81,092
社区成员
发帖
与我相关
我的任务
分享求助大神分析spring security 自定义问题
项目中使用的是 spring security 本机 开发环境 jdk 1.7 tomcat 7 项目编译环境 1.7
可是在启动项目是 总是出现
"org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Cannot resolve reference to bean 'customSecurityFilter' while setting bean property 'filterChainMap' with key [/**] with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customSecurityFilter' defined in class path resource [applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AccessDecisionManager is required
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:378)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:161)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1360)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5118)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5634)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1571)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1561)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customSecurityFilter' defined in class path resource [applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AccessDecisionManager is required
太长省略
Caused by: java.lang.IllegalArgumentException: An AccessDecisionManager is required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:119)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
... 36 more
在网上多方查找无果 ,唯一线索是 1.8开发环境 更换为1.7 可用
因为小弟之前没有接触过spring security 忘大人指教
下方为配置文件关键处 此项目在别人电脑上可以正常运行
<global-method-security pre-post-annotations="enabled">
<!--expression-handler ref="expressionHandler"/-->
</global-method-security>
<http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint">
<!-- 不要过滤图片、css、js等静态资源 -->
<intercept-url pattern="/img/**" filters="none"/>
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/js/**" filters="none"/>
<intercept-url pattern="/services/**" filters="none"/>
<intercept-url pattern="/main" filters="none" />
<intercept-url pattern="/" filters="none" />
<intercept-url pattern="/gmsp/xhktvip/**" filters="none" />
<intercept-url pattern="/gmsp/notifyali" filters="none" />
<intercept-url pattern="/gmsp/returnali" filters="none" />
<intercept-url pattern="/kcgl/tmm" filters="none" />
<intercept-url pattern="/homePage.jsp" filters="none" />
<intercept-url pattern="/index.jsp" filters="none" />
<!-- "记住我"功能,采用持久化策略(将用户的登录信息存放在数据库表中) -->
<!--remember-me data-source-ref="dataSource"/-->
<!--登录过滤器,包含登录成功、登录失败处理-->
<custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"/>
<!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前,实现用户、角色、权限、资源的数据库管理。 -->
<custom-filter ref="customSecurityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<!--退出时的处理-->
<logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/>
<!-- 检测失效的sessionId,超时时定位到另外一个URL -->
<session-management invalid-session-url="/main/timeout" ></session-management>
</http>
<b:bean id="loginFilter" class="com.everstar.base.security.ValidateCodeUsernamePasswordAuthenticationFilter">
<!-- 处理登录的action -->
<b:property name="filterProcessesUrl" value="/j_spring_security_check"></b:property>
<!--鉴定处理(用户名、密码验证)-->
<b:property name="authenticationManager" ref="authenticationManager"></b:property>
<!-- 验证成功后的处理(即登录成功后的处理)-->
<b:property name="authenticationSuccessHandler" ref="successHandler"></b:property>
<!-- 验证失败后的处理(即登录失败后的处理)-->
<b:property name="authenticationFailureHandler" ref="failureHandler"></b:property>
</b:bean>
<!-- 一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性 -->
<b:bean id="customSecurityFilter" class="com.everstar.base.security.CustomFilterSecurityInterceptor">
<!-- 用户名、密码认证 -->
<b:property name="authenticationManager" ref="authenticationManager"/>
<!-- 权限认证 -->
<b:property name="accessDecisionManager" ref="customAccessDecisionManager"/>
<!-- 数据源定义 -->
<b:property name="securityMetadataSource" ref="customSecurityMetadataSource"/>
</b:bean>
<!-- 注意能够为authentication-manager 设置alias别名 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsManager">
<!-- hash="md5" -->
<password-encoder ref="passwordEncoder">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<b:bean id="userDetailsManager" class="com.everstar.base.security.CustomUserDetailsService"/>
<!-- 用户的密码加密或解密 -->
<b:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
<b:bean id="logoutSuccessHandler" class="com.everstar.base.security.SysLogoutSuccessHandler" />
<!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<b:bean id="customAccessDecisionManager" class="com.everstar.base.security.CustomAccessDecisionManager" />
<!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色去访问 -->
<b:bean id="customSecurityMetadataSource" class="com.everstar.base.security.CustomInvocationSecurityMetadataSourceService" />
<b:bean id="successHandler" class="com.everstar.base.security.AuthenticationSuccessHandler">
<b:property name="defaultTargetUrl" value="/main/index"></b:property>
<b:property name="alwaysUseDefaultTargetUrl" value="true"></b:property>
</b:bean>
<b:bean id="failureHandler" class="com.everstar.base.security.AuthenticationFailureHandler">
<b:property name="defaultFailureUrl" value="/main?login_error=true"></b:property>
</b:bean>
<b:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<b:property name="loginFormUrl" value="/"></b:property>
</b:bean>
</b:beans>
可是在启动项目是 总是出现
"org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Cannot resolve reference to bean 'customSecurityFilter' while setting bean property 'filterChainMap' with key [/**] with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customSecurityFilter' defined in class path resource [applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AccessDecisionManager is required
