Spring Security不支持的配置属性 [英] Spring security unsupported configuration attributes
问题描述
我有以下代码段
<http use-expressions="true" auto-config="false"
entry-point-ref="loginUrlAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager" disable-url-rewriting="false">
<!--<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter"
/> -->
<custom-filter position="FORM_LOGIN_FILTER"
ref="usernamePasswordAuthenticationFilter" />
<custom-filter position="LOGOUT_FILTER" ref="tapLockFilter" />
<intercept-url pattern="/session/**" access="permitAll" />
<intercept-url pattern="/deviceregistration/**" access="permitAll" />
<intercept-url pattern="/session/lock" access="hasRole('ROLE_MEMBER')" />
<intercept-url pattern="/app/resources/admin*" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/app/SuperAppdashboard*" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/app/*" access="hasRole('ROLE_MEMBER')" />
<!--<session-management invalid-session-url="/tizelytics/session/invalidSession"
session-authentication-error-url="/tizelytics/session/accessDenied" session-authentication-strategy-ref="sas">
</session-management> -->
<session-management invalid-session-url="/session/invalidSession"
session-authentication-error-url="/session/accessDenied"
session-fixation-protection="none">
<concurrency-control max-sessions="1"
expired-url="/session/accessExpired" />
</session-management>
</http>
当我在服务器上运行它时,它抛出一个异常提示
When i run this on server it throws an exception saying
不受支持的配置属性:[permitAll,permitAll,hasRole('ROLE_ADMIN'),hasRole('ROLE_ADMIN'),hasRole('ROLE_MEMBER'),hasRole('ROLE_MEMBER')]
Unsupported configuration attributes: [permitAll, permitAll, hasRole('ROLE_ADMIN'), hasRole('ROLE_ADMIN'), hasRole('ROLE_MEMBER'), hasRole('ROLE_MEMBER')]
这是我位于同一xml中的access-decision-manager bean
here is my access-decision-manager bean within the same xml
<beans:bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:constructor-arg>
<beans:list>
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
</beans:list>
</beans:constructor-arg>
</beans:bean>
如果我删除了access-decision-manager-ref ,则不会引发任何异常,应用会正确启动,有人可以请教吗?
If i remove the access-decision-manager-ref no exception is thrown the app launches correctly can anyone please advice?
推荐答案
由于您正在定义自己的accessDecisionManager
,因此我看不到WebExpressionVoter
作为其列表中的bean之一. WebExpressionVoter
解析诸如permitAll()
,hasRole()
,hasAuthority()
等的字符串.因此,您的accessDecisionManager
bean应该是:
Since you are defining your own accessDecisionManager
, I don't see WebExpressionVoter
as one of the beans in its list. WebExpressionVoter
resolves strings like permitAll()
, hasRole()
, hasAuthority()
, etc. So, your accessDecisionManager
bean should be:
<beans:bean id="accessDecisionManager"
class="org.springframework.security.access.vote.AffirmativeBased">
<beans:constructor-arg>
<beans:list>
<beans:bean
class="org.springframework.security.access.vote.AuthenticatedVoter" />
<beans:bean class="org.springframework.security.access.vote.RoleVoter" />
<beans:bean class="org.springframework.security.web.access.expression.WebExpressionVoter" />
</beans:list>
</beans:constructor-arg>
</beans:bean>
这篇关于Spring Security不支持的配置属性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!