)   throws Exception {
    ShaPasswordEncoder encoder = new ShaPasswordEncoder();
    auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
    }

@Override
protected void configure(HttpSecurity http) throws Exception {

  http.authorizeRequests()
    .antMatchers("/login.xhtml").permitAll()
    .antMatchers("/pages/**").access("isAuthenticated()")
    .antMatchers("/run**").access("isAuthenticated()")
    .and().formLogin().loginProcessingUrl("/login").loginPage("/login.xhtml")
    .successHandler(successHandler)
    .failureHandler(failureHandler).defaultSuccessUrl("/pages/dashboard.xhtml")
    .usernameParameter("username")
    .passwordParameter("password")
    .and().sessionManagement().maximumSessions(2).maxSessionsPreventsLogin(true);
  }
 }
Run Code Online (Sandbox Code Playgroud)

Login.xhtml

  <!DOCTYPE html>
  <f:view>
   <h:head>
    <meta http-equiv="content-type" content="text/html; charset=UTF-8" />
    </script><script src="js/jquery-1.js"></script>
    <script src="js/adpacks-demo.js" type="text/javascript"></script>
    <script src="js/bsa.js" type="text/javascript"></script>

   </h:head> …
Run Code Online (Sandbox Code Playgroud)

java spring spring-security

Ali*_*ina
2015 12-31
7
推荐指数
1
解决办法
2万
查看次数

使会话弹簧安全无效

我的Web应用程序使用spring security在登录时对用户进行身份验证.我还有并发控制,以避免用户在不同的机器上登录两次.这工作正常但我的问题是:如果用户登录计算机,则关闭浏览器.然后他重新打开网络应用程序,尝试再次登录,他获得以下消息:"超出此主数的最大会话数为1".我想在浏览器关闭时使会话无效.我怎样才能做到这一点?

弹簧security.xml文件

       <?xml version="1.0" encoding="UTF-8"?>
          <beans xmlns="http://.   www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/.    XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
                       http://www.springframework.org/schema/beans/spring-beans.xsd
                       http://www.springframework.org/schema/security
                       http://www.springframework.org/schema/security/.  spring-security-3.1.xsd">

  <security:global-method-security
        secured-annotations="enabled" />

  <security:http auto-config="false"
        authentication-manager-ref="authenticationManager" use-expressions="true">
        <!-- Override default login and logout pages -->
        <security:form-login
              authentication-failure-handler-ref="fail"
              authentication-success-handler-ref="success" login-page="/car/login.xhtml"
              default-target-url="/jsf/car/home.xhtml" />
        <security:logout invalidate-session="true"
              logout-url="/j_spring_security_logout" success-handler-ref="customLogoutHandler" delete-cookies="JSESSIONID"/>
        <security:session-management>
              <security:concurrency-control
                    max-sessions="1" error-if-maximum-exceeded="true" />
        </security:session-management>
        <security:intercept-url pattern="/jsf/**"
              access="isAuthenticated()" />
        <security:intercept-url pattern="/run**"
              access="isAuthenticated()" />
        <security:intercept-url pattern="/pages/login.xhtml"
              access="permitAll" />
  </security:http>

  <bean id="success" class="com.car.LoginSuccess" />

  <bean id="fail" class="com.car.LoginFailed">
        <property name="defaultFailureUrl" value="/?login_error=true" />
  </bean>
  <bean id="passwordEncoder"
        class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />

  <security:authentication-manager alias="authenticationManager"> …
Run Code Online (Sandbox Code Playgroud)

java spring-security jsf-2

Ali*_*ina
2016 06-16
1
推荐指数
1
解决办法
1万
查看次数

标签 统计

java ×3

spring-security ×3

spring ×2

jsf-2 ×1