问答首页 Java企业应用
0 0

spring security启动异常,求大神来指点下10

SSH想加上spring security,搞了几天都没搞出来,哪位大神来指点下

 

 

WEB.XML配置

 

<listener>
   	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
  <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath:beans.xml,classpath:application-security.xml</param-value>
  </context-param>
  <!-- 编码过滤 -->
  <filter>
    <filter-name>encodingFilter</filter-name>
    <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
    <init-param>
      <param-name>encoding</param-name>
      <param-value>UTF-8</param-value>
    </init-param>
  </filter>
  <filter-mapping>
    <filter-name>encodingFilter</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter>
    <filter-name>openSessionInView</filter-name>
    <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
  </filter>
  <filter-mapping>
    <filter-name>openSessionInView</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>
  <!-- 权限 -->
  <filter>
  	<filter-name>springSecurityFilterChain</filter-name>
  	<filter-class>
  		org.springframework.web.filter.DelegatingFilterProxy
  	</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
  </filter-mapping>

 

bean.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:context="http://www.springframework.org/schema/context"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/tx
       http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-3.0.xsd
       http://www.springframework.org/schema/aop
       http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
       http://www.directwebremoting.org/schema/spring-dwr-3.0.xsd ">
	<context:annotation-config />
	<context:component-scan base-package="com.test" />
	
	<bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
		<property name="locations">
			<value>classpath:jdbc.properties</value>
		</property>
	</bean>

	<bean id="dataSource" destroy-method="close"
		class="org.apache.commons.dbcp.BasicDataSource">
		<property name="driverClassName"
			value="${jdbc.driverClassName}" />
		<property name="url" value="${jdbc.url}" />
		<property name="username" value="${jdbc.username}" />
		<property name="password" value="${jdbc.password}" />
	</bean>
	<bean id="sessionFactory"
		class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
		<property name="dataSource" ref="dataSource" />
			<property name="packagesToScan">
			<list>
				<value>com.test.model</value>
			</list>
		</property>

		<property name="hibernateProperties">
			<props>
				<prop key="hibernate.dialect">
					org.hibernate.dialect.PostgreSQLDialect
				</prop>
				<prop key="connection.provider_class">org.hibernate.connection.C3P0ConnectionProvider</prop>
				<prop key="c3p0.min_size">7</prop>
				<prop key="c3p0.max_size">42</prop>
				<prop key="c3p0.timeout">1800</prop>
				<prop key="c3p0.max_statements">50</prop>
				<prop key="c3p0.idle_test_period">60</prop>
				<prop key="c3p0.acquire_increment">1</prop>
				<prop key="c3p0.validate">true</prop>
				<prop key="hibernate.show_sql">true</prop>
				<prop key="hibernate.format_sql">false</prop>			
				<prop key="hibernate.cache.use_second_level_cache">true</prop>
				<prop key="hibernate.cache.use_query_cache">true</prop>
				<prop key="hibernate.cache.provider_class">org.hibernate.cache.EhCacheProvider</prop>
			</props>
		</property>
	</bean>
		<bean id="hibernateTemplate" class="org.springframework.orm.hibernate3.HibernateTemplate">
	 	<property name="sessionFactory" ref="sessionFactory"></property>
	</bean>
	<bean id="transactionManager"
		class="org.springframework.orm.hibernate3.HibernateTransactionManager">
		<property name="sessionFactory" ref="sessionFactory" />
	</bean>
	<tx:annotation-driven transaction-manager="transactionManager"/>
	<tx:advice id="txAdvice" transaction-manager="transactionManager">
		<tx:attributes>
			<tx:method name="get*" read-only="true" propagation="REQUIRED"/>
			<tx:method name="find*" read-only="true" propagation="REQUIRED"/>
			<tx:method name="*" rollback-for="java.lang.Exception" propagation="REQUIRED"/>
		</tx:attributes>
	</tx:advice>
	<aop:config>
		<aop:pointcut id="bussinessService"
			expression="execution( * com.test.service..*.*(..))" />
		<aop:advisor pointcut-ref="bussinessService"
			advice-ref="txAdvice" />
	</aop:config>
	
