从元素

从元素

关注
发信
关注(28)粉丝(399)

设置Spring Security:从元素'security:http'开始发现无效内容

本文介绍了设置Spring Security:从元素'security:http'开始发现无效内容的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试将spring-security配置为似乎已经限制了我对XML文件如何工作的理解。

I'm trying to configure spring-security as found here and seem to have run into a limitation of my understanding of how the XML files work.

按照我的指示,我添加了对applicationContext.xml的安全性如下:

As instructed I've added spring security to applicationContext.xml as follows:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:p="http://www.springframework.org/schema/p"
   xmlns:aop="http://www.springframework.org/schema/aop"
   xmlns:tx="http://www.springframework.org/schema/tx"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:security="http://www.springframework.org/schema/security">

该步骤正常展开。

I然后转到web.xml并添加:

I then went to web.xml and added:

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

仍然可以正常部署。

I然后尝试添加

<http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</http>

其中我也试过

<security:http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</security:http>

在这两种情况下,当我尝试部署应用程序时发现错误:

In both cases I saw an error when I tried to deploy the application:

Error occurred during deployment: Exception while deploying the app [OmegaRM] : org.xml.sax.SAXParseException; lineNumber: 53; columnNumber: 39; Deployment descriptor file WEB-INF/web.xml in archive [web].  cvc-complex-type.2.4.a: Invalid content was found starting with element 'security:http'. One of '{"http://xmlns.jcp.org/xml/ns/javaee":module-name, "http://xmlns.jcp.org/xml/ns/javaee":description, "http://xmlns.jcp.org/xml/ns/javaee":display-name, "http://xmlns.jcp.org/xml/ns/javaee":icon, "http://xmlns.jcp.org/xml/ns/javaee":distributable, "http://xmlns.jcp.org/xml/ns/javaee":context-param, "http://xmlns.jcp.org/xml/ns/javaee":filter, "http://xmlns.jcp.org/xml/ns/javaee":filter-mapping, "http://xmlns.jcp.org/xml/ns/javaee":listener, "http://xmlns.jcp.org/xml/ns/javaee":servlet, "http://xmlns.jcp.org/xml/ns/javaee":servlet-mapping, "http://xmlns.jcp.org/xml/ns/javaee":session-config, "http://xmlns.jcp.org/xml/ns/javaee":mime-mapping, "http://xmlns.jcp.org/xml/ns/javaee":welcome-file-list, "http://xmlns.jcp.org/xml/ns/javaee":error-page, "http://xmlns.jcp.org/xml/ns/javaee":jsp-config, "http://xmlns.jcp.org/xml/ns/javaee":security-constraint, "http://xmlns.jcp.org/xml/ns/javaee":login-config, "http://xmlns.jcp.org/xml/ns/javaee":security-role, "http://xmlns.jcp.org/xml/ns/javaee":env-entry, "http://xmlns.jcp.org/xml/ns/javaee":ejb-ref, "http://xmlns.jcp.org/xml/ns/javaee":ejb-local-ref, "http://xmlns.jcp.org/xml/ns/javaee":service-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-env-ref, "http://xmlns.jcp.org/xml/ns/javaee":message-destination-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-context-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-unit-ref, "http://xmlns.jcp.org/xml/ns/javaee":post-construct, "http://xmlns.jcp.org/xml/ns/javaee":pre-destroy, "http://xmlns.jcp.org/xml/ns/javaee":data-source, "http://xmlns.jcp.org/xml/ns/javaee":jms-connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":jms-destination, "http://xmlns.jcp.org/xml/ns/javaee":mail-session, "http://xmlns.jcp.org/xml/ns/javaee":connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":administered-object, "http://xmlns.jcp.org/xml/ns/javaee":message-destination, "http://xmlns.jcp.org/xml/ns/javaee":locale-encoding-mapping-list, "http://xmlns.jcp.org/xml/ns/javaee":deny-uncovered-http-methods, "http://xmlns.jcp.org/xml/ns/javaee":absolute-ordering}' is expected.. Please see server.log for more details.

我不明白配置中缺少什么来显示此错误。我已尝试为标记添加安全性,如下所示并没有区别:

I don't understand what I'm missing from the configuration to make this error appear. I've tried adding security to the tag as follows and it made no difference:

<web-app version="3.1"
     xmlns="http://xmlns.jcp.org/xml/ns/javaee"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xmlns:security="http://www.springframework.org/schema/security"
     xsi:schemaLocation="
        http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

我确实发现了同样的错误:

I did find this question with the same error:

虽然推荐的解决方案是使用我已经尝试过的安全命名空间。

The solution recommended there though was to use the security namespace which I've already tried.

所以我的问题是,是否有人知道我在这里做错了吗?

So my question is whether anyone knows what I'm doing wrong here please?

如果可能的话,我也非常感谢有关如何确定Spring中哪些文件应该配置的链接和/或更一般的解释以及它们的全部内容粘在一起!到目前为止,我已经运行了一些应用程序,但我不觉得我正确地理解了我为使它们工作所做的一切!

If possible I'd also really appreciate a link to and/or a more general explanation of how to determine what configuration should go in what files in Spring and how it all glues together! So far I've got a few applications running but I don't feel like I properly understand just what I've done to make them work!

我添加了以下JAR到项目库:

I've added the following JARs to the project Libraries:

推荐答案

您的 url-intercept 也需要安全命名空间。

Your url-intercept needs the security namespace as well. 

<security:intercept-url pattern="/**" access="ROLE_USER" />

如果你的安全配置在它自己的应用程序配置xml中,你可以使用安全性作为默认命名空间,因此,避免使用 security:为所有内容添加前缀。例如:

If your security config is in it's own application config xml, you can use security as the default namespace, thus avoid having to prefix everything with security:. For example:

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd">


   <http auto-config='true'>
       <intercept-url pattern="/**" access="ROLE_USER" />
   </http>
   ...
</beans:beans>

然后,从主应用程序配置中,您可以导入安全配置。例如,假设您的安全配置是名称security-application-config.xml,您可以像这样导入它。

Then from your main application config, you can import the security config. For example, let's say your security config was name security-application-config.xml, you could import it like so. 

//in your application-config.xml
<import resource="security-application-config.xml"/>
<import resource="mongo-application-config.xml"/>

这篇关于设置Spring Security:从元素'security:http'开始发现无效内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-24 06:31
Powered by LMLPHP ©2024 从元素 0.038306