`
techno_it
  • 浏览: 54746 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

Spring security2 安全配置

 
阅读更多
在Spring配置过程中,我遇到了创建Bean出错的问题,错误如下:
引用

2012-03-09 08:58:31,330 ERROR (org.springframework.web.context.ContextLoader:215) - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_rememberMeFilter' while setting bean property 'filters' with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeFilter': Cannot resolve reference to bean '_rememberMeServices' while setting bean property 'rememberMeServices'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeServices': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:480)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:429)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:728)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:380)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:255)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:199)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3727)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4162)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:718)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1012)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:442)
at org.apache.catalina.core.StandardService.start(StandardService.java:450)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:551)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:275)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot resolve reference to bean '_rememberMeFilter' while setting bean property 'filters' with key [6]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeFilter': Cannot resolve reference to bean '_rememberMeServices' while setting bean property 'rememberMeServices'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeServices': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:287)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:126)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.security.config.FilterChainProxyPostProcessor.postProcessBeforeInitialization(FilterChainProxyPostProcessor.java:52)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:350)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1331)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:473)
... 29 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeFilter': Cannot resolve reference to bean '_rememberMeServices' while setting bean property 'rememberMeServices'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_rememberMeServices': Initialization of bean failed; nested exception is org.springframework.security.config.SecurityConfigurationException: More than one UserDetailsService registered. Please use a specific Id in your configuration
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:275)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1245)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1010)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:472)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:409)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:380)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:264)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:261)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:185)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:164)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:269)
... 47 more

我的DBSource是自己定义的,不是用的Spring的JDBC用的是IBatic的数据源,这个问题导致我工作2、3天没有进展,试过各种方法,最后发现是配置文件的问题。具体原因是配置文件中多配置了:
   <b:authentication-provider>
       <b:password-encoder hash="md5"/>
       <b:jdbc-user-service data-source-ref="dataSource"/>
   </b:authentication-provider>

去掉后,一切正常。现将正确的配置贴出来,以备后用。
<?xml version="1.0" encoding="UTF-8"?>
<!--
  - Application context containing authentication, channel
  - security and web URI beans.
  -
  - Only used by "filter" artifact.
  -
  - $Id: applicationContext-acegi-security.xml 1425 2006-04-28 06:43:50Z benalex $
  -->

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:b="http://www.springframework.org/schema/security"
    xmlns:aop="http://www.springframework.org/schema/aop"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd
                        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-2.0.xsd" default-autowire="byName">
    <b:http auto-config="true" realm="Contacts Realm" access-denied-page="/accessDenied.jsp">
        <b:intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <b:intercept-url pattern="/index.html" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <b:intercept-url pattern="/Login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
        <b:intercept-url pattern="/image/**" filters="none"/>
        <b:intercept-url pattern="/common/**" filters="none"/>
        <b:intercept-url pattern="/scripts/**" filters="none"/>
        <b:intercept-url pattern="/welcome.jsp" filters="none"/>   
        <b:intercept-url pattern="/js/**" filters="none"/>
        <b:intercept-url pattern="/j_spring_security_switch_user" access="ROLE_SUPERVISOR"/>
        <b:intercept-url pattern="/**" access="ROLE_USER"/>

        <b:form-login login-page="/Login.jsp"/>
        <b:logout logout-success-url="/Login.jsp"/>
    </b:http>
	
   <!-- b:authentication-provider>
       <b:password-encoder hash="md5"/>
       <b:jdbc-user-service data-source-ref="dataSource"/>
   </b:authentication-provider  -->
   
