`
yunhaifeiwu
  • 浏览: 163243 次
  • 性别: Icon_minigender_1
  • 来自: 宁波
社区版块
存档分类
最新评论

spring security 菜鸟设定

阅读更多
本人是菜鸟,E文也很烂,偏偏spring security更新很神速,版本之间相差特别大.网上有限的几个教材,也无法拿来就用.硬着头皮,借着spring security 2.x中文使用手册,再结合孙宁振的博文等,经过几天的奋战,终算能跑起来了.下面是根据自已理解,特写的教材.
本人表达能力有限,水平有限,只是由于spring security中文实例资料难找,特凭着脸皮厚,发表本教程,希引出大虾,作出权威的中文教材.是我等菜鸟之福了.

在这里,特别鸣谢spring security 2.x中文手册翻译者,孙宁振网友.

说明:本实例用到了 spring framework 2.5
               spring security 2.04
开发工具:netbeans 6.5 cr2中文版.

附件,是本人亲自调试通过的工程.
需要参考的网友,下载后,可用开发工具,按文件方式打开.能看见所有的源代码,
还有lib.至少netbeans 6.5是这样.
用户名:admin;密码123

菜鸟为了方便菜鸟,把spring security 2.04的下载地址也附上:
http://downloads.sourceforge.net/springframework/spring-security-2.0.4.zip?modtime=1223032765&big_mirror=0

spring官方网站:
www.springsource.org

目录:
1 Dao方式的认证授权原理
1.1 认证授权简略过程:
1.2 Spring security配置思路
2 Dao 形式的认证授权实例
2.1 Web.xml配置
2.2 spring securtity配置
2.2.1 命名空间
2.2.2 默认设定
2.2.3 认证设定
2.2.4 授权设定
2.3 完整的: spring-security.xml
2.4 Login.jsp



=========================正     文=========================


1 Dao方式的认证授权原理



1.1 认证授权简略过程:


(1) 用户输入用户名,密码

(2) 认证--------Authentication

根据用户输入信息,查询《用户权限资料表》,得到用户权限名
其中:
《用户权限资料表》的基本形式为:
用户名  密码 权限名1,权限名2,..权限名n

(3) 授权--------Invocation

根据权限名,查询《权限明细资料表》,得到具体权限.
其中:
  《权限明细资料表》,基本形式为:
网址(或网址加方法)  权限名1, 权限名2,.. 权限名n
  从中看出,权限,最终是某个网址可以由哪些角色的用户访问.

(4) Spring Security根据得到的网址,确定是否允许访问


(5) 其他处理(略)




1.2 Spring security配置思路

    揣摩官方的配置思路:
    官方设定完整的默认配置。关键环节,允许用户更改默认配置。有一部份默认配置是核心的(如认证与授权),不允许用户替换官方默认配置,但允许用户在这些默认配置的开始或结束后运行用户的配置;有一部份默认配置不是核心的,完全允许用户替代。
在这种假设情况下:
spring security2的这项操作“http标签中,让用户选择官方提供的默认配置”得到解释。
spring security2的这条标签“<custom-filter before="过滤器假名"/>”得到合理解释。同时,认证过滤器与授权过滤器不允许替换默认过滤器也得到解释。




2 Dao   形式的认证授权实例

所谓Dao形式,指认证中所需要的用户权限资料表,权限明细资料表,都放在数据库中,这两个资料表的更新、删除、查询等维护操作由用户编写的dao 完成。这个dao与spring security一起完成用户认证授权工作。这里,为了突出spring security使用方法,这里的dao不与数据库发生联系,仅仅返回spring security所需的数据(数据在dao内中是固定的。),在实际使用中,由用户自行扩展。

2.1 Web.xml配置

Spring  Security 是用servlet的过滤器实现认证的,因此需要在web.xml中进行配置。格式是固定的。最好位于所有过滤器前面。
代码:---------web.xml部份代码.
  
   <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>


由于spring security是由spring进行配置,还需在web.xml指定spring security的配置文件。
代码:---------------web.xml部份代码.
   