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedMap(BeanDefinitionValueResolver.java:378)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:161)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1360)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1118)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:5118)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5634)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:145)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1571)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1561)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
at java.util.concurrent.FutureTask.run(FutureTask.java:166)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:722)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'customSecurityFilter' defined in class path resource [applicationContext-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: An AccessDecisionManager is required
太长省略
Caused by: java.lang.IllegalArgumentException: An AccessDecisionManager is required
at org.springframework.util.Assert.notNull(Assert.java:112)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:119)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
... 36 more
在网上多方查找无果 ,唯一线索是 1.8开发环境 更换为1.7 可用
因为小弟之前没有接触过spring security 忘大人指教
下方为配置文件关键处 此项目在别人电脑上可以正常运行
<global-method-security pre-post-annotations="enabled">
<!--expression-handler ref="expressionHandler"/-->
</global-method-security>
<http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint">
<!-- 不要过滤图片、css、js等静态资源 -->
<intercept-url pattern="/img/**" filters="none"/>
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/js/**" filters="none"/>
<intercept-url pattern="/services/**" filters="none"/>
<intercept-url pattern="/main" filters="none" />
<intercept-url pattern="/" filters="none" />
<intercept-url pattern="/gmsp/xhktvip/**" filters="none" />
<intercept-url pattern="/gmsp/notifyali" filters="none" />
<intercept-url pattern="/gmsp/returnali" filters="none" />
<intercept-url pattern="/kcgl/tmm" filters="none" />
<intercept-url pattern="/homePage.jsp" filters="none" />
<intercept-url pattern="/index.jsp" filters="none" />
<!-- "记住我"功能,采用持久化策略(将用户的登录信息存放在数据库表中) -->
<!--remember-me data-source-ref="dataSource"/-->
<!--登录过滤器,包含登录成功、登录失败处理-->
<custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"/>
<!-- 增加一个自定义的filter,放在FILTER_SECURITY_INTERCEPTOR之前,实现用户、角色、权限、资源的数据库管理。 -->
<custom-filter ref="customSecurityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
<!--退出时的处理-->
<logout invalidate-session="true" logout-url="/j_spring_security_logout" success-handler-ref="logoutSuccessHandler"/>
<!-- 检测失效的sessionId,超时时定位到另外一个URL -->
<session-management invalid-session-url="/main/timeout" ></session-management>
</http>
<b:bean id="loginFilter" class="com.everstar.base.security.ValidateCodeUsernamePasswordAuthenticationFilter">
<!-- 处理登录的action -->
<b:property name="filterProcessesUrl" value="/j_spring_security_check"></b:property>
<!--鉴定处理(用户名、密码验证)-->
<b:property name="authenticationManager" ref="authenticationManager"></b:property>
<!-- 验证成功后的处理(即登录成功后的处理)-->
<b:property name="authenticationSuccessHandler" ref="successHandler"></b:property>
<!-- 验证失败后的处理(即登录失败后的处理)-->
<b:property name="authenticationFailureHandler" ref="failureHandler"></b:property>
</b:bean>
<!-- 一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性 -->
<b:bean id="customSecurityFilter" class="com.everstar.base.security.CustomFilterSecurityInterceptor">
<!-- 用户名、密码认证 -->
<b:property name="authenticationManager" ref="authenticationManager"/>
<!-- 权限认证 -->
<b:property name="accessDecisionManager" ref="customAccessDecisionManager"/>
<!-- 数据源定义 -->
<b:property name="securityMetadataSource" ref="customSecurityMetadataSource"/>
</b:bean>
<!-- 注意能够为authentication-manager 设置alias别名 -->
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsManager">
<!-- hash="md5" -->
<password-encoder ref="passwordEncoder">
<salt-source user-property="username" />
</password-encoder>
</authentication-provider>
</authentication-manager>
<b:bean id="userDetailsManager" class="com.everstar.base.security.CustomUserDetailsService"/>
<!-- 用户的密码加密或解密 -->
<b:bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" />
<b:bean id="logoutSuccessHandler" class="com.everstar.base.security.SysLogoutSuccessHandler" />
<!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 -->
<b:bean id="customAccessDecisionManager" class="com.everstar.base.security.CustomAccessDecisionManager" />
<!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色去访问 -->
<b:bean id="customSecurityMetadataSource" class="com.everstar.base.security.CustomInvocationSecurityMetadataSourceService" />
<b:bean id="successHandler" class="com.everstar.base.security.AuthenticationSuccessHandler">
<b:property name="defaultTargetUrl" value="/main/index"></b:property>
<b:property name="alwaysUseDefaultTargetUrl" value="true"></b:property>
</b:bean>
<b:bean id="failureHandler" class="com.everstar.base.security.AuthenticationFailureHandler">
<b:property name="defaultFailureUrl" value="/main?login_error=true"></b:property>
</b:bean>
<b:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<b:property name="loginFormUrl" value="/"></b:property>
</b:bean>
</b:beans>
...全文
请发表友善的回复…
发表回复
vict_forward 2017-09-05
- 打赏
- 举报
谢谢,已经跟老大一起解决了,mmp jdk小版本冲突 我使用的17.0.17 后来使用 17.0.67 和 17.0.45 都没有问题。。。正式日了狗了
dzhengt 2017-09-05
- 打赏
- 举报
看着你的配置有点晕,特别是设置不过滤的配置是,你明明都设置<intercept-url pattern="/" filters="none" />,其它的设置还有用吗?这个起不到拦截其他的请求的需求啊.我们用的是security4,网上大部分用的是security3的.
