<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <!-- ENABLE HTTP SECURITY --> <http auto-config="false" access-denied-page="/accessDenied.html"> <!-- INTERCEPT URL FOR RESOURCES ACCESS --> <intercept-url pattern="/admin/" access="hasRole('ADMIN_ROLE')" /> <intercept-url pattern="/users/" access="hasRole('USER_ROLE')" /> <intercept-url pattern="/**" access="permitAll" /> <!-- CUSTOME FILTER --> <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <custom-filter position="FORM_LOGIN_FILTER" ref="AuthFilter" /> <!-- SESSION MANAGEMENT CONFIG --> <session-management session-authentication-strategy-ref="session-management" /> <!-- FORM LOGIN CONFIG --> <form-login login-page="/loginForm" authentication-failure-url="/error.html" default-target-url="/welcome.html" /> <logout logout-success-url="/loggedout.html" invalidate-session="true" /> </http> <!-- SERVICES --> <beans:bean id="customEncoder" class="com.rep.security.CustomPasswordEncoder"></beans:bean> <beans:bean id="customUserService" class="com.rep.security.CustomUserDetailService"></beans:bean> <!-- AUTHENICATION MANAGER CONFIG --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="customUserService"> <password-encoder ref="customEncoder"></password-encoder> </authentication-provider> </authentication-manager> <!-- CONCURRENCY FILEER CONFIG --> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/timeout.html" /> </beans:bean> <beans:bean id="AuthFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <beans:property name="sessionAuthenticationStrategy" ref="session-management" /> <beans:property name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="session-management" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy"> <beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="maximumSessions" value="1" /> </beans:bean> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> </beans:beans>
在jboss上运行应用程序时,我遇到了这个错误
15:40:02,470 ERROR [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 59) Context initialization Failed: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<AuthFilter>' and 'Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factorybeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters,please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
任何人都可以告诉我,我正在关注[Spring Doc ioc] session management的问题配置
解决方法
If you’ve used Spring Security before,you’ll know that the framework
maintains a chain of filters in order to apply its services.The order of the filters is always strictly enforced when using the
namespace. When the application context is being created,the filter
beans are sorted by the namespace handling code and the standard
Spring Security filters each have an alias in the namespace and a
well-known position.
您的< login-form>正在使用带别名FORM_LOGIN_FILTER的过滤器.此外,您还添加了另一个具有相同位置的过滤器(position =“FORM_LOGIN_FILTER”ref =“AuthFilter”).所以你收到错误信息
Filter beans
<AuthFilter>
andRoot bean: class
have the same
[UsernamePasswordAuthenticationFilter]order
value
所以我认为如果你想要两者,你需要改变位置:
<custom-filter after="FORM_LOGIN_FILTER" ref="AuthFilter" />
要么
<custom-filter before="FORM_LOGIN_FILTER" ref="AuthFilter" />