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

说明:
A  指定了spring监听器,启动spring.
B  spring securtity的配置文件为: spring-security.xml


2.2 spring securtity配置

注意:配置文件为spring-security.xml


2.2.1 命名空间

核心代码:----- spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">

说明:
    A  ”b:beans”,中的b是命名空间的别名,可由用户自行取名;官方的实例是这样的形式。
    B   spring-security.xml 中所有的bean的定义,都将前缀”b:bean”.




2.2.2 默认设定

   所谓默认设定,指spring security 2 已经认定好的了一系列过滤器。省去了早先版本设定一长串过滤器的烦恼。


(1)   最省事的设定之一
 
  <http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
  </http>

说明:
     A   这里,要求spring security 2 完全按默认处理。通常内存权限设定很管用。
其中:<intercept-url pattern="/**" access="ROLE_USER" />,规定了:名为ROLE_USER的权限,可以访问整个网站。
     B  权限名称有规定。至少:前缀“ROLE_”的由大写字母构成的字符串,符合规定。如:ROLE_XXX。


(2) 最省事的设定之二

 
  <http>
    <intercept-url pattern="/**" access="ROLE_USER" />
    <form-login />
    <anonymous />
    <http-basic />
    <logout />
    <remember-me />
  </http>

  说明:
       A  这里与前面的方式完全等同。
       B  form-login 指定了登陆界面。如果没具体指定,spring security将用自身的登陆界面。
       C  anonymous ,允许匿名访问网站(估计没保护的网页, 匿名者都能访问).
      D  http-basic  加载系列默认的过滤器。
至少有:AuthenticationProcessingFilter(认证过滤器),
                 FilterSecurityInterceptor(授权过滤器)
      E  凡是这里加载了的过滤器,用户都不能自行设定过滤器替代它们。也就是说AuthenticationProcessingFilter(认证过器) 与FilterSecurityInterceptor(授权过滤器)用户不能替代。
       F  凡是这里加载了的过滤器,用户可以自行定义它们中同类的过滤器,挂在相应默认过滤器的前或者后,但是不能替代。
       G   logout,设定默认的LogoutFilter过滤器。
       H    remember-me,设定RememberMeProcessingFilter过滤器。
       I   E与F适用于D、G、H


(3) 本例中http设定-------- spring-security.xml


    <http>       
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <intercept-url pattern="/login.jsp*" filters="none"/>
        <form-login login-page='/login.jsp'/>
 
        <http-basic />
        <logout /><!--加载离开过滤器-->
    </http>

  说明:
     A  好像,非得要指定一个内存权限。
      B 
<intercept-url pattern="/login.jsp*" filters="none"/>
<form-login login-page='/login.jsp'/>

  上面这两句,是指定用户自已的登陆界面,是固定形式.前者,表示login.jsp暴露给所有用户,无需保护。如果不要前句,将出现浏览器不允许cookie加载之类的错误提示。


2.2.3 认证设定

spring security 2提供了一个专门的认证设定。本节中用户权限,都是指为一个用户设定一个权限名。而这个权限名的定义,不在认证设定处理范围之内,将由授权处理器处理。

(1) 内存设定用户权限例子

<authentication-provider>
    <user-service>
        <user name="张三" password="123" authorities="ROLE_USER,ROLE_DDD" />
    </user-service>
</authentication-provider>

  说明:这里为张三指定了密码,以及两个权限:“ROLE_USER”与“ROLE_DDD”。


(2) Dao形式设定用户权限的例子--------- spring-security.xml

    <authentication-provider user-service-ref='userDetailsService'/>
    <b:bean id="userDetailsService"
        class="fyh.pub.login.security.UserDetailsSerivceImpl">
    </b:bean>

  其中:fyh.pub.login.security.UserDetailsSerivceImpl是用户自已写的类。这个类实现了spring security 2的UserDetailsService接口。源代码如下:


(3) UserDetailsService源代码
UserDetailsSerivceImpl.java
package fyh.pub.login.security;

import fyh.pub.login.model.User;
import org.springframework.dao.DataAccessException;
import org.springframework.security.userdetails.UserDetails;
import org.springframework.security.userdetails.UserDetailsService;
import org.springframework.security.userdetails.UsernameNotFoundException;

public class UserDetailsSerivceImpl implements UserDetailsService {
	public UserDetails loadUserByUsername(String username)
			throws UsernameNotFoundException, DataAccessException {
        UserDetails user=new User();
		return user;
	}
}

