Spring security 不支持的配置属性 [英] Spring security unsupported configuration attributes

问题描述

我有以下片段

<http use-expressions="true" auto-config="false"
        entry-point-ref="loginUrlAuthenticationEntryPoint"
        access-decision-manager-ref="accessDecisionManager" disable-url-rewriting="false">
        <!--<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter"
            /> -->
        <custom-filter position="FORM_LOGIN_FILTER"
            ref="usernamePasswordAuthenticationFilter" />
        <custom-filter position="LOGOUT_FILTER" ref="tapLockFilter" />

        <intercept-url pattern="/session/**" access="permitAll" />
        <intercept-url pattern="/deviceregistration/**" access="permitAll" />
        <intercept-url pattern="/session/lock" access="hasRole('ROLE_MEMBER')" />
        <intercept-url pattern="/app/resources/admin*" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/app/SuperAppdashboard*" access="hasRole('ROLE_ADMIN')" />
        <intercept-url pattern="/app/*" access="hasRole('ROLE_MEMBER')" />


        <!--<session-management invalid-session-url="/tizelytics/session/invalidSession"
            session-authentication-error-url="/tizelytics/session/accessDenied" session-authentication-strategy-ref="sas">
            </session-management> -->

        <session-management invalid-session-url="/session/invalidSession"
            session-authentication-error-url="/session/accessDenied"
            session-fixation-protection="none">
            <concurrency-control max-sessions="1"
                expired-url="/session/accessExpired" />
        </session-management>
</http>

当我在服务器上运行它时它抛出一个异常说

When i run this on server it throws an exception saying

不支持的配置属性:[permitAll, permitAll, hasRole('ROLE_ADMIN'), hasRole('ROLE_ADMIN'), hasRole('ROLE_MEMBER'), hasRole('ROLE_MEMBER')]

Unsupported configuration attributes: [permitAll, permitAll, hasRole('ROLE_ADMIN'), hasRole('ROLE_ADMIN'), hasRole('ROLE_MEMBER'), hasRole('ROLE_MEMBER')]

这是我在同一个 xml 中的 access-decision-manager bean

here is my access-decision-manager bean within the same xml

<beans:bean id="accessDecisionManager"
        class="org.springframework.security.access.vote.AffirmativeBased">
        <beans:constructor-arg>
            <beans:list>
                <beans:bean
                    class="org.springframework.security.access.vote.AuthenticatedVoter" />
                <beans:bean class="org.springframework.security.access.vote.RoleVoter" />
            </beans:list>
        </beans:constructor-arg>
</beans:bean>

如果我删除 access-decision-manager-ref 不会抛出任何异常，应用程序会正确启动，有人可以请教吗?

If i remove the access-decision-manager-ref no exception is thrown the app launches correctly can anyone please advice?

推荐答案

由于您正在定义自己的 accessDecisionManager，我不认为 WebExpressionVoter 是 bean 之一在其列表中.WebExpressionVoter 解析像 permitAll()、hasRole()、hasAuthority() 等字符串.所以，你的 accessDecisionManager bean 应该是:

Since you are defining your own accessDecisionManager, I don't see WebExpressionVoter as one of the beans in its list. WebExpressionVoter resolves strings like permitAll(), hasRole(), hasAuthority(), etc. So, your accessDecisionManager bean should be:

<beans:bean id="accessDecisionManager"
        class="org.springframework.security.access.vote.AffirmativeBased">
        <beans:constructor-arg>
            <beans:list>
                <beans:bean
                    class="org.springframework.security.access.vote.AuthenticatedVoter" />
                <beans:bean class="org.springframework.security.access.vote.RoleVoter" />
                <beans:bean class="org.springframework.security.web.access.expression.WebExpressionVoter" />
            </beans:list>
        </beans:constructor-arg>
</beans:bean>

这篇关于Spring security 不支持的配置属性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！