使用名称'org.springframework.security.filterChains'Spring + Hibernate + UserDetailService创建bean时出错 [英] Error creating bean with name 'org.springframework.security.filterChains' Spring + Hibernate + UserDetailService

问题描述

我刚开始学习Spring Security，并且遇到了一些麻烦。我想在注册期间配置用户登录页面，其中密码和用户名存储在数据库中。我使用Hibernate。

我的错误堆栈：

  INFO：org .springframework.web.context.ContextLoader  - 根WebApplicationContext：初始化开始
 INFO：org.springframework.web.context.support.XmlWebApplicationContext  - 刷新根WebApplicationContext：启动日期[Mon Sep 30 16:16:07 EDT 2013] ;上下文层次结构的根
 INFO：org.springframework.beans.factory.xml.XmlBeanDefinitionReader  - 从ServletContext资源加载XML bean定义[/WEB-INF/spring/spring-context.xml] 
 INFO：org .springframework.beans.factory.xml.XmlBeanDefinitionReader  - 从ServletContext资源加载XML bean定义[/WEB-INF/spring/root-context.xml] 
 INFO：org.springframework.beans.factory.xml.XmlBeanDefinitionReader  - 从ServletContext资源加载XML bean定义[/WEB-INF/spring/security-context.xml] 
 INFO：org.springframework.beans.factory.support.DefaultListableBeanFactory  - 重写bean'guestBookDAOImpl'的bean定义：替换[泛型bean：class [demidov.pkg.persistence.GuestBookDAOImpl];范围=;抽象= FALSE; lazyInit = FALSE; autowireMode = 0; dependencyCheck = 0; autowireCandidate = TRUE;初级= FALSE; factoryBeanName = NULL; factoryMethodName = NULL; initMethodName = NULL; destroyMethodName = NULL;在[ServletContext资源[/WEB-INF/spring/spring-context.xml]]中定义了[Generic bean：class [demidov.pkg.persistence.GuestBookDAOImpl];范围=;抽象= FALSE; lazyInit = FALSE; autowireMode = 0; dependencyCheck = 0; autowireCandidate = TRUE;初级= FALSE; factoryBeanName = NULL; factoryMethodName = NULL; initMethodName = NULL; destroyMethodName = NULL;在ServletContext资源中定义[/WEB-INF/spring/security-context.xml]] 
 INFO：org.springframework.beans.factory.support.DefaultListableBeanFactory  - 在org.springframework.beans.factory中预先实例化单例。 support.DefaultListableBeanFactory@11dab12：定义bean [dataSource，sessionFactory，guestBookDAOImpl，org.springframework.aop.config.internalAutoProxyCreator，org.springframework.transaction.annotation.AnnotationTransactionAttributeSource＃0，org.springframework.transaction.interceptor.TransactionInterceptor＃0，org .springframework.transaction.config.internalTransactionAdvisor，transactionManager的，org.springframework.security.filterChains，org.springframework.security.filterChainProxy，org.springframework.security.web.DefaultSecurityFilterChain＃0，＃org.springframework.security.web.DefaultSecurityFilterChain 1 ，org.springframework.security.web.PortMapperImpl＃0，org.springframework.security.web.PortResolverImpl＃0，org.springframework.security.config.authentication.AuthenticationMa nagerFactoryBean＃0，org.springframework.security.authentication.ProviderManager＃0，org.springframework.security.web.context.HttpSessionSecurityContextRepository＃0，org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy＃0，org.springframework。 security.web.savedrequest.HttpSessionRequestCache＃0，org.springframework.security.access.vote.AffirmativeBased＃0，org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0，org.springframework.security.web.access。 DefaultWebInvocationPrivilegeEvaluator＃0，org.springframework.security.authentication.AnonymousAuthenticationProvider＃0，org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint＃0，org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter＃0，org.springframework。 security.userDetailsS​​erviceFactory，org.springframework.security.web.DefaultSecurityFilterChain＃2，org.springframework.security.authentication.dao.DaoAuthenticationProvider＃0，org.springfram ework.security.authentication.DefaultAuthenticationEventPublisher＃0，org.springframework.security.authenticationManager];工厂层次结构的根
 WARN：org.hibernate.internal.util.xml.DTDEntityResolver  -  HHH000223：已识别的过时hibernate命名空间http://hibernate.sourceforge.net/。改为使用命名空间http://www.hibernate.org/dtd/。参考Hibernate 3.6迁移指南！ 
 WARN：org.hibernate.internal.util.xml.DTDEntityResolver  -  HHH000223：识别过时的hibernate命名空间http://hibernate.sourceforge.net/。改为使用命名空间http://www.hibernate.org/dtd/。参考Hibernate 3.6迁移指南！ 
