ynp
- 浏览: 428568 次
- 性别:
- 来自: 北京
-
文章分类
- 全部博客 (211)
- 思考》感想 (11)
- 数据库操作 譬如Oracle大叔 (7)
- java,咱们有缘吗 (16)
- delphi,你还好吗 (2)
- SSH,哥三儿好 (31)
- 问题!问题?问题!? (9)
- WITH WORK (1)
- 算法与模式 莫事^_^ (10)
- JSP,可以叫你P兄么 (2)
- 啊,咋科斯╮(╯▽╰)╭ (6)
- 巨人肩上的小石子 (2)
- flash她妹flex (38)
- 项目管理 (10)
- 奥特曼,你弟Android来了 (4)
- 麻辣儿gis (0)
- maven 嘛味儿 (3)
- ws 哇塞 webservice (5)
- Oh,no!!!,NoSql (1)
- QQ他哥也是个企鹅,Linux (6)
- 姓i还是姓my 你都叫batis ibatis (3)
- 我喜欢夏天(春天旁边的那个季节)Springside (1)
- 测试! 测就测吧,没有喝(⊙o⊙) (3)
- 是晕+_+ 是浮云 还是云计算 (4)
- ExtJS 你是flex他哥还是他妹 (10)
- svg 你丫的资料真少 (3)
- 叫屁屁还是叫加加 ⊙﹏⊙ c++ (5)
- 鸟,还是只百灵鸟 BIRT (1)
- 权限管理 有权真好 是吧-_-! (1)
- SSH (2)
- 哥三儿好 (2)
- nginx (1)
- Oh (1)
- no!!! (1)
- NoSql (1)
最新评论
-
mong619226543:
谢谢
No identifier specified for entity -
akka_li:
没看懂啥意思!什么原因导致java.net.SocketExc ...
java.net.SocketException: Connection reset 问题解决方法 -
west_jing:
1L正解,<mvc:annotation-driven/ ...
<mvc:default-servlet-handler/> 导致 Controller失效 -
u010954806:
tgfhfdhdf
Spring Security 国际化文件 messages_zh_CN.properties 中文解释 -
yenshen:
我也碰到这个问题了,找了一大圈,最终问题解决了:<con ...
<mvc:default-servlet-handler/> 导致 Controller失效
两个Spring Security问题
---------》现象
2011-5-4 9:22:20 org.springframework.web.context.ContextLoader initWebApplicationContext
严重: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
2011-5-4 9:22:20 org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
------》原因
<intercept-url pattern="/hello.do*" access="none"/>
本意是/hello.do这个路径不需要用户权限,但写成上面会找none这个role,数据库没有这个role,所以报错了,还有就是配置角色的 时候一定不要加空格,也会报同样错的。
改为下面的写法就对了:
<intercept-url pattern="/hello.do*" filters="none"/>
-------》现象
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: 未在SecurityContext中查找到认证对象
org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:321)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:195)
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
$Proxy4.sayHello(Unknown Source)
com.xx.servlet.HelloServlet.doGet(HelloServlet.java:30)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:163)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237
------》原因
对方法进行了鉴权保护:
<global-method-security>
<!-- ROLE_USER能执行sayHello方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayHello(..))"/>
<!-- ROLE_USER不能执行sayBye方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayBye(..))"/>
</global-method-security>
sayHello和sayBye方法是通过 /hello.do*这个路径访问的,但前面我已经设置了<intercept-url pattern="/hello.do*" filters="none"/>,也就是不进行权限验证,造成了矛盾,所以没有办法再对方法进行保护。
---------》现象
2011-5-4 9:22:20 org.springframework.web.context.ContextLoader initWebApplicationContext
严重: Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
2011-5-4 9:22:20 org.apache.catalina.core.StandardContext listenerStart
严重: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1412)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:574)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:895)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:425)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:276)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:926)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:889)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [none]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.afterPropertiesSet(AbstractSecurityInterceptor.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1469)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1409)
