程序员经验分享-hwhale

如何使用不同的身份验证过滤器配置两个 Spring security http 元素?

2024-02-27

我正在使用 Spring 3.1.1.RELEASE 以及附带的 Spring 安全性。我正在部署到 JBoss 7.1.1.Final 。我想配置两个 http 安全元素,每个元素都有不同的身份验证过滤器。我怎么做?使用下面的 Spring 安全配置,在部署 WAR 时,我收到异常“java.lang.IllegalArgumentException:通用匹配模式 ('/**') 在过滤器链中的其他模式之前定义”。如果我注释掉第二个 http 块(名为“pdSecurity”),则一切都会正常加载。

<http pattern="/activities/**" security="none" />
<http pattern="/audio/**" security="none" />
<http pattern="/bootstrap/**" security="none" />
<http pattern="/bootstrap-editable/**" security="none" />
<http pattern="/css/**" security="none" />
<http pattern="/images/**" security="none" />
<http pattern="/js/**" security="none" />
<http pattern="/resources/**" security="none" />
<http pattern="/temp/**" security="none" />
<http name="defaultSecurity" security-context-repository-ref="subcoSecurityContextRepository"
    auto-config="false" use-expressions="true" authentication-manager-ref="authenticationManager"
    access-denied-page="/denied" entry-point-ref="loginUrlAuthenticationEntryPoint">
    <custom-filter position="FORM_LOGIN_FILTER"
        ref="subcoUsernamePasswordUrlAuthenticationFilter" />
    <intercept-url pattern="/login" access="permitAll" />
    <intercept-url pattern="/logout" access="permitAll" />
    <intercept-url pattern="/denied" access="isAuthenticated()" />
    <intercept-url pattern="/welcome" access="permitAll" />
    <intercept-url pattern="/authenticate" access="permitAll" />
    <intercept-url pattern="/user"
        access="hasAnyRole('User','Administrator')" />
    <intercept-url pattern="/landing"
        access="hasAnyRole('User','Student','Teacher','Administrator')" />
    <intercept-url pattern="/book/*"
        access="hasAnyRole('User','Student','Teacher','Administrator')" />
    <intercept-url pattern="/admin" access="hasRole('Administrator')" />
    <intercept-url pattern="/admin/*" access="hasRole('Administrator')" />
    <intercept-url pattern="/getResource" access="hasAnyRole('Student','Teacher','Administrator')" />
    <logout invalidate-session="true" logout-success-url="/logout"
        logout-url="/j_spring_security_logout" />
</http>

<!--  Reg controller for PD -->
<http name="pdSecurity" auto-config="false" use-expressions="true" authentication-manager-ref="authenticationManager" access-denied-page="/denied" entry-point-ref="loginUrlAuthenticationEntryPoint">
    <custom-filter position="FORM_LOGIN_FILTER" ref="pdUsernamePasswordUrlAuthenticationFilter"/>
    <intercept-url pattern="/pdregistration/regfailure" access="hasAnyRole('Teacher')"/>
    <intercept-url pattern="/pdregistration/regsuccess" access="hasAnyRole('Teacher')"/>
    <logout invalidate-session="true" 
        logout-success-url="/logout" 
        logout-url="/j_spring_security_logout" />
</http>

这是例外……

08:52:23,730 ERROR [org.springframework.web.context.ContextLoader] (MSC service thread 1-5) Context initialization failed: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913) [spring-context-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464) [spring-context-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:385) [spring-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:284) [spring-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111) [spring-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3392) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3850) [jbossweb-7.0.13.Final.jar:]
    at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [classes.jar:1.6.0_37]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [classes.jar:1.6.0_37]
    at java.lang.Thread.run(Thread.java:680) [classes.jar:1.6.0_37]
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49) [spring-security-config-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39) [spring-security-config-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:149) [spring-security-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    ... 20 more

08:52:23,742 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/myproject]] (MSC service thread 1-5) Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913) [spring-context-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464) [spring-context-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:385) [spring-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:284) [spring-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111) [spring-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.apache.catalina.core.StandardContext.contextListenerStart(StandardContext.java:3392) [jbossweb-7.0.13.Final.jar:]
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:3850) [jbossweb-7.0.13.Final.jar:]
    at org.jboss.as.web.deployment.WebDeploymentService.start(WebDeploymentService.java:90) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
    at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
    at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [classes.jar:1.6.0_37]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [classes.jar:1.6.0_37]
    at java.lang.Thread.run(Thread.java:680) [classes.jar:1.6.0_37]
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49) [spring-security-config-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39) [spring-security-config-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:149) [spring-security-web-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452) [spring-beans-3.1.1.RELEASE.jar:3.1.1.RELEASE]
    ... 20 more

在第二个<http>元素(名为 pdSecurity)使用pattern属性:<http pattern='/pdregistration/*'...,并将其移到“defaultSecurity” 元素之前。

根据Spring 安全文档 http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html#ns-form-and-basic:

从 Spring Security 3.1 开始,现在可以使用多个 http 元素为不同的请求模式定义单独的安全过滤器链配置。如果 http 元素中省略了pattern 属性,则它会匹配所有请求。

...以及关于多个的另一个相关部分<http>元素here http://docs.spring.io/spring-security/site/docs/3.1.x/reference/security-filter-chain.html#filter-chains-with-ns:

每个元素在内部 FilterChainProxy 中创建一个过滤器链以及应映射到它的 URL 模式。元素将按照声明的顺序添加,因此必须首先声明最具体的模式。

本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)

Spring

security

configuration

SpringSecurity

如何使用不同的身份验证过滤器配置两个 Spring security http 元素? 的相关文章

随机推荐

热门标签