Spring security Websphere 7-通用匹配模式(';/**';)是在其他模式之前定义的
我使用Roo生成了一个spring项目,并使用安全设置插件添加到spring安全性中。安全性在Tomcat7上运行良好,但在尝试部署到WebSphere7.0.0.19时遇到以下问题。我目前正在使用SpringSecurity3.1.0.RELEASE。我见过其他项目在Websphere中使用Spring DelegatingFilterProxy的情况很好。有人有什么想法吗 StackTrace中的错误:Spring security Websphere 7-通用匹配模式(';/**';)是在其他模式之前定义的,spring-security,spring-roo,websphere-7,Spring Security,Spring Roo,Websphere 7,我使用Roo生成了一个spring项目,并使用安全设置插件添加到spring安全性中。安全性在Tomcat7上运行良好,但在尝试部署到WebSphere7.0.0.19时遇到以下问题。我目前正在使用SpringSecurity3.1.0.RELEASE。我见过其他项目在Websphere中使用Spring DelegatingFilterProxy的情况很好。有人有什么想法吗 StackTrace中的错误: E org.springframework.web.context.ContextLoa
E org.springframework.web.context.ContextLoader initWebApplicationContext Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
E org.springframework.web.context.ContextLoader初始化WebApplicationContext上下文失败
org.springframework.beans.factory.BeanCreationException:创建名为“org.springframework.security.filterChainProxy”的bean时出错:调用init方法失败;嵌套的异常是java.lang.IllegalArgumentException:在筛选器链中的其他模式之前定义了一个通用匹配模式(“/**”),导致忽略它们。请检查命名空间或FilterChainProxy bean配置中的顺序
applicationContext-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true" >
<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/jobtypes/**" access="isAuthenticated()" />
<intercept-url pattern="/tests/**" access="permitAll" />
<!-- Websphere Problem: IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain -->
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
</http>
<!-- Configure Authentication mechanism -->
<beans:bean name="myCompanyAuthenticationProvider" class="edu.mycompany.project.security.MyCompanyAuthenticationProvider" />
<authentication-manager alias="authenticationManager">
<authentication-provider ref="myCompanyAuthenticationProvider" />
</authentication-manager>
</beans:beans>
谢谢,很有趣。。。我正在使用SpringSecurity3.1.0.RELEASE并部署到WAS7,但我的任何应用程序都没有问题。你我之间唯一的细微差别是我不使用表达方式。我的是这样的:-
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true">
<security:form-login login-page="/" authentication-failure-url="/?login_error=1" default-target-url="/"
always-use-default-target="true"/>
<security:logout logout-success-url="/" />
<security:intercept-url pattern="/secure/**" access="ROLE_ADMIN,ROLE_USER"/>
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
</security:http>
...
</beans>
...
另一个关键区别是,我的“一网打尽”
/**
是为匿名访问而打开的,而您的用户仅限于角色用户。对于阅读此内容(并寻找答案)的其他人,此问题被记录为并确定为无效。出现问题的原因是配置被拾取了两次。这是由于通过Spring Roo创建了contextConfigLocation值,特别是“web mvc setup”命令在类路径后添加了一个额外的星号。问题记录为。实际配置似乎没有问题,只是配置加载了两次。谢谢你的反馈。