错误：org.hibernate.tool.hbm2ddl.SchemaUpdate  -  HHH000388：不成功：创建表USER_DESC（ID BIGINT NOT NULL AUTO_INCREMENT，USER_NAME为varchar（255），USER_PASS为varchar（255），USER_PRIV VARCHAR（255）默认ROLE_USER， USER_EMALE varchar（255），USER_GENDER varchar（255），主键（ID））
错误：org.hibernate.tool.hbm2ddl.SchemaUpdate  - 您的SQL语法错误;请检查第1行
 INFO：org的'ROLE_USER，USER_EMALE varchar（255），USER_GENDER varchar（255），主键（ID）'''附近的正确语法对应的MySQL服务器版本的手册。 springframework.beans.factory.support.DefaultListableBeanFactory  - 破坏org.springframework.beans.factory.support.DefaultListableBeanFactory@11dab12中的单例：定义bean [dataSource，sessionFactory，guestBookDAOImpl，org.springframework.aop.config.internalAutoProxyCreator，org.springframework。 transaction.annotation.AnnotationTransactionAttributeSource＃0，org.springframework.transaction.interceptor.TransactionInterceptor＃0，org.springframework.transaction.config.internalTransactionAdvisor，transactionManager的，org.springframework.security.filterChains，org.springframework.security.filterChainProxy，组织。 springframework.security.web.DefaultSecurityFilterChain＃0，org.springframework.security.web.DefaultSecurityFilterChain＃1，org.springframework.security.web.PortMapperImpl＃0，org.sprin gframework.security.web.PortResolverImpl＃0，org.springframework.security.config.authentication.AuthenticationManagerFactoryBean＃0，org.springframework.security.authentication.ProviderManager＃0，org.springframework.security.web.context.HttpSessionSecurityContextRepository＃0， org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy＃0，org.springframework.security.web.savedrequest.HttpSessionRequestCache＃0，org.springframework.security.access.vote.AffirmativeBased＃0，org.springframework.security。 web.access.intercept.FilterSecurityInterceptor＃0，org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator＃0，org.springframework.security.authentication.AnonymousAuthenticationProvider＃0，＃org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint 0，org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter＃0，org.springframework.security.userDetailsS​​erviceFactory，org.springframework.security.web.DefaultSe curityFilterChain＃2，org.springframework.security.authentication.dao.DaoAuthenticationProvider＃0，org.springframework.security.authentication.DefaultAuthenticationEventPublisher＃0，org.springframework.security.authenticationManager];工厂层次结构的根
错误：org.springframework.web.context.ContextLoader  - 上下文初始化失败
 org.springframework.beans.factory.BeanCreationException：创建名为'org.springframework.security.filterChains '：使用键[2]设置bean属性'sourceList'时，无法解析bean的引用'org.springframework.security.web.DefaultSecurityFilterChain＃2';嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.web.DefaultSecurityFilterChain＃2'创建bean时出错：无法解析对bean'org.springframework.security.web.access.intercept的引用。 FilterSecurityInterceptor＃0'，同时使用键[10]设置构造函数参数;嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'创建bean时出错：init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException：不支持的配置属性：[hasRole（'ROLE_USER'）] 
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:329）
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:107）
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList（BeanDefinitionValueResolver.java:353）
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues（AbstractAutowireCapableBeanFactory.java:1387）
处获得
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:154）在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean（AbstractAutowireCapableBeanFactory.java:1128）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean（AbstractAutowireCapableBeanFactory.java:519）
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean（AbstractAutowireCapableBeanFactory.java:458）
。在org.springframework.beans.factory.support.AbstractBeanFactory $ 1.getObject（AbstractBeanFactory.java:295）
 at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton（DefaultSingletonBeanRegistry.java:223）
在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean（AbstractBeanFactory.java:292）
在org.springframework.beans.factory.support.AbstractBeanFactory.getBean（AbstractBeanFactory.java:194）