</beans>

 application-security.xml配置

<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:b="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">                     
   <debug/>
<!-- <global-method-security>  -->
<!--     Element 这个元素用来在你的应用程序中启用基于安全的注解(通过在这个元素中设置响应的属性), -->
<!--          也可以用来声明将要应用在你的实体application context中的安全切点组。 -->
<!-- <global-method-security secured-annotations="enabled" jsr250-annotations="enabled"/> -->
<!-- protect-pointcut是非常强大的,它让你可以用简单的声明对多个bean的进行安全声明。 参考下面的例子: Java代码 -->
<!--     <global-method-security> -->
<!--         <protect-pointcut expression="execution(* com.mycompany.*Service.*(..))" access="ROLE_USER"/> -->
<!--  </global-method-security> 这样会保护application context中的符合条件的bean的所有方法 -->

<!-- 不要过滤图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 -->
<!--   <intercept-url pattern="/**/*.jpg" filters="none" /> -->
<!--   <intercept-url pattern="/**/*.png" filters="none" /> -->
<!--   <intercept-url pattern="/**/*.gif" filters="none" /> -->
<!--   <intercept-url pattern="/**/*.css" filters="none" /> -->
<!--   <intercept-url pattern="/**/*.js" filters="none" /> -->
   
    <!-- 这些请求不用过滤 -->
    <http pattern="/**/*.js" security="none"/>
    <http pattern="/**/*.css" security="none"/>
    <http pattern="/**/*.gif**" security="none"/>
    <http pattern="/**/*.jpg" security="none"/>
    <http pattern="/login.jsp" security="none"/>
    <http use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint" access-denied-page="/a.jsp">
	    <logout invalidate-session="false" logout-success-url="/login.jsp" logout-url="/j_spring_security_logout"/>
	    	    <remember-me />
	     
	    <session-management invalid-session-url="/timeout.jsp">
	         <concurrency-control  max-sessions="1" error-if-maximum-exceeded="true" expired-url="/login.jsp"></concurrency-control>
	    </session-management>
	    <!-- 定制自己的过滤器 -->
       	<custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"  />
		<custom-filter ref="securityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
		
		
    </http>
    
    <!-- 登录验证器 -->
    <b:bean id="loginFilter"
		class="com.sjweb.security.MyUsernamePasswordAuthenticationFilter">
		<!-- 处理登录 -->
		<b:property name="filterProcessesUrl" value="/j_spring_security_check"></b:property>
		<b:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"></b:property>
		<b:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></b:property>
		<b:property name="authenticationManager" ref="myAuthenticationManager"></b:property>
		<b:property name="usersService" ref="usersService"></b:property>
	</b:bean>
	<b:bean id="loginLogAuthenticationSuccessHandler"
		class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
		<!-- 登录成功后的页面 -->
		<b:property name="defaultTargetUrl" value="/index.jsp"></b:property>
	</b:bean>
	<b:bean id="simpleUrlAuthenticationFailureHandler"
		class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
		<b:property name="defaultFailureUrl" value="/login.jsp"></b:property>
	</b:bean>
	
    <!-- 认证过滤器 -->
    <b:bean id="securityFilter" class="com.sjweb.security.MySecurityFilter">
    	<!-- 用户拥有的权限 -->
    	<b:property name="authenticationManager" ref="myAuthenticationManager" />
    	<!-- 用户是否拥有所请求资源的权限 -->
    	<b:property name="accessDecisionManager" ref="myAccessDecisionManager" />
    	<!-- 资源与权限对应关系 -->
    	<b:property name="securityMetadataSource" ref="mySecurityMetadataSource" />
    </b:bean>
    <!-- 实现了UserDetailsService的Bean -->
    <authentication-manager alias="myAuthenticationManager">
        <authentication-provider user-service-ref="myUserDetailServiceImpl">
        </authentication-provider>
    </authentication-manager>
    