说明:User是用户自已写的类,这个类实现了spring security2的UserDetails接口。


(4) User源代码

  User.java
package fyh.pub.login.model;
import java.util.ArrayList;
import java.util.List;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.userdetails.UserDetails;

public class User implements UserDetails {
    private String		id="0";
    private String		username="admin";
    private String		password="123";
    //省略getter and setter 

    public GrantedAuthority[] getAuthorities() {
        List<GrantedAuthority> list = new ArrayList<GrantedAuthority>();
        list.add(new GrantedAuthorityImpl("ROLE_XXX"));
        list.add(new GrantedAuthorityImpl("ROLE_DDD"));
        return list.toArray(new GrantedAuthority[list.size()]);
    }

    public boolean isAccountNonExpired() {return true;}
    public boolean isAccountNonLocked() {return true;}
    public boolean isCredentialsNonExpired() {	return true;	}
    public boolean isEnabled() {return true;	}    
}




2.2.4 授权设定

这里主要是用了FilterSecurityInterceptor过滤器。


(1) 引子--------用户自行设定过滤器

设定格式形如:
  <beans:bean id="myFileterName" class="myFileterClass">
    <custom-filter position="过滤器假名"/>
  </beans:bean>

其中:
A  ” position”表示本过滤器,要替代其后的过滤器. "过滤器假名"指示了被替代的过滤器名。
    B  除了” position”,还有”before” 与”after”两种方式。分别表示将要把本过滤器挂在其后的过滤器前或后。
  例:这里设定了一个abc的过滤器,该过滤器,将挂在http中设定的过滤器-----FilterSecurityInterceptor的前面。
    <b:bean id="abc"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <custom-filter before="FILTER_SECURITY_INTERCEPTOR"/>
    </b:bean>

 


(2) 引子--------标准过滤器假名和顺序

假名                                      过滤器类
CHANNEL_FILTER	                 ChannelProcessingFilter
CONCURRENT_SESSION_FILTER	        ConcurrentSessionFilter
SESSION_CONTEXT_INTEGRATION_FILTER  HttpSessionContextIntegrationFilter
LOGOUT_FILTER	                        LogoutFilter
X509_FILTER	                  X509PreAuthenticatedProcessigFilter
PRE_AUTH_FILTER	                   AstractPreAuthenticatedProcessingFilter   Subclasses
CAS_PROCESSING_FILTER	               CasProcessingFilter
AUTHENTICATION_PROCESSING_FILTER	     AuthenticationProcessingFilter
BASIC_PROCESSING_FILTER	                BasicProcessingFilter
SERVLET_API_SUPPORT_FILTER	         SecurityContextHolderAwareRequestFilter
REMEMBER_ME_FILTER	                         RememberMeProcessingFilter
ANONYMOUS_FILTER	AnonymousProcessingFilter
EXCEPTION_TRANSLATION_FILTER	      ExceptionTranslationFilter
NTLM_FILTER	                        NtlmProcessingFilter
FILTER_SECURITY_INTERCEPTOR	               FilterSecurityInterceptor
SWITCH_USER_FILTER    	               SwitchUserProcessingFilter



(3) 定义自已的授权过滤器

由于前面, http中已经设定了默认的过滤器。因此,这里自行设定的过滤器将挂在滤认过滤器FilterSecurityInterceptor 的前面。注意:无法替代。
源代码: spring-security.xml
 
   <b:bean id="filterSecurityInterceptor11"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <custom-filter before="FILTER_SECURITY_INTERCEPTOR"/>
        <b:property name="authenticationManager" ref="authenticationManager" />
        <b:property name="accessDecisionManager" ref="accessDecisionManager" />
        <b:property name="objectDefinitionSource"
            ref="databaseFilterInvocationDefinitionSource" />
    </b:bean>

其中:authenticationManager 是认证管理器。accessDecisionManager是决策管理器。databaseFilterInvocationDefinitionSource是授权管理器(是根据我的理解起的名)。它们随后设定。


