java – Spring安全配置错误:bean具有相同的’order’值

我有一个Web应用程序,我在其中实现 spring security,我的spring-security.xml是
<?xml version="1.0" encoding="UTF-8"?>

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
                        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security
                        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <!-- ENABLE HTTP SECURITY -->
    <http auto-config="false" access-denied-page="/accessDenied.html">

        <!-- INTERCEPT URL FOR RESOURCES ACCESS -->
        <intercept-url pattern="/admin/" access="hasRole('ADMIN_ROLE')" />
        <intercept-url pattern="/users/" access="hasRole('USER_ROLE')" />
        <intercept-url pattern="/**" access="permitAll" />

        <!-- CUSTOME FILTER -->
        <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
        <custom-filter position="FORM_LOGIN_FILTER" ref="AuthFilter" />

        <!-- SESSION MANAGEMENT CONFIG -->
        <session-management
            session-authentication-strategy-ref="session-management" />

        <!-- FORM LOGIN CONFIG -->
        <form-login login-page="/loginForm"
            authentication-failure-url="/error.html" default-target-url="/welcome.html" />
        <logout logout-success-url="/loggedout.html"
            invalidate-session="true" />
    </http>
    <!-- SERVICES  -->
    <beans:bean id="customEncoder" class="com.rep.security.CustomPasswordEncoder"></beans:bean>
    <beans:bean id="customUserService" class="com.rep.security.CustomUserDetailService"></beans:bean>

    <!-- AUTHENICATION MANAGER CONFIG -->
    <authentication-manager alias="authenticationManager">
        <authentication-provider user-service-ref="customUserService">
            <password-encoder ref="customEncoder"></password-encoder>
        </authentication-provider>
    </authentication-manager>

    <!-- CONCURRENCY FILEER CONFIG -->
    <beans:bean id="concurrencyFilter"
        class="org.springframework.security.web.session.ConcurrentSessionFilter">
        <beans:property name="sessionRegistry" ref="sessionRegistry" />
        <beans:property name="expiredUrl" value="/timeout.html" />
    </beans:bean>

    <beans:bean id="AuthFilter"
        class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
        <beans:property name="sessionAuthenticationStrategy"
            ref="session-management" />
        <beans:property name="authenticationManager" ref="authenticationManager" />
    </beans:bean>

    <beans:bean id="session-management"
        class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
        <beans:constructor-arg name="sessionRegistry"
            ref="sessionRegistry" />
        <beans:property name="maximumSessions" value="1" />
    </beans:bean>

    <beans:bean id="sessionRegistry"
        class="org.springframework.security.core.session.SessionRegistryImpl" />
</beans:beans>

在jboss上运行应用程序时,我遇到了这个错误

15:40:02,470 ERROR [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 59) Context initialization Failed: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<AuthFilter>' and 'Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factorybeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters,please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.

任何人都可以告诉我,我正在关注[Spring Doc ioc] session management的问题配置

解决方法

你应该阅读 4.3.6. Adding in Your Own FiltersTable 1. Standard Filter Aliases and Ordering

If you’ve used Spring Security before,you’ll know that the framework
maintains a chain of filters in order to apply its services.

The order of the filters is always strictly enforced when using the
namespace. When the application context is being created,the filter
beans are sorted by the namespace handling code and the standard
Spring Security filters each have an alias in the namespace and a
well-known position.

您的< login-form>正在使用带别名FORM_LOGIN_FILTER的过滤器.此外,您还添加了另一个具有相同位置的过滤器(position =“FORM_LOGIN_FILTER”ref =“AuthFilter”).所以你收到错误信息

Filter beans <AuthFilter> and Root bean: class
[UsernamePasswordAuthenticationFilter]
have the same order value

所以我认为如果你想要两者,你需要改变位置:

<custom-filter after="FORM_LOGIN_FILTER" ref="AuthFilter" />

要么

<custom-filter before="FORM_LOGIN_FILTER" ref="AuthFilter" />

相关文章

ArrayList简介:ArrayList 的底层是数组队列,相当于动态数组。与 Java 中的数组相比,它的容量能动态增...
一、进程与线程 进程:是代码在数据集合上的一次运行活动,是系统进行资源分配和调度的基本单位。 线程...
本文为博客园作者所写:&#160;一寸HUI,个人博客地址:https://www.cnblogs.com/zsql/ 简单的一个类...
#############java面向对象详解#############1、面向对象基本概念2、类与对象3、类和对象的定义格式4、...
一、什么是异常? 异常就是有异于常态,和正常情况不一样,有错误出错。在java中,阻止当前方法或作用域...
Collection接口 Collection接口 Collection接口 Collection是最基本的集合接口,一个Collection代表一组...