- 浏览: 439409 次
- 性别:
- 来自: 北京
文章分类
- 全部博客 (211)
- 思考》感想 (11)
- 数据库操作 譬如Oracle大叔 (7)
- java,咱们有缘吗 (16)
- delphi,你还好吗 (2)
- SSH,哥三儿好 (31)
- 问题!问题?问题!? (9)
- WITH WORK (1)
- 算法与模式 莫事^_^ (10)
- JSP,可以叫你P兄么 (2)
- 啊,咋科斯╮(╯▽╰)╭ (6)
- 巨人肩上的小石子 (2)
- flash她妹flex (38)
- 项目管理 (10)
- 奥特曼,你弟Android来了 (4)
- 麻辣儿gis (0)
- maven 嘛味儿 (3)
- ws 哇塞 webservice (5)
- Oh,no!!!,NoSql (1)
- QQ他哥也是个企鹅,Linux (6)
- 姓i还是姓my 你都叫batis ibatis (3)
- 我喜欢夏天(春天旁边的那个季节)Springside (1)
- 测试! 测就测吧,没有喝(⊙o⊙) (3)
- 是晕+_+ 是浮云 还是云计算 (4)
- ExtJS 你是flex他哥还是他妹 (10)
- svg 你丫的资料真少 (3)
- 叫屁屁还是叫加加 ⊙﹏⊙ c++ (5)
- 鸟,还是只百灵鸟 BIRT (1)
- 权限管理 有权真好 是吧-_-! (1)
- SSH (2)
- 哥三儿好 (2)
- nginx (1)
- Oh (1)
- no!!! (1)
- NoSql (1)
最新评论
-
mong619226543:
谢谢
No identifier specified for entity -
akka_li:
没看懂啥意思!什么原因导致java.net.SocketExc ...
java.net.SocketException: Connection reset 问题解决方法 -
west_jing:
1L正解,<mvc:annotation-driven/ ...
<mvc:default-servlet-handler/> 导致 Controller失效 -
u010954806:
tgfhfdhdf
Spring Security 国际化文件 messages_zh_CN.properties 中文解释 -
yenshen:
我也碰到这个问题了,找了一大圈,最终问题解决了:<con ...
<mvc:default-servlet-handler/> 导致 Controller失效
两个Spring Security问题
---------》现象
2011-5-4 9:22:20 org.springframework.web.context.ContextLoader initWebApplicationContext
严重: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
2011-5-4 9:22:20 org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
------》原因
<intercept-url pattern="/hello.do*" access="none"/>
本意是/hello.do这个路径不需要用户权限,但写成上面会找none这个role,数据库没有这个role,所以报错了,还有就是配置角色的 时候一定不要加空格,也会报同样错的。
改为下面的写法就对了:
<intercept-url pattern="/hello.do*" filters="none"/>
-------》现象
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: 未在SecurityContext中查找到认证对象
org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:321)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:195)
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
$Proxy4.sayHello(Unknown Source)
com.xx.servlet.HelloServlet.doGet(HelloServlet.java:30)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:163)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237
------》原因
对方法进行了鉴权保护:
<global-method-security>
<!-- ROLE_USER能执行sayHello方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayHello(..))"/>
<!-- ROLE_USER不能执行sayBye方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayBye(..))"/>
</global-method-security>
sayHello和sayBye方法是通过 /hello.do*这个路径访问的,但前面我已经设置了<intercept-url pattern="/hello.do*" filters="none"/>,也就是不进行权限验证,造成了矛盾,所以没有办法再对方法进行保护。
---------》现象
2011-5-4 9:22:20 org.springframework.web.context.ContextLoader initWebApplicationContext
严重: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
2011-5-4 9:22:20 org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
------》原因
<intercept-url pattern="/hello.do*" access="none"/>
本意是/hello.do这个路径不需要用户权限,但写成上面会找none这个role,数据库没有这个role,所以报错了,还有就是配置角色的 时候一定不要加空格,也会报同样错的。
改为下面的写法就对了:
<intercept-url pattern="/hello.do*" filters="none"/>
-------》现象