    <b:bean id="myAccessDecisionManager" class="com.test.security.MyAccessDecisionManager"></b:bean>
	<b:bean id="mySecurityMetadataSource" class="com.test.security.MySecurityMetadataSource">
		<b:constructor-arg name="resourcesService" ref="resourcesService"></b:constructor-arg>
	</b:bean>
	<b:bean id="myUserDetailServiceImpl" class="com.test.security.MyUserDetailServiceImpl">
		<b:property name="usersService" ref="usersService"></b:property>
	</b:bean>
	
	<b:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
		<b:property name="loginFormUrl" value="/login.jsp"></b:property>
	</b:bean>
    
</b:beans>

 异常信息

Hibernate: select this_.resources_id as resources1_1_0_, this_.create_time as create2_1_0_, this_.enable as enable1_0_, this_.enname as enname1_0_, this_.iscore as iscore1_0_, this_.isleaf as isleaf1_0_, this_.isopen as isopen1_0_, this_.memo as memo1_0_, this_.name as name1_0_, this_.orderid as orderid1_0_, this_.parentid as parentid1_0_, this_.resourcetype as resourc12_1_0_, this_.target as target1_0_ from lq_resources this_
2013-02-02 02:36:16,220 INFO [org.springframework.beans.factory.support.DefaultListableBeanFactory] - Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@e29820: defining beans [org.springframework.context.annotation.internalConfigurationAnnotationProcessor,org.springframework.context.annotation.internalAutowiredAnnotationProcessor,org.springframework.context.annotation.internalRequiredAnnotationProcessor,org.springframework.context.annotation.internalCommonAnnotationProcessor,org.springframework.context.annotation.internalPersistenceAnnotationProcessor,baseDAOSupport,resourcesDAOImpl,usersDAOImpl,resourcesService,usersService,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,dataSource,sessionFactory,hibernateTemplate,transactionManager,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,txAdvice,bussinessService,org.springframework.aop.support.DefaultBeanFactoryPointcutAdvisor#0,org.springframework.security.config.debug.SecurityDebugBeanFactoryPostProcessor#0,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.web.DefaultSecurityFilterChain#3,org.springframework.security.web.DefaultSecurityFilterChain#4,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.core.session.SessionRegistryImpl#0,org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0,org.springframework.security.authentication.RememberMeAuthenticationProvider#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#5,loginFilter,loginLogAuthenticationSuccessHandler,simpleUrlAuthenticationFailureHandler,securityFilter,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager,myAccessDecisionManager,mySecurityMetadataSource,myUserDetailServiceImpl,authenticationProcessingFilterEntryPoint,springSecurityFilterChain]; root of factory hierarchy
2013-02-02 02:36:16,220 INFO [org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean] - Closing Hibernate SessionFactory
2013-02-02 02:36:16,220 INFO [org.hibernate.impl.SessionFactoryImpl] - closing
2013-02-02 02:36:16,267 ERROR [org.springframework.web.context.ContextLoader] - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#5' while setting bean property 'sourceList' with key [5]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#5': Cannot resolve reference to bean 'securityFilter' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilter' defined in class path resource [application-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:563)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3934)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4429)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:987)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:909)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:495)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1206)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:516)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#5': Cannot resolve reference to bean 'securityFilter' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilter' defined in class path resource [application-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1003)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:907)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
	... 41 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilter' defined in class path resource [application-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
	... 55 more
Caused by: java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.util.Assert.isTrue(Assert.java:65)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:128)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
	... 62 more
2013-2-2 2:36:16 org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#5' while setting bean property 'sourceList' with key [5]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#5': Cannot resolve reference to bean 'securityFilter' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilter' defined in class path resource [application-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1325)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:563)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3934)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4429)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
	at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:987)
	at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:909)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:495)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1206)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:314)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:119)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:516)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:583)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#5': Cannot resolve reference to bean 'securityFilter' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilter' defined in class path resource [application-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1003)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:907)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
	... 41 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilter' defined in class path resource [application-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1420)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
	... 55 more
Caused by: java.lang.IllegalArgumentException: AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation
	at org.springframework.util.Assert.isTrue(Assert.java:65)
	at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:128)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)
	... 62 more

