4

我正在将 Java Struts 2 Web 应用程序从 Spring 2.5.x 迁移到 Spring 3.1.x。我正在使用带有所有必要模块的 Spring 3.1.2.RELEASE。我为 Spring Security 配置加载了这个 App Context 文件:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans 
                    http://www.springframework.org/schema/beans/spring-beans.xsd
                    http://www.springframework.org/schema/security 
                    http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <security:http realm="Company" access-decision-manager-ref="accessDecisionManager">
        <security:intercept-url pattern="/drivermaintenance.action" access="ACTION_DRIVER_NUMBER_INQUIRY,ACTION_MAINTAIN_DRIVER_NUMBER" />
        <security:intercept-url pattern="/exceptioncheckin.action" access="ACTION_EXCEPTIONS_INQUIRY" />
        <security:intercept-url pattern="/routesnotcheckedin.action" access="ACTION_ROUTES_NOT_CHECKED_IN_INQUIRY" />
        <security:intercept-url pattern="/checkininquiryfilters.action" access="ACTION_CHECK_IN_INQUIRY" />
        <security:intercept-url pattern="/checkininquirydata.action" access="ACTION_CHECK_IN_INQUIRY" />
        <security:intercept-url pattern="/acceptduplicateroute.action" access="ACTION_ACCEPT_DUPLICATE_ROUTE" />
        <security:intercept-url pattern="/drivercreditinquirydata.action" access="ACTION_DRIVER_CREDITS_INQUIRY" />
        <security:intercept-url pattern="/drivercreditinquirynavigationbaseddata.action" access="ACTION_DRIVER_CREDITS_INQUIRY" />
        <security:intercept-url pattern="/cashtochargeinquirydata.action" access="ACTION_CASH_TO_CHARGE_INVOICES_INQUIRY" />
        <security:intercept-url pattern="/cashtochargeinquiryfilter.action" access="ACTION_CASH_TO_CHARGE_INVOICES_INQUIRY" />
        <security:intercept-url pattern="/exitdrivercheckin.action" access="ACTION_EXIT_CHECKIN_LOGOUT,ACTION_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/routecheckin.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/startnewroutecheckin.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findroute.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/saveroutecheckin.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findcustomerdelivery.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savecustomerdelivery.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findoverage.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/updateoverage.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removeoverage.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/navigatefromoverage.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findcreditpickup.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savecreditpickup.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/finddrivercredit.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/addlineitem.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/updatecredit.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removecredit.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removelineitem.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/creditissuedetails.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findproductdescription.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/creditwholeinvoice.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/canceldrivercredit.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/navigatefromdrivercredit.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findsummarytable.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findtripday.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findtripdescriptiondetails.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savetripday.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/drivercheckin.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savedrivercheckin.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/finddrivercheckin.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removeroutefromcheckin.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removetripfromcheckin.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removeadditionalservicefromcheckin.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removebackhaulfromcheckin.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findadditionalservice.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/saveadditionalservice.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findbalancetime.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savebalancetime.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findbackhaul.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findbackhauldetail.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removebackhaul.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/findbackhaulpolist.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savebackhaul.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/drivercheckinindex.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/newdrivercheckin.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/finddrivercollection.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/savedrivercollection.action" access="ACTION_DRIVER_CHECK_IN,ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/modifypayments.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/modifyprimarypayment.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/shiftamount.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/modifydepositamount.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/retrievecredit.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/addpreviouspayment.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />
        <security:intercept-url pattern="/removepreviouspayment.action" access="ACTION_SAVE_DRIVER_CHECK_IN" />

        <security:http-basic />
        <security:logout logout-url="/logout" logout-success-url="/logout.jsp" />

        <!-- Pages/items that don't require passwords.  It is particularly important that
         the ping page appear here, or the DCI monitoring will break. -->
        <security:intercept-url pattern="/ping.jsp"/>
        <security:intercept-url pattern="/accessDenied.jsp"/>
        <security:intercept-url pattern="/css/**"/>
        <security:intercept-url pattern="/images/**"/>
    </security:http>
</beans>

但是我不断收到这个错误,它说我在其他模式之前定义了一个通用模式,因此其他模式将不匹配......但我没有:

ERROR 2012-11-09 17:10:58,167 [org.apache.catalina.core.ContainerBase.[Catalina].[serverurl.here.com].[/appDir]]: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:469)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4206)
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4705)
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:799)
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779)
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:601)
    at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:943)
    at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:778)
    at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:504)
    at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1317)
    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:324)
    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1065)
    at org.apache.catalina.core.StandardHost.start(StandardHost.java:840)
    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1057)
    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:463)
    at org.apache.catalina.core.StandardService.start(StandardService.java:525)
    at org.apache.catalina.core.StandardServer.start(StandardServer.java:754)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:595)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
    at java.lang.reflect.Method.invoke(Method.java:597)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49)
    at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39)
    at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:151)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
    ... 36 more

我迷路了,任何帮助将不胜感激。

4

3 回答 3

2

关于文档Spring security,你应该试试这个:

  <http pattern="/css/**" security="none"/>
  <http pattern="/login.jsp*" security="none"/>

  <http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login login-page='/login.jsp'/>
  </http>

我的建议是,您应该将以下块放在堆栈的顶部。

    <security:intercept-url pattern="/ping.jsp"/>
    <security:intercept-url pattern="/accessDenied.jsp"/>
    <security:intercept-url pattern="/css/**"/>
    <security:intercept-url pattern="/images/**"/>

    // here comes all other configurations
    <security:intercept-url pattern="/drivermaintenance.action" access="ACTION_DRIVER_NUMBER_INQUIRY,ACTION_MAINTAIN_DRIVER_NUMBER" />
    ....
于 2012-11-09T23:49:16.403 回答
1

好的,经过许多不同的眼睛查看该项目后,看起来它可能是一个依赖冲突问题。最有可能的候选者是我们仍在使用 3.1.2 Spring 版本时导入 spring-security-core-tiger-2.0.7 的地方。我们删除了此依赖项,因为它清理了许多其他依赖项冲突,并且应用程序按应有的方式启动。

谢谢大家的建议。

于 2012-11-12T17:38:22.573 回答
1

请参阅:在过滤器链中的其他模式之前定义了通用匹配模式('/**')

于 2012-11-09T23:35:09.680 回答