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: 未在SecurityContext中查找到认证对象
org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:321)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:195)
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
$Proxy4.sayHello(Unknown Source)
com.xx.servlet.HelloServlet.doGet(HelloServlet.java:30)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:163)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237
------》原因
对方法进行了鉴权保护:
<global-method-security>
<!-- ROLE_USER能执行sayHello方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayHello(..))"/>
<!-- ROLE_USER不能执行sayBye方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayBye(..))"/>
</global-method-security>
sayHello和sayBye方法是通过 /hello.do*这个路径访问的,但前面我已经设置了<intercept-url pattern="/hello.do*" filters="none"/>,也就是不进行权限验证,造成了矛盾,所以没有办法再对方法进行保护。
发表评论
-
Spring Security 国际化文件 messages_zh_CN.properties 中文解释
2011-05-04 17:08 7144Spring Security 国际化文件 messages_ ... -
一个spring security 配置列子
2011-05-03 16:48 1265<?xml version="1.0" ... -
spring security与数据库交互实现简单例子
2011-04-19 16:34 1685spring security与数据库交互实现简单例子 最近 ... -
用struts2 验证用户登录demo
2011-01-28 15:38 2184用struts2 验证用户登录de ... -
Struts2.1.8 执行顺序
2011-01-28 15:18 889public class LoginAction extend ... -
Struts2令人纠结的一个问题
2011-01-27 09:47 1015我用Struts2加入自定义的library如下图,就报错, ... -
一份spring配置文件
2011-01-13 14:05 987<?xml version="1.0" ... -
Hibernate关系映射总结
2010-10-18 10:35 1277其实这些东东完全可以参考帮助文档;这里只是总结下。 》》》一对 ... -
No identifier specified for entity:XX.xx
2010-10-12 17:25 1684No identifier specified for ent ... -
Annotation对Hibernate中联合主键定义
2010-10-11 13:28 2241public class User { private in ... -
@MappedSuperclass的用法
2010-10-11 10:21 12667@MappedSuperclass的用法 用在实体的继承过程 ... -
公共dao的结构
2010-09-29 16:17 1383-----------》公共dao的结构 -----共用接口 ... -
No identifier specified for entity
2010-09-29 16:07 12024org.hibernate.AnnotationExcepti ... -
SSJ配置模板
2009-09-14 09:06 904web.xml-----> <?xml versi ... -
一个简单的ssh配置模板
2009-09-12 17:08 1731web.xml------> <?xml vers ... -
Struts----学习笔记 用form提交和sturts提交
2009-09-12 17:02 1235struts是这么配置的 <action path= ... -
Spring学习笔记------Spring和Hibernate的整合配置
2009-09-12 09:15 1425Spring和Hibernate整合配置有两种方式: 方 ... -
Spring学习笔记--------AOP操作
2009-09-10 10:29 1071* AOP操作可与通过注解和xml的方式实现; * 有个问题, ... -
Hibernate学习笔记1--------一个简单的应用
2009-08-30 08:26 1034工具类---------> /** *用单例模式 ... -
Hibernate学习笔记2--------------------一对多、多对一简单配置
2009-08-30 08:40 1022一的一端------------------------> ...
相关推荐
Spring Security 是一个强大的和高度可定制的身份验证和访问控制框架,用于Java应用程序。在这个场景中,我们关注的是如何使用Spring Security实现登录验证以及在登录过程中传递参数,特别是记录并返回用户登录前的...
Spring Security 3.1支持两种Remember Me实现:基于令牌的和基于持久化记住的。 7. **集成Spring MVC**:Spring Security 3.1与Spring MVC无缝集成,可以方便地保护Web控制器和视图。通过注解,如`@Secured`和`@...
本话题将深入探讨Spring Security的3.0.0和3.1.3两个版本,这两个版本都是该框架历史上的重要里程碑。 Spring Security 3.0.0是Spring Security发展的一个关键阶段,引入了大量新特性与改进。此版本加强了对Spring ...