在org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons（DefaultListableBeanFactory.java:610）
在org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitiali zation（AbstractApplicationContext.java:932）
 at org.springframework.context.support.AbstractApplicationContext.refresh（AbstractApplicationContext.java:479）
 at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext（ContextLoader。 Java的1：389）在$ org.springframework.web.context.ContextLoader.initWebApplicationContext（ContextLoader.java:294 b $ b）
在org.springframework.web.context.ContextLoaderListener.contextInitialized（ContextLoaderListener.java:112） 
 at org.apache.catalina.core.StandardContext.listenerStart（StandardContext.java:4701）
 at org.apache.catalina.core.StandardContext $ 1.call（StandardContext.java:5204）
在org.apache.catalina.core.StandardContext $ 1.call（StandardContext.java:5199）
在java.util.concurrent.FutureTask.run（FutureTask.java:262）
在java.util .concurrent.ThreadPoolExecutor.runWorker（ThreadPoolExecutor.java:1145）$ java.util.concurrent.ThreadPoolExecutor $ Worker中的
。运行（ThreadPoolExecutor.java:615）
在java.lang.Thread.run（Thread.java:724）
导致：org.springframework.beans.factory.BeanCreationException：创建bean名称为' org.springframework.security.web.DefaultSecurityFilterChain＃2'：当使用键[10]设置构造函数参数时，无法解析对bean'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'的引用。嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'创建bean时出错：init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException：不支持的配置属性：[hasRole（'ROLE_USER'）] 
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:329）
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:107）
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList（BeanDefinitionValueResolver.java:353）
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:154）
 at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments（ConstructorResolver.java:615）
 at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor（ConstructorResolver.java:148）
 at org.springframework.beans.factory.support.Abstr actAutowireCapableBeanFactory.autowireConstructor（AbstractAutowireCapableBeanFactory.java:1045）
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance（AbstractAutowireCapableBeanFactory.java:949）
位于org.springframework.beans.factory.support。 AbstractAutowireCapableBeanFactory.doCreateBean（AbstractAutowireCapableBeanFactory.java:487）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean（AbstractAutowireCapableBeanFactory.java:458）
 at org.springframework.beans.factory.support。 AbstractBeanFactory $ 1.getObject（AbstractBeanFactory.java:295）
在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton（DefaultSingletonBeanRegistry.java:223）
在org.springframework.beans.factory.support .AbstractBeanFactory.doGetBean（AbstractBeanFactory.java:292）
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean（AbstractBean Factory.java:194）
在org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:323）
 ... 24 more 
引起：org.springframework .beans.factory.BeanCreationException：使用名称'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'创建bean时出错：init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException：不支持的配置属性：[hasRole（'ROLE_USER'）] 
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean（AbstractAutowireCapableBeanFactory.java:1482）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean（AbstractAutowireCapableBeanFactory.java:521）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean（AbstractAutowireCapableBeanFactory.java:458）
在org.springframework.bectory.support.DefaultSingletonBeanRegistry.getSingleton（DefaultSingletonBeanRegistry.java:223）
在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean（AbstractBeanFactory.java:292）
 at org.springframework.beans.factory.support.AbstractBeanFactor y.getBean（AbstractBeanFactory.java:194）
在org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:323）
 ... 38 more 
引起：java.lang.IllegalArgumentException异常：不支持的配置属性：[hasRole（ 'ROLE_USER'）]在org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet（AbstractSecurityInterceptor.java:156）
 