(4) authenticationManager设定

    源代码: spring-security.xml
    <b:bean id="authenticationManager"
        class="org.springframework.security.providers.ProviderManager">
        <b:property name="providers">
            <b:list>
                <b:ref local="daoAuthenticationProvider" />
            </b:list>
        </b:property>
    </b:bean>
    <b:bean id="daoAuthenticationProvider"
        class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <b:property name="userDetailsService" ref="userDetailsService" />
    </b:bean>

   其中:authenticationManager实例----引用了---->daoAuthenticationProvider实例,
        daoAuthenticationProvider实例----引用了----> userDetailsService实例,
        而userDetailsService实例在前面的《2.2.3认证设定》(2)中已经设定。


(5) accessDecisionManager设定

决策管理器, 经过投票机制来决定是否可以访问某一资源        allowIfAllAbstainDecisions为false时,如果有一个以上的decisionVoters投票通过,则授权通过。 可选的决策机制: ConsensusBased和 UnanimousBased。
源代码: spring-security.xml
    <b:bean id="accessDecisionManager"
        class="org.springframework.security.vote.AffirmativeBased">
        <b:property name="decisionVoters">
            <b:list>
                <b:bean class="org.springframework.security.vote.RoleVoter">
                    <b:property name="rolePrefix" value="" />
                </b:bean>
            </b:list>
        </b:property>
    </b:bean>



(6) databaseFilterInvocationDefinitionSource-----是它获得权限明细资料

    该类,是通过LinkedHashMap对象,传递权限明细资料的。
源代码: spring-security.xml
     class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
        <!-- 匹配url的matcher -->
        <b:constructor-arg type="org.springframework.security.util.UrlMatcher"
            ref="antUrlPathMatcher" />
        <!-- url对应authority的map -->
        <b:constructor-arg type="java.util.LinkedHashMap" ref="requestMap" />
    </b:bean>
  
说明:
A   antUrlPathMatcher是定义的url格式,随后定义。
B   requestMap 装载着权限明细资料。随后定义。


(7) antUrlPathMatcher
源代码: spring-security.xml
   <b:bean id="antUrlPathMatcher"
        class="org.springframework.security.util.AntUrlPathMatcher" />



(8) requestMap------它身上有权限明细资料

源代码: spring-security.xml
    <b:bean id="requestMap"
        class="fyh.pub.login.security.RequestMapFactoryBean"
        init-method="init">
    </b:bean>

   说明:RequestMapFactoryBean是由用户自定义的一个类,该类的init方法,返回一个LinkedHashMap对象。随后给出RequestMapFactoryBean的源代码


(9) RequestMapFactoryBean

RequestMapFactoryBean.java
package fyh.pub.login.security;

import java.util.LinkedHashMap; 
import org.springframework.beans.factory.FactoryBean;
import org.springframework.security.ConfigAttribute;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.SecurityConfig;
import org.springframework.security.intercept.web.RequestKey;

public class RequestMapFactoryBean implements FactoryBean {
	private LinkedHashMap<RequestKey, ConfigAttributeDefinition> requestMap;
	public void init() {
		requestMap = new LinkedHashMap<RequestKey, ConfigAttributeDefinition>();	 
			RequestKey key = new RequestKey("/**");
			ConfigAttribute attribute = new SecurityConfig("ROLE_XXX");
			ConfigAttributeDefinition definition = new ConfigAttributeDefinition(
					attribute);
			requestMap.put(key, definition);
            
            key = new RequestKey("/login.jsp");
			attribute = new SecurityConfig("ROLE_EEE");
			definition = new ConfigAttributeDefinition(
					attribute);
			requestMap.put(key, definition);
	}

	public Object getObject() throws Exception {
		if (requestMap == null) {init();}
		return requestMap;
	}

	public Class getObjectType() {return LinkedHashMap.class;	}
	public boolean isSingleton() {return true;}


}

说明:
A    这里,在类中固定了两个权限。
     整个网站可被ROLE_XXX 访问。
     /login.jsp 可被ROLE_EEE访问。
B   网址作为 LinkedHashMap的key,权限名放在ConfigAttributeDefinition 中,作为LinkedHashMap的值。


2.3 完整的spring-seurity.xml

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.1.xsd">


    <http>
        <intercept-url pattern="/**" access="ROLE_USER"/>
        <intercept-url pattern="/login.jsp*" filters="none"/>
        <form-login login-page='/login.jsp'/>
        <http-basic />
        <logout /><!--加载离开过滤器-->
    </http>

