替换 SESSION_MANAGEMENT_FILTER 位置的默认过滤器 [英] Replacing the default filter at position SESSION_MANAGEMENT_FILTER
问题描述
我想用我自己的替换默认的 SessionManagementFilter
,但我遇到了这个问题
I want to replace the default SessionManagementFilter
with my own, but I'm running into this
17:31:32,901 错误 [[/accounts]] 异常将上下文初始化事件发送到类 org.springframework.web.context.ContextLoaderListener 的侦听器实例org.springframework.beans.factory.parsing.BeanDefinitionParsingException:配置问题:过滤bean '
问题似乎是我使用了一个 <http>
元素/属性,它在同一位置设置了默认过滤器.然而,我不是(或者如果我是无意的).
The problem seems to be that I'm using an <http>
element/attribute that sets the default filter at the same position. I'm not however (or if I am its unintentional).
这是我的安全上下文
定义:
This is my security context <http>
definition:
<http use-expressions="true" auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- lots of intercept-url definitions (nothing else) -->
<custom-filter position="SESSION_MANAGEMENT_FILTER" ref="accountsSessionManageFilter"/>
<custom-filter position="FORM_LOGIN_FILTER" ref="accountsSsoFilter"/>
</http>
.......
<beans:bean id="accountsSessionManageFilter" class="org.springframework.security.web.session.SessionManagementFilter">
<beans:property name="sessionAuthenticationStrategy" ref="NullAuthenticatedSessionStrategy"/>
</beans:bean>
.......
<bean id="accountsSsoFilter" class="cayetano.core.base.service.impl.spring.filter.SsoUserPassAuthFilter">
<property name="authenticationManager" ref="ssoAuthManager" />
<property name="authenticationFailureHandler" ref="relativeLoginFailureHandler" />
<property name="authenticationSuccessHandler" ref="noopLoginSuccessHandler" />
<property name="authenticationService" ref="basicAuthenticatorService" />
<property name="authorityService" ref="userTypeBasedAuthotiryService" />
</bean>
那么为什么 Spring 会抱怨我使用了一个使用默认过滤器的 <http>
元素?
So why does Spring complain that I'm using an <http>
element that uses the default filter ?
文档还指出
是唯一使用默认过滤器的
元素,还有其他元素吗?
Also the documentation states that <session-management>
is the only <http>
element using the default filter, are there others ?
我使用的是 Spring Security 3.0.
I'm using Spring Security 3.0.
谢谢,
推荐答案
如果您尝试指定自定义 SESSION_MANAGEMENT_FILTER
以便您可以更改默认的 sessionAuthenticationStrategy
类/实例,只需使用 session-authentication-strategy-ref
属性:
If you are trying to specify a custom SESSION_MANAGEMENT_FILTER
so that you can change the sessionAuthenticationStrategy
of the default class/instance, just use the session-authentication-strategy-ref
attribute:
<http ...>
<session-management session-authentication-strategy-ref="NullAuthenticatedSessionStrategy"/>
</http>
这当然假设 NullAuthenticatedSessionStrategy
是上下文中定义的另一个 bean.由于这也是Spring Security中的一个类的名字,我想你真正想要的是:
This assumes of course that NullAuthenticatedSessionStrategy
is another bean defined in the context. Since this is also the name of a class in Spring Security, I think that what you really want is:
<http ...>
<session-management session-authentication-strategy-ref="sessionStrategy"/>
</http>
<bean id="sessionStrategy" class="org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy"/>
这篇关于替换 SESSION_MANAGEMENT_FILTER 位置的默认过滤器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!