。在有机.bringframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods（AbstractAutowireCapableBeanFactory.java:1541）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean（AbstractAutowireCapableBeanFactory.java:1479）
 .. 。45 more 
 2013年9月30日4:16:09 org.apache.catalina.core.StandardContext listenerStart 
 SEVERE：将异常发送上下文初始化事件给类org.springframework.web.context的监听器实例.ContextLoaderLi stener 
 org.springframework.beans.factory.BeanCreationException：创建名为'org.springframework.security.filterChains'的bean时出错：无法在设置时解析对bean'org.springframework.security.web.DefaultSecurityFilterChain＃2'的引用包含键[2]的bean属性'sourceList';嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.web.DefaultSecurityFilterChain＃2'创建bean时出错：无法解析对bean'org.springframework.security.web.access.intercept的引用。 FilterSecurityInterceptor＃0'，同时使用键[10]设置构造函数参数;嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'创建bean时出错：init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException：不支持的配置属性：[hasRole（'ROLE_USER'）] 
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:329）
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:107）
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList（BeanDefinitionValueResolver.java:353）
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues（AbstractAutowireCapableBeanFactory.java:1387）
处获得
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:154）在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean（AbstractAutowireCapableBeanFactory.java:1128）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean（AbstractAutowireCapableBeanFactory.java:519）
在org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean（AbstractAutowireCapableBeanFactory.java:458）
。在org.springframework.beans.factory.support.AbstractBeanFactory $ 1.getObject（AbstractBeanFactory.java:295）
 at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton（DefaultSingletonBeanRegistry.java:223）
在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean（AbstractBeanFactory.java:292）
在org.springframework.beans.factory.support.AbstractBeanFactory.getBean（AbstractBeanFactory.java:194）
在org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons（DefaultListableBeanFactory.java:610）
在org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitiali zation（AbstractApplicationContext.java:932）
 at org.springframework.context.support.AbstractApplicationContext.refresh（AbstractApplicationContext.java:479）
 at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext（ContextLoader。 Java的1：389）在$ org.springframework.web.context.ContextLoader.initWebApplicationContext（ContextLoader.java:294 b $ b）
在org.springframework.web.context.ContextLoaderListener.contextInitialized（ContextLoaderListener.java:112） 
 at org.apache.catalina.core.StandardContext.listenerStart（StandardContext.java:4701）
 at org.apache.catalina.core.StandardContext $ 1.call（StandardContext.java:5204）
在org.apache.catalina.core.StandardContext $ 1.call（StandardContext.java:5199）
在java.util.concurrent.FutureTask.run（FutureTask.java:262）
在java.util .concurrent.ThreadPoolExecutor.runWorker（ThreadPoolExecutor.java:1145）$ java.util.concurrent.ThreadPoolExecutor $ Worker中的
。运行（ThreadPoolExecutor.java:615）
在java.lang.Thread.run（Thread.java:724）
导致：org.springframework.beans.factory.BeanCreationException：创建bean名称为' org.springframework.security.web.DefaultSecurityFilterChain＃2'：当使用键[10]设置构造函数参数时，无法解析对bean'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'的引用。嵌套异常是org.springframework.beans.factory.BeanCreationException：使用名称'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'创建bean时出错：init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException异常：不支持的配置属性：[hasRole（ 'ROLE_USER'）]在org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference 
（BeanDefinitionValueResolver.java:329）
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:107）
 at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList（BeanDefinitionValueResolver.java:353）
 org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary（BeanDefinitionValueResolver.java:154）
 at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments（ConstructorResolver.java:615）
 at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor（ConstructorResolver.java:148）
 at org.springframework.beans.factory.support.Abstr actAutowireCapableBeanFactory.autowireConstructor（AbstractAutowireCapableBeanFactory.java:1045）
位于org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance（AbstractAutowireCapableBeanFactory.java:949）
位于org.springframework.beans.factory.support。 AbstractAutowireCapableBeanFactory.doCreateBean（AbstractAutowireCapableBeanFactory.java:487）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean（AbstractAutowireCapableBeanFactory.java:458）
 at org.springframework.beans.factory.support。 AbstractBeanFactory $ 1.getObject（AbstractBeanFactory.java:295）
在org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton（DefaultSingletonBeanRegistry.java:223）
在org.springframework.beans.factory.support .AbstractBeanFactory.doGetBean（AbstractBeanFactory.java:292）
 at org.springframework.beans.factory.support.AbstractBeanFactory.getBean（AbstractBean Factory.java:194）
在org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:323）
 ... 24 more 
引起：org.springframework .beans.factory.BeanCreationException：使用名称'org.springframework.security.web.access.intercept.FilterSecurityInterceptor＃0'创建bean时出错：init方法的调用失败;嵌套异常是java.lang.IllegalArgumentException：不支持的配置属性：[hasRole（'ROLE_USER'）] 
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean（AbstractAutowireCapableBeanFactory.java:1482）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean（AbstractAutowireCapableBeanFactory.java:521）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean（AbstractAutowireCapableBeanFactory.java:458）
在org.springframework.bectory.support.DefaultSingletonBeanRegistry.getSingleton（DefaultSingletonBeanRegistry.java:223）
在org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean（AbstractBeanFactory.java:292）
 at org.springframework.beans.factory.support.AbstractBeanFactor y.getBean（AbstractBeanFactory.java:194）
在org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference（BeanDefinitionValueResolver.java:323）
 ... 38 more 
引起：java.lang.IllegalArgumentException异常：不支持的配置属性：[hasRole（ 'ROLE_USER'）]在org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet（AbstractSecurityInterceptor.java:156）
 