   <!--设用户权限, 权限表示方式为:用户名 密码 权限名列表.
       内存设置方式如下例:
       <authentication-provider>
            <user-service>
                <user name="张三" password="123" authorities="ROLE_USER,ROLE_DDD" />
            </user-service>
        </authentication-provider>
   -->

   <!--dao方式设置用户权限-->
   <authentication-provider user-service-ref='userDetailsService'/>
    <b:bean id="userDetailsService"
        class="fyh.pub.login.security.UserDetailsSerivceImpl">
    </b:bean>



    <!--***********************************************************************
    *************************************************************************-->
    <!--
        负责授权的filter,检查Authentication所授予的权限是否可以访问被访问的资源
    -->
    <b:bean id="filterSecurityInterceptor11"
        class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
        <custom-filter before="FILTER_SECURITY_INTERCEPTOR"/>
        <b:property name="authenticationManager" ref="authenticationManager" />
        <b:property name="accessDecisionManager" ref="accessDecisionManager" />
        <b:property name="objectDefinitionSource"
            ref="databaseFilterInvocationDefinitionSource" />
    </b:bean>

    <b:bean id="authenticationManager"
        class="org.springframework.security.providers.ProviderManager">
        <b:property name="providers">
            <b:list>
                <b:ref local="daoAuthenticationProvider" />
            </b:list>
        </b:property>
    </b:bean>
    <b:bean id="daoAuthenticationProvider"
        class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
        <b:property name="userDetailsService" ref="userDetailsService" />
    </b:bean>
    
    <b:bean id="accessDecisionManager"
        class="org.springframework.security.vote.AffirmativeBased">
        <b:property name="decisionVoters">
            <b:list>
                <b:bean class="org.springframework.security.vote.RoleVoter">
                    <b:property name="rolePrefix" value="" />
                </b:bean>
            </b:list>
        </b:property>
    </b:bean>

    <b:bean id="databaseFilterInvocationDefinitionSource"
        class="org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource">
        <b:constructor-arg type="org.springframework.security.util.UrlMatcher"
            ref="antUrlPathMatcher" />
        <!-- url对应authority的map -->
        <b:constructor-arg type="java.util.LinkedHashMap" ref="requestMap" />
    </b:bean>

    <b:bean id="antUrlPathMatcher"
        class="org.springframework.security.util.AntUrlPathMatcher" />

    <b:bean id="requestMap"
        class="fyh.pub.login.security.RequestMapFactoryBean"
        init-method="init">
    </b:bean>
   
</b:beans>





2.4 Login.jsp
说明: 如果用户,要用自已的登陆界面,需要
(1) 把form的action设成j_spring_security_check
(2) 用户名设成j_username
(3) 密码名设成j_password
以上三点,是spring security的约定。

login.jsp核心代码
     <form action="j_spring_security_check" method="post">
            <table>
                 <tr>
                     <td><label for="username">用户名:</label></td>
                     <td><input type="text" id="username" name="j_username"
                            value="${SPRING_SECURITY_LAST_USERNAME}"/></td>
                 </tr>
                 <tr>
                     <td><label for="password">密码:</label></td>
                     <td><input type="password" id="password" name="j_password" value=""/></td>
                 </tr>
                 <tr><td></td>
                     <td><input type="checkbox" name="_spring_security_remember_me">两周内记住我</td>
                 </tr>
                 <tr><td colspan="2"><input type="submit" value="提交"/>
                 <input type="reset" value="重置"/></td></tr>
            </table>
        </form>





============================================================
分享到:
评论
12 楼 Seanman 2012-09-06  
中文用户名登录不成功。
使用的编码为utf-8
11 楼 hanjiangit 2009-12-14  
weihao_99999 写道
启动服务器报错啊。帮忙看看严重: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator] while setting bean property 'filters' with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
... 90 more