- **安全的核心概念**:安全在IT领域主要涉及两个方面——认证(Authentication)和授权(Authorization)。 - **认证**:验证用户身份的过程。Spring Security通过多种认证机制(如数据库认证、表单认证等)确保只有...
Spring Security OAuth 是一个用于保护RESTful Web服务的框架,它为OAuth 1.0a和OAuth 2.0协议...通过研究Sparklr2和Tonr2这两个示例应用,开发者可以更好地掌握OAuth的实践应用,并提升在构建安全Web服务方面的技能。
在IT行业中,Spring Boot和Spring Security是两个非常重要的框架,它们在构建现代Web应用程序时起着核心作用。Spring Boot简化了Spring应用的初始搭建以及开发过程,而Spring Security则提供了全面的安全管理解决...
如果你的应用只需要基本的认证和授权功能,可能只需要`spring-security-core`和`spring-security-web`两个模块。如果涉及到LDAP认证或者对象级别的权限控制,那么相应的模块也需要引入。而`spring-security-config`...
这个简单的示例为初学者提供了一个了解Spring MVC和Spring Security交互的基础平台,有助于理解这两个框架在实际项目中的作用和集成方式。通过深入研究和实践,可以进一步提升Web应用的安全性和可维护性。
Spring Security 提供了两种实现方式:基于散列的令牌方法和基于持久化的令牌方法。前者更安全,后者更方便。 12. **OAuth 2.0 认证的原理与实践**: - OAuth 2.0 是一个开放标准,用于授权第三方应用访问用户资源...
SpringMVC 和 SpringSecurity 是两个在Java Web开发中极为重要的框架。SpringMVC 主要负责处理Web应用的请求-响应模型,提供了一种强大的、可扩展的架构来构建现代的、基于HTTP的服务。而SpringSecurity,则是用于...
- **DelegatingFilterProxy** 和 **FilterChainProxy**:这两个组件用于管理和协调过滤器的执行。 - **Spring Security 定义好的核心Filter**:包括一系列内置过滤器,如`UsernamePasswordAuthenticationFilter`等。...
Spring Security利用了Servlet过滤器、Spring的依赖注入(IOC)和面向切面编程(AOP)技术,它能够处理身份认证(Authentication)和授权(Authorization)两大安全核心问题。 身份认证是确认用户身份的过程,即...
Spring Security和OAuth2是两个非常关键的框架,它们分别处理身份验证(Authentication)和授权(Authorization)的问题。本课程"Spring Security+OAuth2 精讲,打造企业级认证与授权"深入浅出地讲解了这两个框架的...
这两个过滤器都可以根据需要进行配置或替换。 综上所述,"SpringSecurity安全框架基础Demo"涵盖了Spring Security的基础概念和关键功能,是学习和实践Spring Security的宝贵资源。通过这个Demo,开发者可以了解如何...
Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理。它为Web应用程序提供了全面的身份验证、授权和服务保护。在这个"Spring Security 入门demo"中,我们将会探讨一系列关键概念和功能,通过提供的...
总的来说,这份压缩包包含的两个CHM文件是开发者在使用Spring 3.0和Spring Security 3.1.4时不可或缺的参考资料。通过深入学习这两份文档,开发者能够更好地掌握这两个强大的工具,从而构建出更健壮、更安全的企业级...
首先,Spring Security的核心配置是通过XML命名空间完成的,主要包含两个主要的命名空间:`http` 和 `security`。`http` 命名空间用于定义安全相关的HTTP拦截器,而`security`命名空间则处理更广泛的授权和认证设置...
该章节分为两个部分,介绍了Spring Security3的基础概念,包括如何设置安全上下文、理解Spring Security的架构以及如何使用Spring Security进行基本的认证和授权。 ### 第二章:深入理解Spring Security3 本章深入...
Spring Security支持两种主要的授权模型:基于角色的访问控制(RBAC)和表达式语言(EL)授权。RBAC将权限与角色关联,而EL允许更复杂的条件表达式,如`@PreAuthorize("hasRole('ADMIN') and hasPermission('EDIT_...