。在有机.bringframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods（AbstractAutowireCapableBeanFactory.java:1541）
 at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean（AbstractAutowireCapableBeanFactory.java:1479）
 .. 。45 more 
  

添加Spring Security后，我无法访问任何jsp页面。

我的spring-context.xml

 < security：http pattern =/留言簿security =无/> 
< security：http pattern =/ regestrationsecurity =none/> 
 
< security：http auto-config =true> 
 
< security：intercept-url pattern =/ user / *access =hasRole（'ROLE_USER'）/> 
 
< / security：http> 
 
< security：authentication-manager> 
 
< security：authentication-provider user-service-ref =guestBookDAOImpl/> 
 
< / security：authentication-manager> 
 
< bean id =guestBookDAOImplclass =demidov.pkg.persistence.GuestBookDAOImpl/> 
  

使用Spring Security的UserDetailsS​​ervice实现My dao impl：

  @Transactional 
公共类GuestBookDAOImpl实现了GuestBookDAOIF，UserDetailsS​​ervice {
 
 
 public SessionFactory sessionFactory; 
 
 public void setSessionFactory（SessionFactory sessionFactory）{
 this.sessionFactory = sessionFactory; 
} 
 
 
 @SuppressWarnings（unchecked）
 @Override 
 public List< UserMessage> fetchAll（）{
 return sessionFactory.getCurrentSession（）。createQuery（从UserMessage userMessage中选择userMessage）。 
 
 
 
 $ b @SuppressWarnings（unchecked）
 @Override 
 public User fetchAllUsers（String userName）{
 
 return（User）sessionFactory.getCurrentSession（）。createQuery（从用户user中选择用户，其中user.userName =：name）
 .setParameter（name，userName）.uniqueResult（）; 
 
 
 
 $ b @Override 
 public UserDetails loadUserByUsername（String userName）
 throws UsernameNotFoundException {
 
 org .springframework.security.core.userdetails.User用户; 
 
设置<授权授权> userroles = new HashSet< GrantedAuthority>（）; 
 
用户myuser = fetchAllUsers（userName）; 
 
 userroles.add（myuser）; 
 $ b $ user = new org.springframework.security.core.userdetails.User（myuser.getUserName（），myuser.getUserPassword（），true，true，true，true，userroles）; 
 
返回用户; 
} 
  

我的使用者实体：

  public class User实现Serializable，GrantedAuthority {
 
 
 private static final long serialVersionUID = -1576600424405883465L; 
 