   <bean id="authenticationProcessingFilter" class="org.springframework.security.ui.webapp.AuthenticationProcessingFilter">
   		<b:custom-filter before="AUTHENTICATION_PROCESSING_FILTER"/>
   		<property name="authenticationManager" ref="authenticationManager"></property>
   		<property name="authenticationFailureUrl" value="/spring_security_login"/>
   		<property name="defaultTargetUrl" value="/main.action" />
   </bean>
   <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
	   	<property name="providers">
	   		<list>
	   			<ref local="daoAuthenticationProvider"/>
	   		</list>
	   	</property>
   </bean>
   <bean id="daoAuthenticationProvider" class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
   		<property name="userDetailsService" ref="userService"/>
   		<property name="userCache" ref="userCache"/>
   </bean>
   <bean id="userCache" class="org.springframework.security.providers.dao.cache.EhCacheBasedUserCache">
   		<property name="cache" ref="userCacheBacked"/>
   </bean>
   <bean id="userCacheBacked" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
   		<property name="cacheManager" ref="cacheManager"/>
   		<property name="cacheName" value="userCache"/>
   </bean>
   <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
   		<property name="configLocation" value="classpath:ehcache-security.xml"/>
   </bean>
   <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
   		<b:custom-filter before="FILTER_SECURITY_INTERCEPTOR"/>
   		<property name="authenticationManager" ref="authenticationManager"/>
   		<property name="accessDecisionManager" ref="accessDecisionManager"/>
   		<property name="objectDefinitionSource" ref="databaseFilterInvocationDefinitionSource"/>
   </bean>
   <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
   		<property name="decisionVoters">
			<list>
				<bean class="org.springframework.security.vote.RoleVoter">
					<property name="rolePrefix" value=""/>
				</bean>
			</list>
   		</property>
   </bean>
   <bean id="databaseFilterInvocationDefinitionSource" class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
   		<constructor-arg type="org.springframework.security.util.UrlMatcher" ref="antUrlPathMatcher"/>
   		<constructor-arg type="java.util.LinkedHashMap" ref="requestMap"/>
   </bean>
   <bean id="antUrlPathMatcher" class="org.springframework.security.util.AntUrlPathMatcher"/>
   <bean id="requestMap" class="cn.com.pzhsteel.service.SpringSecurityConfigServiceImp" init-method="init">
   		<property name="roleDB" ref="roleDAO"/>
   </bean>
   <!-- bean id="methodSeurityInterceptor" class="org.springframework.security.intercept.method.aopalliance.MethodSecurityInterceptor">
   		<property name="authenticationManager" ref="authenticationManager"/>
   		<property name="accessDecisionManager" ref="accessDecisionManager"/>
   		<property name="objectDefinitionSource" ref=""/>
   </bean-->
   
   <!-- Automatically receives AuthenticationEvent messages -->
   <bean id="loggerListener" class="org.springframework.security.event.authentication.LoggerListener"/>

   <!-- Filter used to switch the user context. Note: the switch and exit url must be secured
        based on the role granted the ability to 'switch' to another user -->
   <!-- In this example 'rod' has ROLE_SUPERVISOR that can switch to regular ROLE_USER(s) -->
   <bean id="switchUserProcessingFilter" class="org.springframework.security.ui.switchuser.SwitchUserProcessingFilter" autowire="byType">
       <b:custom-filter position="SWITCH_USER_FILTER"/>       
       <property name="targetUrl" value="/secure/index.htm"/>
   </bean>
</beans>

分享到:
评论

相关推荐

    spring security2配置

    2. **Web安全配置**:创建一个扩展自`WebSecurityConfigurerAdapter`的配置类。在这里,我们可以定制安全规则,比如哪些URL需要被保护,哪些可以公开访问。 3. **用户认证**:配置`UserDetailsService`,这个接口...

    spring security 2 配置说明

    标题与描述均提到了“Spring Security 2 配置说明”,这表明文章旨在阐述Spring Security 2版本的配置细节,尤其是对于那些希望深入了解并正确应用该框架的安全特性开发者们。以下将基于给定的部分内容,深入解析...

    springsecurity使用配置详解

    在提供的压缩包`springsecurity配置demo`中,你将找到示例代码和详细说明,这将帮助你更好地理解和实践上述概念。通过学习和实践这些示例,你将能够为自己的Spring应用程序构建强大的安全防护。

    spring security 使用及配置

    Web 安全通过配置 Servlet Filter 激活 Spring Security 中的过滤器链来实现。方法安全通过使用 AOP 模式实现安全代理。Spring Security 还提供了多种标签库来控制页面元素的安全。 配置 Spring Security 的配置...

    spring security xml方式配置

    Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理。它提供了认证、授权和访问控制等功能,使得...这些内容构成了一个完整的基于XML的Spring Security安全体系,确保了Web应用的安全性和用户体验。

    Spring Security in Action

    Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户身份的验证,以确保用户的...

    spring-security3 配置和使用

    这个文件是 Spring Security 3 的核心配置文件,用于定义安全策略和授权规则。下面是一个基本的 security 配置文件示例: ```xml &lt;beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:...

