1

我想SessionManagementFilter用我自己的替换默认值,但我遇到了这个

17:31:32,901 ERROR [[/accounts]] Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<accountsSessionManageFilter>' and 'Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>. Offending resource: ServletContext resource [/WEB-INF/spring-contexts/security.xml]

问题似乎是我正在使用<http>将默认过滤器设置在同一位置的元素/属性。然而,我不是(或者如果我是无意的)。

这是我的安全上下文<http>定义:

<http use-expressions="true" auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">

    <!-- lots of intercept-url definitions (nothing else) -->

    <custom-filter position="SESSION_MANAGEMENT_FILTER" ref="accountsSessionManageFilter"/>
    <custom-filter position="FORM_LOGIN_FILTER" ref="accountsSsoFilter"/>
</http>

.......

<beans:bean id="accountsSessionManageFilter" class="org.springframework.security.web.session.SessionManagementFilter">
    <beans:property name="sessionAuthenticationStrategy" ref="NullAuthenticatedSessionStrategy"/>
</beans:bean>

.......

<bean id="accountsSsoFilter" class="cayetano.core.base.service.impl.spring.filter.SsoUserPassAuthFilter">
    <property name="authenticationManager" ref="ssoAuthManager" />

    <property name="authenticationFailureHandler" ref="relativeLoginFailureHandler" />
    <property name="authenticationSuccessHandler" ref="noopLoginSuccessHandler" />

    <property name="authenticationService" ref="basicAuthenticatorService" />
    <property name="authorityService" ref="userTypeBasedAuthotiryService" />
</bean>

那么为什么 Spring 抱怨我使用了一个<http>使用默认过滤器的元素呢?

文档还指出这<session-management>是唯一<http>使用默认过滤器的元素,还有其他元素吗?

我正在使用 Spring Security 3.0。

谢谢,

4

1 回答 1

3

如果您尝试指定 acustom SESSION_MANAGEMENT_FILTER以便可以更改sessionAuthenticationStrategy默认类/实例的,只需使用session-authentication-strategy-ref属性

<http ...>
    <session-management session-authentication-strategy-ref="NullAuthenticatedSessionStrategy"/>
</http>

这当然假设这NullAuthenticatedSessionStrategy是在上下文中定义的另一个 bean。由于这也是 Spring Security 中的一个类的名称,我认为您真正想要的是:

<http ...>
    <session-management session-authentication-strategy-ref="sessionStrategy"/>
</http>

<bean id="sessionStrategy" class="org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy"/>
于 2012-04-24T15:52:14.480 回答