 

SpringSpring Security 
2013年2月02日 03:04

5个答案 按时间排序 按投票排序

0 0

采纳的答案

应该是你的自定义地方有些ben的要求不能自动转化为要求的类型

2013年2月03日 10:14
0 0

:w[b][b][b]

引用
[/b][/b][/b]ink:

2014年8月07日 22:07
0 0

把这个访问决策管理器AccessDecisionManager 中的这两个方法返回至设为true即可 

          @Override
	public boolean supports(ConfigAttribute attribute) {
		return [color=red]true[/color];
	}

	@Override
	public boolean supports(Class<?> clazz) {
		return [color=red]true[/color];
	}

2014年1月08日 18:41
0 0

意思是你定义的AccessDecisionmanager不支持AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation  。


filterinvocation是对url请求进行过滤的实体。

2013年2月04日 00:02
0 0 

AccessDecisionManager does not support secure object class: class org.springframework.security.web.FilterInvocation  



  <b:bean id="myAccessDecisionManager" class="com.test.security.MyAccessDecisionManager"></b:bean>

第一个是出错地方
第二个看看你这个类定义

2013年2月02日 09:50

相关推荐

    Spring Security 资料合集

    - Spring Security 无缝集成于Spring MVC框架,可以方便地与Spring MVC的其他特性配合使用,如异常处理和模型映射。 10. **Spring Boot集成**: - 在Spring Boot项目中,Spring Security 可以通过自动配置快速...

    Spring Security in Action

    Spring Security 实践指南 Spring Security 是一个基于 Java 的安全框架,旨在提供身份验证、授权和访问控制等功能。下面是 Spring Security 的主要知识点: 一、身份验证(Authentication) 身份验证是指对用户...

    springsecurity学习笔记

    在"springsecurity学习笔记"中,你可能会涉及以下主题: - Spring Security的基本配置,包括web安全配置和全局安全配置。 - 如何自定义认证和授权流程,比如实现自定义的AuthenticationProvider和...

    SpringSecurity.pdf

    在用户、角色、权限、菜单之间,存在复杂的多对多关系,因此Spring Security需要相应的数据模型来支持这些关系,这通常涉及用户表、角色表、权限表、菜单表、以及它们之间的关联表。 Spring Security架构中的角色表...

    spring spring security2.5 jar

    在版本2.5时,Spring Security已经是一个成熟且功能丰富的安全框架,为开发者提供了一套强大的工具来管理用户的登录、权限控制以及会话管理。 在"spring security2.5 jar"中,包含了Spring Security框架的核心类和...

    Spring Cloud Gateway 整合 Spring Security 统一登录认证鉴权

    总的来说,将Spring Cloud Gateway与Spring Security相结合,可以构建出一套高效、安全的微服务认证系统,提高整体系统的稳定性和用户体验。这种整合不仅简化了微服务之间的交互,还增强了系统的安全性,是现代...

    spring security 完整项目实例

    Spring Security 是一个强大的安全框架,用于为Java应用提供身份验证和授权服务。在这个完整的项目实例中,我们将深入探讨Spring Security的核心概念以及如何将其应用于实际的Web应用程序开发。 首先,我们从用户、...

    spring security3 中文版本

    Spring Security 的目标是使开发人员能够快速地为应用程序添加安全功能,同时提供足够的灵活性来满足特定需求。 ##### 1.2 历史 Spring Security 的前身是 Acegi Security,它于 2004 年发布。2006 年,Acegi 被...