    Spring Security 资料合集

    - 在Spring Boot项目中,Spring Security 可以通过自动配置快速启动,开发者只需少量配置就能实现复杂的安全需求。 这三份资料——"实战Spring Security 3.x.pdf"、"Spring Security 3.pdf" 和 "Spring Security...

    spring_security3_0_5安全配置手册

    - springsecurity3.0.5 - commonslogging1.6.1 - oraclejdbc1.1 这些依赖包提供了Spring Security框架运行所必需的类库和驱动支持。 #### 4. 配置过滤器 为了在Spring应用中使用Spring Security,需要在web.xml...

    SpringSecurity笔记,编程不良人笔记

    - OAuth2:SpringSecurity支持OAuth2协议,实现第三方登录和API保护。 - JWT(JSON Web Tokens):可使用JWT进行状态less的认证,提高系统的可扩展性。 - CORS(Cross-Origin Resource Sharing):SpringSecurity...

    spring security 项目配置源码

    - **Web安全配置**:在`WebSecurityConfigurerAdapter`的子类中配置,包括哪些URL需要保护,如何进行身份验证等。 - **认证配置**:定义`UserDetailsService`并设置默认的认证机制,如`InMemoryUserDetailsManager...

    SpringSecurity 3配置文件

    - `http`: 这个元素定义了HTTP安全配置,包括拦截URL、登录页面设置、访问控制等。例如,你可以使用`&lt;intercept-url&gt;`子元素来指定哪些URL需要特定的角色权限才能访问。 - `authentication-manager`: 它是身份验证...

    spring security3配置和使用实例+教程

    教程文档`教你使用_SpringSecurity_3.0_52页.pdf`会详细指导你如何一步步配置和使用Spring Security。它应该包含了配置文件的示例、如何集成到Spring应用中、如何创建自定义认证逻辑以及如何进行授权设置等内容。...

    精彩:Spring Security 演讲PPT

    2. **配置HTTP安全**: 在Spring Security的配置文件中添加HTTP安全配置,用于指定哪些URL需要保护以及如何进行身份验证和授权等。 ```xml &lt;!-- 配置项 --&gt; ``` 3. **定义安全规则**: 在Spring Security配置...

    springsecurity学习笔记

    - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和AccessDecisionManager。 - 使用@Secured和@PreAuthorize注解进行方法级别的...

    spring spring security2.5 jar

    开发者可以自定义权限表达式(例如,`hasRole('ROLE_ADMIN')`)并结合方法或URL安全配置进行权限控制。 3. **过滤器链**:Spring Security的核心在于其过滤器链,它拦截HTTP请求并应用安全策略。`...

    SpringSecurity.pdf

    Spring Security的配置灵活,可以通过XML配置文件、Java配置类或者注解来定制安全策略。它还提供了大量的扩展点,允许开发者根据自己的业务需求进行定制和扩展。 Spring Security的学习过程可以分为入门、进阶和...

    Springboot整合Spring security+Oauth2+JWT搭建认证服务器,网关,微服务之间权限认证及授权

    4. **整合Spring Security与OAuth2**:在Spring Boot中,我们可以使用`spring-security-oauth2-autoconfigure`库来简化OAuth2的配置。通过设置`@EnableAuthorizationServer`和`@EnableResourceServer`注解,分别启动...

    Spring Security3.1最新配置实例

    总结来说,Spring Security 3.1的配置实例是一个综合性的教程,涵盖了Web安全的多个方面,包括用户认证、权限控制以及与流行MVC框架(如Struts2)的集成。学习并实践这个实例,将有助于你深入理解和掌握Spring ...

Global site tag (gtag.js) - Google Analytics