 
私人长userId; 
 
 public long getUserId（）{
 return userId; 
} 
 
 public void setUserId（long userId）{
 this.userId = userId; 
} 
 
 
 private String userName; 
 
 public String getUserName（）{
 return userName; 
} 
 
 public void setUserName（String userName）{
 this.userName = userName; 
} 
 
 
 private String userPassword; 
 
 public String getUserPassword（）{
 return userPassword; 
} 
 
 public void setUserPassword（String userPassword）{
 this.userPassword = userPassword; 
} 
 
 
 private String userRole; 
 
 public String getUserRole（）{
 return userRole; 
} 
 
 public void setUserRole（String userRole）{
 this.userRole = userRole; 
} 
 
 
 private String userEmale; 
 
 public String getUserEmale（）{
 return userEmale; 
} 
 
 public void setUserEmale（String userEmale）{
 this.userEmale = userEmale; 
} 
 
 
私人字符串userGender; 
 
 public String getUserGender（）{
 return userGender; 
} 
 
 public void setUserGender（String userGender）{
 this.userGender = userGender; 
} 
 
 
私人< UserMessage> userMessageList = new HashSet< UserMessage>（）; 
 
 public Set< UserMessage> getUserMessageList（）{
返回userMessageList; 
} 
 
 public void setUserMessageList（Set< UserMessage> userMessageList）{
 this.userMessageList = userMessageList; 
} 
 
 @Override 
 public String getAuthority（）{
 return getUserRole（）; 
 
 
 
 $ b  

Hibernate mapping xml返回用户实体：

 < hibernate-mapping> 
 
< class name =demidov.pkg.domain.Usertable =USER_DESC> 
 
 <！ - 主密钥ID将根据数据库配置生成 - > 
< id name =userIdcolumn =ID> 
< generator class =native>< / generator> 
< / id> 
 
< property name =userNamecolumn =USER_NAMEunique =true/> 
 
< property name =userPasswordcolumn =USER_PASS/> 
 
< property name =userRole> 
< column name =USER_PRIVdefault =ROLE_USER/> 
< / property> 
 
< property name =userEmalecolumn =USER_EMALEunique =true/> 
 
< property name =userGendercolumn =USER_GENDER/> 
 
 
 <！ - 用户是关系的所有者，用户的所有更改都会影响UserMessage实体 - > 
< set name =userMessageListinverse =truelazy =falsefetch =selectcascade =all> 
 
< key> 
< column name =USER_IDnot-null =true/> 
< / key> 
 
<一对多等级=demidov.pkg.domain.UserMessage/> 
 
< / set> 
 
< / class> 
 
< / hibernate-mapping> 
  

请帮助我。我很困惑什么是：GrantedAuthority，UserDetails，User以及它们如何与Spring Security的xml配置一起工作。
$ b

谢谢。

<解决方案

< security：http auto-config =true>


用以下内容替换本节：

 < security：http auto-config =trueuse-expressions =true> 
  

注意：

作为一个我注意到的代码和注释，我怀疑你从GuestBookDAOImpl注入了SessionFactory，这就导致了在DAO层上调用方法的NPE。 Inject it either from xml config or annotations.

I just started to learn Spring Security and have some trouble. I want to configure User login on page with password and username which stored in database during registration. I use Hibernate.

My error stack:

INFO : org.springframework.web.context.ContextLoader - Root WebApplicationContext: initialization started
INFO : org.springframework.web.context.support.XmlWebApplicationContext - Refreshing Root WebApplicationContext: startup date [Mon Sep 30 16:16:07 EDT 2013]; root of context hierarchy
INFO : org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/spring-context.xml]
INFO : org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/root-context.xml]
INFO : org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/security-context.xml]
INFO : org.springframework.beans.factory.support.DefaultListableBeanFactory - Overriding bean definition for bean 'guestBookDAOImpl': replacing [Generic bean: class [demidov.pkg.persistence.GuestBookDAOImpl]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/spring/spring-context.xml]] with [Generic bean: class [demidov.pkg.persistence.GuestBookDAOImpl]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null; defined in ServletContext resource [/WEB-INF/spring/security-context.xml]]
INFO : org.springframework.beans.factory.support.DefaultListableBeanFactory - Pre-instantiating singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@11dab12: defining beans [dataSource,sessionFactory,guestBookDAOImpl,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,transactionManager,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager]; root of factory hierarchy
WARN : org.hibernate.internal.util.xml.DTDEntityResolver - HHH000223: Recognized obsolete hibernate namespace http://hibernate.sourceforge.net/. Use namespace http://www.hibernate.org/dtd/ instead. Refer to Hibernate 3.6 Migration Guide!
WARN : org.hibernate.internal.util.xml.DTDEntityResolver - HHH000223: Recognized obsolete hibernate namespace http://hibernate.sourceforge.net/. Use namespace http://www.hibernate.org/dtd/ instead. Refer to Hibernate 3.6 Migration Guide!
ERROR: org.hibernate.tool.hbm2ddl.SchemaUpdate - HHH000388: Unsuccessful: create table USER_DESC (ID bigint not null auto_increment, USER_NAME varchar(255), USER_PASS varchar(255), USER_PRIV varchar(255) default ROLE_USER, USER_EMALE varchar(255), USER_GENDER varchar(255), primary key (ID))
ERROR: org.hibernate.tool.hbm2ddl.SchemaUpdate - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'ROLE_USER, USER_EMALE varchar(255), USER_GENDER varchar(255), primary key (ID))' at line 1
INFO : org.springframework.beans.factory.support.DefaultListableBeanFactory - Destroying singletons in org.springframework.beans.factory.support.DefaultListableBeanFactory@11dab12: defining beans [dataSource,sessionFactory,guestBookDAOImpl,org.springframework.aop.config.internalAutoProxyCreator,org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0,org.springframework.transaction.interceptor.TransactionInterceptor#0,org.springframework.transaction.config.internalTransactionAdvisor,transactionManager,org.springframework.security.filterChains,org.springframework.security.filterChainProxy,org.springframework.security.web.DefaultSecurityFilterChain#0,org.springframework.security.web.DefaultSecurityFilterChain#1,org.springframework.security.web.PortMapperImpl#0,org.springframework.security.web.PortResolverImpl#0,org.springframework.security.config.authentication.AuthenticationManagerFactoryBean#0,org.springframework.security.authentication.ProviderManager#0,org.springframework.security.web.context.HttpSessionSecurityContextRepository#0,org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy#0,org.springframework.security.web.savedrequest.HttpSessionRequestCache#0,org.springframework.security.access.vote.AffirmativeBased#0,org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0,org.springframework.security.web.access.DefaultWebInvocationPrivilegeEvaluator#0,org.springframework.security.authentication.AnonymousAuthenticationProvider#0,org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.userDetailsServiceFactory,org.springframework.security.web.DefaultSecurityFilterChain#2,org.springframework.security.authentication.dao.DaoAuthenticationProvider#0,org.springframework.security.authentication.DefaultAuthenticationEventPublisher#0,org.springframework.security.authenticationManager]; root of factory hierarchy
ERROR: org.springframework.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#2' while setting bean property 'sourceList' with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#2': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:154)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1387)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1128)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:610)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4701)
    at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:5204)
    at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:5199)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#2': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:154)
    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:615)
    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1045)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:949)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
    ... 24 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1482)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
    ... 38 more
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:156)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1541)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1479)
    ... 45 more
Sep 30, 2013 4:16:09 PM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#2' while setting bean property 'sourceList' with key [2]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#2': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:154)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1387)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1128)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:610)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:932)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:479)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:389)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:294)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:112)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4701)
    at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:5204)
    at org.apache.catalina.core.StandardContext$1.call(StandardContext.java:5199)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#2': Cannot resolve reference to bean 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0' while setting constructor argument with key [10]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:154)
    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:615)
    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1045)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:949)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:487)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
    ... 24 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1482)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:521)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:292)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:323)
    ... 38 more
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [hasRole('ROLE_USER')]
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:156)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1541)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1479)
    ... 45 more

I can not get access any jsp pages after I add Spring Security.