你这个问题怎么解决的?
10 楼 guoxhvip 2009-10-23  
公司正准备使用它
感谢楼主文章
9 楼 keer2345 2009-09-14  
8楼的,你发那么长的错误信息干嘛,  你发得越长,人家越不帮你排错,而且还浪费版面,也浪费大家的经历。
以后发重点的就行了,呵呵
8 楼 weihao_99999 2009-05-22  
启动服务器报错啊。帮忙看看严重: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator] while setting bean property 'filters' with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:547)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:413)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:735)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator] while setting bean property 'filters' with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:229)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:122)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:286)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:126)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1274)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1042)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.security.config.FilterChainProxyPostProcessor.postProcessBeforeInitialization(FilterChainProxyPostProcessor.java:52)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1355)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:540)
... 28 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:274)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:431)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:957)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:869)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:219)
... 45 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:274)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1274)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1042)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:268)
... 55 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:274)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:447)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:957)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:869)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:268)
... 67 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1362)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:540)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:268)
... 81 more
Caused by: java.lang.NullPointerException
at login.security.RequestMapFactoryBean.init(RequestMapFactoryBean.java:17)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1427)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1396)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1359)
... 90 more
2009-5-22 11:51:37 org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainProxy': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator] while setting bean property 'filters' with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:547)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:413)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:735)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:369)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_filterChainList': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.OrderedFilterBeanDefinitionDecorator$OrderedFilterDecorator] while setting bean property 'filters' with key [8]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:229)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:122)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:286)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:126)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1274)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1042)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.security.config.FilterChainProxyPostProcessor.postProcessBeforeInitialization(FilterChainProxyPostProcessor.java:52)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:323)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1355)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:540)
... 28 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#2': Cannot resolve reference to bean 'filterSecurityInterceptor11' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:274)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:431)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:957)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:869)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:219)
... 45 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterSecurityInterceptor11' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'databaseFilterInvocationDefinitionSource' while setting bean property 'objectDefinitionSource'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:274)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1274)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1042)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:539)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:268)
... 55 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'databaseFilterInvocationDefinitionSource' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Cannot resolve reference to bean 'requestMap' while setting constructor argument; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:274)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:104)
at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:447)
at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:957)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:869)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:514)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:268)
... 67 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'requestMap' defined in ServletContext resource [/WEB-INF/applicationContext.xml]: Invocation of init method failed; nested exception is java.lang.NullPointerException
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1362)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:540)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory$1.run(AbstractAutowireCapableBeanFactory.java:485)
at java.security.AccessController.doPrivileged(Native Method)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:251)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:169)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:248)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:170)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:268)
... 81 more
Caused by: java.lang.NullPointerException
at login.security.RequestMapFactoryBean.init(RequestMapFactoryBean.java:17)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeCustomInitMethod(AbstractAutowireCapableBeanFactory.java:1427)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1396)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1359)
... 90 more
7 楼 xcglly 2009-03-08  
[color=red][/color]kjhjkh
6 楼 yzl45 2009-01-11  
老大,你的这个例子中,认证的部分是spring security2.X的东西,但是保护web资源这块,是1.0X的写法,和官方的写法不一样啊。能不能结合2.0的写一个。
以下官方文档给出的:
配置文件的第一部分是指定安全资源过滤器的细节,这让安全资源可以通过数据库读取,而不是在配置文件里保存信息。这里是一个你将在大多数例子中看到的代码。

<http auto-config="true" access-denied-page="/403.jsp">
    <intercept-url pattern="/index.jsp" access="ROLE_ADMINISTRATOR,ROLE_USER"/>
    <intercept-url pattern="/securePage.jsp" access="ROLE_ADMINISTRATOR"/>
    <intercept-url pattern="/**" access="ROLE_ANONYMOUS" />
</http>
               
使用这些内容进行替换:

<authentication-manager alias="authenticationManager"/>

<beans:bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
    <beans:property name="allowIfAllAbstainDecisions" value="false"/>
    <beans:property name="decisionVoters">
        <beans:list>
            <beans:bean class="org.springframework.security.vote.RoleVoter"/>
            <beans:bean class="org.springframework.security.vote.AuthenticatedVoter"/>
        </beans:list>
    </beans:property>
</beans:bean>

<beans:bean id="filterInvocationInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="accessDecisionManager" ref="accessDecisionManager"/>
    <beans:property name="objectDefinitionSource" ref="secureResourceFilter" />
</beans:bean>

