设置Spring Security：从元素'security：http'开始发现无效内容 [英] Setting up Spring Security: Invalid content was found starting with element 'security:http'

问题描述

我正在尝试将spring-security配置为这里似乎已经限制了我对XML文件如何工作的理解。

I'm trying to configure spring-security as found here and seem to have run into a limitation of my understanding of how the XML files work.

按照我的指示，我添加了对applicationContext.xml的安全性如下：

As instructed I've added spring security to applicationContext.xml as follows:

<beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:p="http://www.springframework.org/schema/p"
   xmlns:aop="http://www.springframework.org/schema/aop"
   xmlns:tx="http://www.springframework.org/schema/tx"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"
   xmlns:context="http://www.springframework.org/schema/context" 
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:security="http://www.springframework.org/schema/security">

该步骤正常展开。

I然后转到web.xml并添加：

I then went to web.xml and added:

<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

仍然可以正常部署。

I然后尝试添加

<http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</http>

其中我也试过

<security:http auto-config='true'>
    <intercept-url pattern="/**" access="ROLE_USER" />
</security:http>

在这两种情况下，当我尝试部署应用程序时发现错误：

In both cases I saw an error when I tried to deploy the application:

Error occurred during deployment: Exception while deploying the app [OmegaRM] : org.xml.sax.SAXParseException; lineNumber: 53; columnNumber: 39; Deployment descriptor file WEB-INF/web.xml in archive [web].  cvc-complex-type.2.4.a: Invalid content was found starting with element 'security:http'. One of '{"http://xmlns.jcp.org/xml/ns/javaee":module-name, "http://xmlns.jcp.org/xml/ns/javaee":description, "http://xmlns.jcp.org/xml/ns/javaee":display-name, "http://xmlns.jcp.org/xml/ns/javaee":icon, "http://xmlns.jcp.org/xml/ns/javaee":distributable, "http://xmlns.jcp.org/xml/ns/javaee":context-param, "http://xmlns.jcp.org/xml/ns/javaee":filter, "http://xmlns.jcp.org/xml/ns/javaee":filter-mapping, "http://xmlns.jcp.org/xml/ns/javaee":listener, "http://xmlns.jcp.org/xml/ns/javaee":servlet, "http://xmlns.jcp.org/xml/ns/javaee":servlet-mapping, "http://xmlns.jcp.org/xml/ns/javaee":session-config, "http://xmlns.jcp.org/xml/ns/javaee":mime-mapping, "http://xmlns.jcp.org/xml/ns/javaee":welcome-file-list, "http://xmlns.jcp.org/xml/ns/javaee":error-page, "http://xmlns.jcp.org/xml/ns/javaee":jsp-config, "http://xmlns.jcp.org/xml/ns/javaee":security-constraint, "http://xmlns.jcp.org/xml/ns/javaee":login-config, "http://xmlns.jcp.org/xml/ns/javaee":security-role, "http://xmlns.jcp.org/xml/ns/javaee":env-entry, "http://xmlns.jcp.org/xml/ns/javaee":ejb-ref, "http://xmlns.jcp.org/xml/ns/javaee":ejb-local-ref, "http://xmlns.jcp.org/xml/ns/javaee":service-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-env-ref, "http://xmlns.jcp.org/xml/ns/javaee":message-destination-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-context-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-unit-ref, "http://xmlns.jcp.org/xml/ns/javaee":post-construct, "http://xmlns.jcp.org/xml/ns/javaee":pre-destroy, "http://xmlns.jcp.org/xml/ns/javaee":data-source, "http://xmlns.jcp.org/xml/ns/javaee":jms-connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":jms-destination, "http://xmlns.jcp.org/xml/ns/javaee":mail-session, "http://xmlns.jcp.org/xml/ns/javaee":connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":administered-object, "http://xmlns.jcp.org/xml/ns/javaee":message-destination, "http://xmlns.jcp.org/xml/ns/javaee":locale-encoding-mapping-list, "http://xmlns.jcp.org/xml/ns/javaee":deny-uncovered-http-methods, "http://xmlns.jcp.org/xml/ns/javaee":absolute-ordering}' is expected.. Please see server.log for more details.

我不明白配置中缺少什么来显示此错误。我已尝试为标记添加安全性，如下所示并没有区别：

I don't understand what I'm missing from the configuration to make this error appear. I've tried adding security to the tag as follows and it made no difference:

<web-app version="3.1" 
     xmlns="http://xmlns.jcp.org/xml/ns/javaee" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns:security="http://www.springframework.org/schema/security"
     xsi:schemaLocation="
        http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

我确实发现了同样的错误：

I did find this question with the same error:

Spring Security初学者的问题。构建失败

虽然推荐的解决方案是使用我已经尝试过的安全命名空间。

The solution recommended there though was to use the security namespace which I've already tried.

所以我的问题是，是否有人知道我在这里做错了吗？

So my question is whether anyone knows what I'm doing wrong here please?

如果可能的话，我也非常感谢有关如何确定Spring中哪些文件应该配置的链接和/或更一般的解释以及它们的全部内容粘在一起！到目前为止，我已经运行了一些应用程序，但我不觉得我正确地理解了我为使它们工作所做的一切！

If possible I'd also really appreciate a link to and/or a more general explanation of how to determine what configuration should go in what files in Spring and how it all glues together! So far I've got a few applications running but I don't feel like I properly understand just what I've done to make them work!

我添加了以下JAR到项目库：

I've added the following JARs to the project Libraries:

推荐答案

您的 url-intercept 也需要安全命名空间。

Your url-intercept needs the security namespace as well.

<security:intercept-url pattern="/**" access="ROLE_USER" />

如果你的安全配置在它自己的应用程序配置xml中，你可以使用安全性作为默认命名空间，因此，避免使用 security：为所有内容添加前缀。例如：

If your security config is in it's own application config xml, you can use security as the default namespace, thus avoid having to prefix everything with security:. For example:

<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security.xsd">


   <http auto-config='true'>
       <intercept-url pattern="/**" access="ROLE_USER" />
   </http>
   ...
</beans:beans>

然后，从主应用程序配置中，您可以导入安全配置。例如，假设您的安全配置是名称security-application-config.xml，您可以像这样导入它。

Then from your main application config, you can import the security config. For example, let's say your security config was name security-application-config.xml, you could import it like so.

//in your application-config.xml 
<import resource="security-application-config.xml"/>
<import resource="mongo-application-config.xml"/>

这篇关于设置Spring Security：从元素'security：http'开始发现无效内容的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！