My spring-context.xml

<security:http pattern="/guestbook" security="none" />
        <security:http pattern="/regestration" security="none" />

        <security:http auto-config="true">

            <security:intercept-url pattern="/user/*" access="hasRole('ROLE_USER')"/>

        </security:http>

        <security:authentication-manager>

            <security:authentication-provider user-service-ref="guestBookDAOImpl"/>

        </security:authentication-manager>

        <bean id="guestBookDAOImpl" class="demidov.pkg.persistence.GuestBookDAOImpl"/>

My dao impl implemented with UserDetailsService from Spring Security:

@Transactional
public class GuestBookDAOImpl implements GuestBookDAOIF, UserDetailsService {


    public SessionFactory sessionFactory;

    public void setSessionFactory(SessionFactory sessionFactory) {
        this.sessionFactory = sessionFactory;
    }


  @SuppressWarnings("unchecked")
@Override
public  List<UserMessage> fetchAll() {
    return sessionFactory.getCurrentSession().createQuery("select userMessage from UserMessage userMessage").list();
}



    @SuppressWarnings("unchecked")
    @Override
    public User fetchAllUsers(String userName) {

        return(User)sessionFactory.getCurrentSession().createQuery("select user from User user where user.userName=:name")
                                                                                .setParameter("name", userName) .uniqueResult();
    }



    @Override
    public UserDetails loadUserByUsername(String userName)
                                    throws UsernameNotFoundException {

        org.springframework.security.core.userdetails.User user;

        Set<GrantedAuthority> userroles = new HashSet<GrantedAuthority>();

        User myuser = fetchAllUsers(userName);

        userroles.add(myuser);

        user = new org.springframework.security.core.userdetails.User(myuser.getUserName(), myuser.getUserPassword(), true, true, true, true, userroles);

        return user;
    }

My User entity:

public class User implements Serializable, GrantedAuthority {


    private static final long serialVersionUID = -1576600424405883465L;


    private long userId;

    public long getUserId() {
        return userId;
    }

    public void setUserId(long userId) {
        this.userId = userId;
    }


    private String userName;

    public String getUserName() {
        return userName;
    }

    public void setUserName(String userName) {
        this.userName = userName;
    }


    private String userPassword;

    public String getUserPassword() {
        return userPassword;
    }

    public void setUserPassword(String userPassword) {
        this.userPassword = userPassword;
    }


    private String userRole;

    public String getUserRole() {
        return userRole;
    }

    public void setUserRole(String userRole) {
        this.userRole = userRole;
    }


    private String userEmale;

    public String getUserEmale() {
        return userEmale;
    }

    public void setUserEmale(String userEmale) {
        this.userEmale = userEmale;
    }


    private String userGender;

    public String getUserGender() {
        return userGender;
    }

    public void setUserGender(String userGender) {
        this.userGender = userGender;
    }


    private Set<UserMessage> userMessageList = new HashSet<UserMessage>();

    public Set<UserMessage> getUserMessageList() {
        return userMessageList;
    }

    public void setUserMessageList(Set<UserMessage> userMessageList) {
        this.userMessageList = userMessageList;
    }

    @Override
    public String getAuthority() {
        return getUserRole();
    }


}

Hibernate mapping xml fro user entity:

<hibernate-mapping>

        <class name="demidov.pkg.domain.User" table="USER_DESC">

            <!-- Primary key ID will be generated depends on database configuration -->
            <id name="userId" column="ID">
                <generator class="native"></generator>
            </id>

            <property name="userName" column="USER_NAME" unique="true" />

            <property name="userPassword" column="USER_PASS"/>

            <property name="userRole" >
                <column name="USER_PRIV" default="ROLE_USER"/> 
            </property>

            <property name="userEmale" column="USER_EMALE" unique="true"/>

            <property name="userGender" column="USER_GENDER" />


            <!-- User is owner of relationships, all changes on user will effect UserMessage entity -->
            <set name="userMessageList" inverse="true" lazy="false" fetch="select" cascade="all">

                <key>
                    <column name="USER_ID" not-null="true"/>
                </key>

                <one-to-many class="demidov.pkg.domain.UserMessage" />

            </set>

        </class>

    </hibernate-mapping>

Please help me. I'm confused what is what: GrantedAuthority, UserDetails, User and how they work with xml configuration of Spring Security.

Thanks.

解决方案

 <security:http auto-config="true">

replace this section with the following:

 <security:http auto-config="true" use-expressions="true">

Note:

As a side note i see from the code and from comment i doubt you have injected SessionFactory from GuestBookDAOImpl, thats causes NPE upon method call on the DAO layer. Inject it either from xml config or annotations.

这篇关于使用名称'org.springframework.security.filterChains'Spring + Hibernate + UserDetailService创建bean时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！