Spring security 使用Java配置删除角色前缀很难升级到Spring Security 3.2
我在使用Java配置升级到Spring Security 3.2时遇到了一些困难,比如定制Spring security 使用Java配置删除角色前缀很难升级到Spring Security 3.2,spring-security,spring-java-config,Spring Security,Spring Java Config,我在使用Java配置升级到Spring Security 3.2时遇到了一些困难,比如定制RoleVoter以删除角色前缀。具体来说,我从原始XML中获得了以下内容: 假的 我已经尝试在我的@configuration对象中创建类似的配置 @Bean 公共角色扮演者角色扮演者(){ RoleVoter RoleVoter=新RoleVoter(); roleVoter.setRolePrefix(“”); 返回roleVoter; } @豆子 基于公共确认的访问决策管理器(){ Affima
RoleVoter角色前缀。具体来说,我从原始XML中获得了以下内容:
假的
我已经尝试在我的@configuration
对象中创建类似的配置
@Bean
公共角色扮演者角色扮演者(){
RoleVoter RoleVoter=新RoleVoter();
roleVoter.setRolePrefix(“”);
返回roleVoter;
}
@豆子
基于公共确认的访问决策管理器(){
AffimativeBased AffimativeBased=新的AffimativeBased(Arrays.asList((AccessDecisionVoter)roleVoter());
基于肯定的。SetAllowiFallDecisions(错误);
返回基于肯定的;
}
...
@凌驾
受保护的无效配置(HttpSecurity http)引发异常
{
http
.授权请求()
.accessDecisionManager(accessDecisionManager())
.antMatchers(“/protected/**”).hasRole(“我的认证用户”)
.anyRequest().authenticated()
.及()
.formLogin()
.permitAll()
.及()
.logout()
.permitAll();
}
这就是我现在遇到的困难,我在日志中出现了如下异常:
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [permitAll, hasRole('ROLE_my-authenticated-user'), permitAll, authenticated, permitAll, permitAll, permitAll]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:156) ~[spring-security-core-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.createFilterSecurityInterceptor(AbstractInterceptUrlConfigurer.java:187) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.configure(AbstractInterceptUrlConfigurer.java:76) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.configure(ExpressionUrlAuthorizationConfigurer.java:70) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.configure(AbstractInterceptUrlConfigurer.java:64) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:378) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:327) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:293) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:331) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:92) ~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$a7068b50.CGLIB$springSecurityFilterChain$3(<generated>) ~[spring-core-3.2.4.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$a7068b50$$FastClassByCGLIB$$a17f24f9.invoke(<generated>) ~[spring-core-3.2.4.RELEASE.jar:3.2.0.RELEASE]
at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) ~[spring-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:286) ~[spring-context-3.2.4.RELEASE.jar:3.2.4.RELEASE]
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$EnhancerByCGLIB$$a7068b50.springSecurityFilterChain(<generated>) ~[spring-core-3.2.4.RELEASE.jar:3.2.0.RELEASE]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.7.0_25]
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ~[na:1.7.0_25]
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.7.0_25]
at java.lang.reflect.Method.invoke(Method.java:606) ~[na:1.7.0_25]
at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:160) ~[spring-beans-3.2.4.RELEASE.jar:3.2.4.RELEASE]
... 60 common frames omitted
原因:java.lang.IllegalArgumentException:不支持的配置属性:[permitAll,hasRole('ROLE_my-authenticated-user'),permitAll,authenticated,permitAll,permitAll]
在org.springframework.security.access.intercept.AbstractSecurityInterceptor.AfterPropertieSet(AbstractSecurityInterceptor.java:156)~[spring-security-core-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.createFilterSecurityInterceptor(AbstractInterceptUrlConfigurer.java:187)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configurers.AbstractInterceptUrlConfigurer.configure(AbstractInterceptUrlConfigurer.java:76)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.configure(ExpressionUrlAuthorizationConfigurer.java:70)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configures.AbstractInterceptUrlConfigurer.configure(AbstractInterceptUrlConfigurer.java:64)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.configure(AbstractConfiguredSecurityBuilder.java:378)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:327)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:293)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.builders.WebSecurity.performBuild(WebSecurity.java:74)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.AbstractConfiguredSecurityBuilder.doBuild(AbstractConfiguredSecurityBuilder.java:331)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.AbstractSecurityBuilder.build(AbstractSecurityBuilder.java:39)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration.springSecurityFilterChain(WebSecurityConfiguration.java:92)~[spring-security-config-3.2.0.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$enhancerbyglib$$a7068b50.CGLIB$springSecurityFilterChain$3()~[spring-core-3.2.4.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$enhancerbyglib$$a7068b50$$FastClassByCGLIB$$a17f24f9.invoke()~[spring-core-3.2.4.RELEASE.jar:3.2.0.RELEASE]
在org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228)~[spring-core-3.2.4.RELEASE.jar:3.2.4.RELEASE]
在org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:286)~[spring-context-3.2.4.RELEASE.jar:3.2.4.RELEASE]
在org.springframework.security.config.annotation.web.configuration.WebSecurityConfiguration$$enhancerbyglib$$a7068b50.springSecurityFilterChain()~[spring-core-3.2.4.RELEASE.jar:3.2.0.RELEASE]
在sun.reflect.NativeMethodAccessorImpl.invoke0(本机方法)~[na:1.7.0\u 25]
在sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)~[na:1.7.025]
在sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)~[na:1.7.025]
在java.lang.reflect.Method.invoke(Method.java:606)~[na:1.7.0_25]
在org.springframework.beans.factory.support.SimpleInstallationStrategy.instantiate(SimpleInstallationStrategy.java:160)~[spring-beans-3.2.4.RELEASE.jar:3.2.4.RELEASE]
... 省略60个公共框架
在这一点上,如果RoleVoter
配置正确,我不确定角色来自何处。对于角色部分,您必须使用hasAnyAuthority(..)而不是hasAnyRole(..)
来自JavaDoc
如果你不