<beans:bean id="secureResourceFilter" class="org.security.SecureFilter.MySecureResourceFilter" />

<http auto-config="true" access-denied-page="/403.jsp">
    <concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />
    <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" default-target-url="/index.jsp" />
    <logout logout-success-url="/login.jsp"/>
</http>
               
这段配置的主要部分secureResourceFilter,这是一个实现了FilterInvocationDefinitionSource的类,它在Spring Security需要对请求页面检测权限的时候调用。这里是MySecureResouceFilter的代码:

package org.security.SecureFilter;

import java.util.Collection;
import java.util.List;

import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.ConfigAttributeEditor;
import org.springframework.security.intercept.web.FilterInvocation;
import org.springframework.security.intercept.web.FilterInvocationDefinitionSource;


public class MySecureResourceFilter implements FilterInvocationDefinitionSource {

    public ConfigAttributeDefinition getAttributes(Object filter) throws IllegalArgumentException {

        FilterInvocation filterInvocation = (FilterInvocation) filter;

        String url = filterInvocation.getRequestUrl();

        // create a resource object that represents this Url object
        Resource resource = new Resource(url);

        if (resource == null) return null;
        else{
            ConfigAttributeEditor configAttrEditor = new ConfigAttributeEditor();
            // get the Roles that can access this Url
            List<Role> roles = resource.getRoles();
            StringBuffer rolesList = new StringBuffer();
            for (Role role : roles){
                rolesList.append(role.getName());
                rolesList.append(",");
            }
            // don't want to end with a "," so remove the last ","
            if (rolesList.length() > 0)
                rolesList.replace(rolesList.length()-1, rolesList.length()+1, "");
            configAttrEditor.setAsText(rolesList.toString());
            return (ConfigAttributeDefinition) configAttrEditor.getValue();
        }
    }

    public Collection getConfigAttributeDefinitions() {
        return null;
    }

    public boolean supports(Class arg0) {
        return true;
    }

}
               
getAttributes()方法返回权限的名称(我称之为角色),它们控制当前url的访问权限。

但是按照它这个配置,不起作用,有谁搞通了,还麻烦告诉以下,再次谢过了。
我的邮箱:yzl45@126.com

5 楼 robustwang 2009-01-09  
不错,正好在找这个。
4 楼 rose_424 2009-01-02  
晚饭之前看到您的blog,真的感到很幸运,吃完晚饭回来再看。

谢谢您
3 楼 yunhaifeiwu 2008-12-23  

源代码下载地址:
http://yunhaifeiwu.iteye.com/topics/download/61c1721b-eff2-3fde-a700-39b567192b22
2 楼 tongyi121 2008-12-22  
没找到附件呀,能提供源码吗?
1 楼 kitta 2008-12-19  
非常不错,收藏了。
感觉spring-security 2.0.x的文档比较简陋,有acegi基础的还好,没有的就惨了。

相关推荐

    Spring Security in Action

    Spring Security 实践指南 Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户...

    Spring Security 资料合集

    Spring Security 是一个强大的安全框架,主要用于Java应用的安全管理,它为Web应用和企业级应用提供了全面的安全服务。这个框架能够处理认证、授权以及各种安全相关的功能,帮助开发者构建安全、可扩展的应用。以下...

    SpringSecurity.pdf

    Spring Security是一个功能强大、高度定制的安全框架,它专门用于为基于Spring的应用程序提供安全性解决方案。Spring Security架构的设计初衷是为了解决认证和授权的需求,确保应用程序的安全性。它提供了全面的安全...

    SpringSecurity笔记,编程不良人笔记

    SpringSecurity是Java领域中一款强大的安全框架,主要用于Web应用程序的安全管理。它提供了全面的身份验证、授权、会话管理以及安全相关的功能,可以帮助开发者构建安全的Web应用。在本笔记中,我们将深入探讨Spring...

    springsecurity学习笔记

    在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...

    spring security 完整项目实例

    Spring Security 是一个强大的安全框架,用于为Java应用提供身份验证和授权服务。在这个完整的项目实例中,我们将深入探讨Spring Security的核心概念以及如何将其应用于实际的Web应用程序开发。 首先,我们从用户、...

    Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权

    在压缩包文件`spring_gateway_security_webflux`中,可能包含了示例代码或配置文件,用于演示如何在Spring Cloud Gateway中集成Spring Security,实现统一登录认证鉴权。这些资源可以帮助开发者更快地理解和实践上述...

    SpringSecurity学习总结源代码

    SpringSecurity是Java开发中用于构建安全Web应用的框架,它提供了强大的身份验证、授权和访问控制功能。在本文中,我们将深入探讨SpringSecurity的核心概念、关键组件以及如何配置和使用这个框架。 首先,Spring...

    最详细Spring Security学习资料(源码)

    Spring Security是一个功能强大且高度可定制的身份验证和授权框架,专门用于保护Java应用程序的安全性。它构建在Spring Framework基础之上,提供了全面的安全解决方案,包括身份验证、授权、攻击防护等功能。 Spring...

    SpringBoot+SpringSecurity处理Ajax登录请求问题(推荐)

    SpringBoot+SpringSecurity处理Ajax登录请求问题 SpringBoot+SpringSecurity处理Ajax登录请求问题是SpringBoot开发中的一個常见问题,本文将详细介绍如何使用SpringBoot+SpringSecurity处理Ajax登录请求问题。 ...

    spring security 官方文档

    Spring Security 是一个强大的安全框架,用于为Java应用提供全面的安全管理解决方案。它是Spring生态系统的组成部分,专注于身份验证、授权和访问控制。Spring Security的核心特性包括: 1. **身份验证...

    spring security 4.0.0所需jar包

    Spring Security 是一个强大的和高度可定制的身份验证和访问控制框架,广泛用于Java应用程序的安全性管理。这个压缩包包含了Spring Security 4.0.0版本所需的jar包,这是一组核心组件,为构建安全的Web应用提供了...

    spring security3 中文版本

    ### Spring Security 3.0.1 中文版知识点解析 #### 一、Spring Security 3.0.1 概览 ##### 1.1 Spring Security 是什么? Spring Security 是一个强大的、高度可定制的身份验证和访问控制框架。它提供了许多功能...

    spring spring security2.5 jar

    Spring Security是Spring生态体系中的一个核心组件,主要负责应用程序的安全性,包括认证和授权。它为Web应用提供了全面的保护,防止未经授权的访问和操作。在版本2.5时,Spring Security已经是一个成熟且功能丰富的...

    SpringBoot+SpringSecurity+WebSocket

    在IT行业中,SpringBoot、SpringSecurity和WebSocket是三个非常重要的技术组件,它们分别在应用程序开发、安全管理和实时通信方面发挥着关键作用。本项目结合这三个技术,构建了一个整合的示例,旨在展示如何在...

    spring-security 官方文档 中文版

    ### Spring Security 官方文档中文版重要知识点解析 #### 一、Spring Security 概述 **1.1 Spring Security 是什么?** Spring Security 是一款基于 Spring 框架的安全插件,提供了完整的安全性解决方案,包括...

    精彩:Spring Security 演讲PPT

    ### Spring Security 概述与应用实践 #### 一、引言 在当今互联网时代,网络安全问题日益凸显,尤其是Web应用程序的安全性受到了前所未有的关注。为了应对这些挑战,Spring Security 应运而生,成为了一个非常重要...

    狂神Spring Security静态资源

    Spring Security 是一个强大的安全框架,主要用于Java Web应用的安全管理,包括认证、授权和访问控制等。在Spring Boot中,Spring Security 提供了简洁的API和自动化配置,使得开发者能够快速集成安全功能。在这个名...

    springsecurity原理流程图.pdf

    Spring Security 是一个功能强大且高度可定制的身份验证和访问控制框架,它是安全领域中Spring生态系统的一部分。Spring Security旨在为Java应用程序提供一个全面的安全解决方案,尤其适用于企业级应用场景。它主要...

    Spring security认证授权

    Spring Security 是一个强大的和高度可定制的身份验证和访问控制框架,用于Java应用程序。它提供了全面的安全解决方案,包括用户认证、权限授权、会话管理、CSRF防护以及基于HTTP的访问控制。在这个例子中,我们将...

Global site tag (gtag.js) - Google Analytics