替换 SESSION_MANAGEMENT_FILTER 位置的默认过滤器 [英] Replacing the default filter at position SESSION_MANAGEMENT_FILTER

问题描述

我想用我自己的替换默认的 SessionManagementFilter，但我遇到了这个问题

I want to replace the default SessionManagementFilter with my own, but I'm running into this

17:31:32,901 错误 [[/accounts]] 异常将上下文初始化事件发送到类 org.springframework.web.context.ContextLoaderListener 的侦听器实例org.springframework.beans.factory.parsing.BeanDefinitionParsingException:配置问题:过滤bean ''和'根bean:类[org.springframework.security.web.session.SessionManagementFilter];范围=;抽象=假；懒惰初始化=假；autowireMode=0;依赖检查=0；autowireCandidate=真；主要=假；factoryBeanName=null;工厂方法名=空；initMethodName=null;destroyMethodName=null' 具有相同的 'order' 值.使用自定义过滤器时，请确保位置不与默认过滤器冲突.或者，您可以通过从 <http> 中删除相应的子元素来禁用默认过滤器.并避免使用 <http auto-config='true'>.违规资源:ServletContext资源[/WEB-INF/spring-contexts/security.xml]

问题似乎是我使用了一个 <http> 元素/属性，它在同一位置设置了默认过滤器.然而，我不是(或者如果我是无意的).

The problem seems to be that I'm using an <http> element/attribute that sets the default filter at the same position. I'm not however (or if I am its unintentional).

这是我的安全上下文定义:

This is my security context <http> definition:

<http use-expressions="true" auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">

    <!-- lots of intercept-url definitions (nothing else) -->

    <custom-filter position="SESSION_MANAGEMENT_FILTER" ref="accountsSessionManageFilter"/>
    <custom-filter position="FORM_LOGIN_FILTER" ref="accountsSsoFilter"/>
</http>

.......

<beans:bean id="accountsSessionManageFilter" class="org.springframework.security.web.session.SessionManagementFilter">
    <beans:property name="sessionAuthenticationStrategy" ref="NullAuthenticatedSessionStrategy"/>
</beans:bean>

.......

<bean id="accountsSsoFilter" class="cayetano.core.base.service.impl.spring.filter.SsoUserPassAuthFilter">
    <property name="authenticationManager" ref="ssoAuthManager" />

    <property name="authenticationFailureHandler" ref="relativeLoginFailureHandler" />
    <property name="authenticationSuccessHandler" ref="noopLoginSuccessHandler" />

    <property name="authenticationService" ref="basicAuthenticatorService" />
    <property name="authorityService" ref="userTypeBasedAuthotiryService" />
</bean>

那么为什么 Spring 会抱怨我使用了一个使用默认过滤器的 <http> 元素?

So why does Spring complain that I'm using an <http> element that uses the default filter ?

文档还指出 是唯一使用默认过滤器的 元素，还有其他元素吗?

Also the documentation states that <session-management> is the only <http> element using the default filter, are there others ?

我使用的是 Spring Security 3.0.

I'm using Spring Security 3.0.

谢谢，

推荐答案

如果您尝试指定自定义 SESSION_MANAGEMENT_FILTER 以便您可以更改默认的 sessionAuthenticationStrategy类/实例，只需使用 session-authentication-strategy-ref 属性:

If you are trying to specify a custom SESSION_MANAGEMENT_FILTER so that you can change the sessionAuthenticationStrategy of the default class/instance, just use the session-authentication-strategy-ref attribute:

<http ...>
    <session-management session-authentication-strategy-ref="NullAuthenticatedSessionStrategy"/>
</http>

这当然假设 NullAuthenticatedSessionStrategy 是上下文中定义的另一个 bean.由于这也是Spring Security中的一个类的名字，我想你真正想要的是:

This assumes of course that NullAuthenticatedSessionStrategy is another bean defined in the context. Since this is also the name of a class in Spring Security, I think that what you really want is:

<http ...>
    <session-management session-authentication-strategy-ref="sessionStrategy"/>
</http>

<bean id="sessionStrategy" class="org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy"/>

这篇关于替换 SESSION_MANAGEMENT_FILTER 位置的默认过滤器的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！