    SpringSecurity学习总结源代码

    SpringSecurity是Java开发中用于构建安全Web应用的框架,它提供了强大的身份验证、授权和访问控制功能。在本文中,我们将深入探讨SpringSecurity的核心概念、关键组件以及如何配置和使用这个框架。 首先,Spring...

    精彩:Spring Security 演讲PPT

    快速启动Spring Security 2.x,主要分为三个步骤: 1. **添加过滤器**: 在`web.xml`中加入`DelegatingFilterProxy`,用于将请求委托给Spring Security的过滤器链。 ```xml &lt;filter-name&gt;...

    Spring security认证授权

    - **访问决策管理器**:Spring Security使用`AccessDecisionManager`来决定用户是否可以访问某个资源。默认使用投票机制,根据用户的权限角色来决定。 - **访问控制表达式**:你可以使用`@PreAuthorize`和`@...

    spring security 官方文档

    5. **CSRF保护(Cross-Site Request Forgery)**:默认情况下,Spring Security提供了对CSRF攻击的防护,通过生成和验证CSRF令牌来确保只有合法的请求才能执行。 6. **Web安全(Web Security)**:对于基于Servlet...

    SpringSecurity从小白到大神.md

    ### Spring Security 入门篇详解 #### Spring Security 简介 Spring Security 是 Spring 家族中的一个重要组成部分,专门用于解决应用的安全管理问题。在 Spring Boot 出现之前,Spring Security 已经存在并发展了...

    SpringSecurity笔记,编程不良人笔记

    SpringSecurity是Java领域中一款强大的安全框架,主要用于Web应用程序的安全管理。它提供了全面的身份验证、授权、会话管理以及安全相关的功能,可以帮助开发者构建安全的Web应用。在本笔记中,我们将深入探讨Spring...

    spring-security 官方文档 中文版

    - **命名空间的设计**:Spring Security 提供了一个专用的 XML 命名空间来简化安全性配置。 - **开始使用安全命名空间配置**: - **配置 web.xml**:需要在 web.xml 中配置 Spring Security 的 Filter,以便处理 ...

    spring_security_3.1

    8. **自定义逻辑**:Spring Security允许开发者自定义几乎所有的安全逻辑,包括身份验证、授权和异常处理。这提供了极大的灵活性,可以根据项目需求进行扩展。 9. **RESTful安全**:3.1版本也支持保护RESTful服务,...

    SpringBoot+SpringSecurity+WebSocket

    总结来说,这个项目演示了如何在SpringBoot环境中,利用SpringSecurity保证安全性,结合WebSocket实现高效、实时的双向通信。这样的架构对于需要实时交互的Web应用,如在线聊天、实时股票交易、游戏等场景非常适用。...

    spring security 4.0.0所需jar包

    总的来说,Spring Security 4.0.0的这些jar包是构建安全、健壮的Java Web应用不可或缺的组件,它们提供了一套灵活且强大的工具,可以帮助开发者保护应用程序免受各种安全威胁。通过仔细阅读提供的Java文档和源代码,...

    SpringBoot+SpringSecurity处理Ajax登录请求问题(推荐)

    在本文中,我们将使用SpringBoot+SpringSecurity来处理Ajax登录请求问题。 知识点2:Ajax登录请求问题 在前后端分离的开发模式中,前端使用Vue来处理数据请求,而后台使用Spring Boot来处理数据交互。由于Ajax...

    最详细Spring Security学习资料(源码)

    会话管理:Spring Security支持对用户会话状态的管理,包括会话超时、并发控制、集群环境下的分布式会话管理等。 Web集成:Spring Security能够无缝集成到Spring框架和Spring MVC中,提供了过滤器、标签库等工具,...

Magicbox
Ask-but
我的问答 FAQ | 勋章

相关推荐

已解决问题

未解决问题

排行榜

Global site tag (gtag.js) - Google Analytics