我在哪里定义`springSecurityFilterChain` bean? [英] Where do I define `springSecurityFilterChain` bean?
问题描述
当我在 web.xml 中放置 springSecurityFilterChain 的bean定义时,出现错误,指示Tomcat 7将无法启动,因为springSecurityFilterChain 存在重复的bean定义。我将整个堆栈跟踪上传到文件共享站点,您可以通过单击此链接阅读 。但是,当我在 web.xml 中注释掉 springSecurityFilterChain bean定义并尝试重新启动服务器时,我得到了一条不同的错误消息,指示 springSecurityFilterChain 没有bean定义。您可以在文件共享站点点击此链接阅读第二个堆栈跟踪。
When I place the bean definition for springSecurityFilterChain in web.xml, I get an error indicating that Tomcat 7 will not start because there is a duplicate bean definition for springSecurityFilterChain. I uploaded the entire stack trace to a file sharing site, which you can read by clicking on this link. However, when I the comment out the springSecurityFilterChain bean definition in web.xml and try to restart the server, I get a different error message indicating that there is no bean definition for springSecurityFilterChain. You can read the second stack trace at the file sharing site by clicking on this link.
那么我应该在哪里放置 springSecurityFilterChain 的bean定义,它的语法应该是什么?
So where should I put the bean definition for springSecurityFilterChain, and what should its syntax be?
我认为问题可能是我用来测试这种方法的spring petclinic示例应用程序有自己的方式使用门诊服务及其自己的xml配置文件,用于处理应用程序启动和资源管理。您可以在此链接中查看spring petclinic应用程序的完整代码。
I think the problem might be that the spring petclinic sample app, which I am using to test this approach, has its own way of using a clinicservice and its own xml config files to handle application startup and the management of resources. You can view the entire code for the spring petclinic app at this link.
我对petclinic应用所做的更改如下:
I将以下内容添加到pom.xml:
I added the following to pom.xml:
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.2.2.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.2.2.RELEASE</version>
</dependency>
我在web.xml中添加了以下内容:
I added the following to web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
我添加了一个名为 org.springframework.security.samples.knowledgemanager的软件包。在到 Java资源中配置 src / main / java ,然后我添加了以下内容它有两个类:
I added a package named org.springframework.security.samples.knowledgemanager.config to src/main/java in Java Resources, and then I added the following two classes to it:
MessageSecurityWebApplicationInitializer.java:
MessageSecurityWebApplicationInitializer.java:
@Order(2)
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}
SecurityConfig.java:
SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private DataSource dataSource;
@Autowired
private UserDetailsService myCustomUserDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.jdbcAuthentication()
.dataSource(dataSource)
.and()
.userDetailsService(myCustomUserDetailsService);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/app/**").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/index.jsp")
.defaultSuccessUrl("/app/")
.failureUrl("/index.jsp")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/index.jsp");
}
}
推荐答案
我收到一个错误,表明Tomcat 7无法启动,因为springSecurityFilterChain有一个重复的bean定义
I get an error indicating that Tomcat 7 will not start because there is a duplicate bean definition for springSecurityFilterChain
这个是因为你应该使用web.xml或AbstractSecurityWebApplicationInitializer来定义springSecurityFilterChain(不是两者)。当你似乎在使用Java Configuration时,我会删除web.xml条目。
This is because you should define the springSecurityFilterChain with either (NOT both) the web.xml or a AbstractSecurityWebApplicationInitializer. As you appear to be using Java Configuration, I would remove the web.xml entry.
然而,当我注释掉springSecurityFilterChain bean时在web.xml中定义并尝试重新启动服务器,我收到一条不同的错误消息,指出springSecurityFilterChain没有bean定义。
However, when I the comment out the springSecurityFilterChain bean definition in web.xml and try to restart the server, I get a different error message indicating that there is no bean definition for springSecurityFilterChain.
这是因为需要以某种方式引用SecurityConfig。通常,使用Java配置时最简单的方法是将配置传递给MessageSecurityWebApplicationInitializer的超类构造函数。
This is because the SecurityConfig needs to be referenced somehow. Typically the easiest way to do this when using Java Configuration is to pass in the configuration to the super class constructor of MessageSecurityWebApplicationInitializer.
但是,宠物诊所正在使用XML配置web.xml所以你需要通过组合 Java和XML配置。对于此示例,您可以在 src / main / resources / business-config.xml
However, the pet clinic is using XML configuration in the web.xml so you will need to do this by combining Java and XML configuration as outlined in the reference. For this example, you could include the following within src/main/resources/business-config.xml
<bean class="thepackage.SecurityConfig"/>
当然,您需要将包装替换为您用于SecurityConfig的包装。
Naturally, you will need to replace thepackage with the package you are using for SecurityConfig.
您可以在business-config.xml中包含配置的原因是因为它被指定为 contextConfiguration to web.xml 。您还可以创建自己的Spring bean XML文件,添加如上所示的SecurityConfig bean,并确保更新web.xml以指向新的Spring bean XML文件。
The reason you can include the configuration in business-config.xml is because this is specified as a contextConfiguration to load in the web.xml. You could also create your own Spring bean XML file, add the SecurityConfig bean as shown above, and ensure to update the web.xml to point to the new Spring bean XML file.
这篇关于我在哪里定义`springSecurityFilterChain` bean?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