... 36 more
------》原因
<intercept-url pattern="/hello.do*" access="none"/>
本意是/hello.do这个路径不需要用户权限,但写成上面会找none这个role,数据库没有这个role,所以报错了,还有就是配置角色的 时候一定不要加空格,也会报同样错的。
改为下面的写法就对了:
<intercept-url pattern="/hello.do*" filters="none"/>
-------》现象
org.springframework.security.authentication.AuthenticationCredentialsNotFoundException: 未在SecurityContext中查找到认证对象
org.springframework.security.access.intercept.AbstractSecurityInterceptor.credentialsNotFound(AbstractSecurityInterceptor.java:321)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:195)
org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor.invoke(MethodSecurityInterceptor.java:64)
org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
$Proxy4.sayHello(Unknown Source)
com.xx.servlet.HelloServlet.doGet(HelloServlet.java:30)
javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:163)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237
------》原因
对方法进行了鉴权保护:
<global-method-security>
<!-- ROLE_USER能执行sayHello方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayHello(..))"/>
<!-- ROLE_USER不能执行sayBye方法 -->
<protect-pointcut access="ROLE_ADMIN" expression="execution(* com.xx.service.*.sayBye(..))"/>
</global-method-security>
sayHello和sayBye方法是通过 /hello.do*这个路径访问的,但前面我已经设置了<intercept-url pattern="/hello.do*" filters="none"/>,也就是不进行权限验证,造成了矛盾,所以没有办法再对方法进行保护。
分享到:
发表评论
-
Spring Security 国际化文件 messages_zh_CN.properties 中文解释
2011-05-04 17:08 7031Spring Security 国际化文件 messages_ ... -
一个spring security 配置列子
2011-05-03 16:48 1219<?xml version="1.0" ... -
spring security与数据库交互实现简单例子
2011-04-19 16:34 1632spring security与数据库交互实现简单例子 最近 ... -
用struts2 验证用户登录demo
2011-01-28 15:38 2153用struts2 验证用户登录de ... -
Struts2.1.8 执行顺序
2011-01-28 15:18 864public class LoginAction extend ... -
Struts2令人纠结的一个问题
2011-01-27 09:47 969我用Struts2加入自定义的library如下图,就报错, ... -
一份spring配置文件
2011-01-13 14:05 939<?xml version="1.0" ... -
Hibernate关系映射总结
2010-10-18 10:35 1242其实这些东东完全可以参考帮助文档;这里只是总结下。 》》》一对 ... -
No identifier specified for entity:XX.xx
2010-10-12 17:25 1645No identifier specified for ent ... -
Annotation对Hibernate中联合主键定义
2010-10-11 13:28 2200public class User { private in ... -
@MappedSuperclass的用法
2010-10-11 10:21 12588@MappedSuperclass的用法 用在实体的继承过程 ... -
公共dao的结构
2010-09-29 16:17 1336-----------》公共dao的结构 -----共用接口 ... -
No identifier specified for entity
2010-09-29 16:07 11959org.hibernate.AnnotationExcepti ... -
SSJ配置模板
2009-09-14 09:06 858web.xml-----> <?xml versi ... -
一个简单的ssh配置模板
2009-09-12 17:08 1683web.xml------> <?xml vers ... -
Struts----学习笔记 用form提交和sturts提交
2009-09-12 17:02 1193struts是这么配置的 <action path= ... -
Spring学习笔记------Spring和Hibernate的整合配置
2009-09-12 09:15 1389Spring和Hibernate整合配置有两种方式: 方 ... -
Spring学习笔记--------AOP操作
2009-09-10 10:29 1034* AOP操作可与通过注解和xml的方式实现; * 有个问题, ... -
Hibernate学习笔记1--------一个简单的应用
2009-08-30 08:26 993工具类---------> /** *用单例模式 ... -
Hibernate学习笔记2--------------------一对多、多对一简单配置
2009-08-30 08:40 972一的一端------------------------> ...
相关推荐
spring security3.1.3 和 spring security3.0.0两个版本的源码以及jar 在dist文件夹里有jar文件,按自己项目需求选择
你可能知道,安全包括两个主要操作。 第一个被称为“认证”,是为用户建立一个他所声明的主体。主题一般式指用户,设备或可以在你系 统中执行动作的其他系统。“授权”指的是一个用户能否在你的应用中执行某个操作...
SpringSecurity,这是一种基于Spring AOP和Servlet过滤器的安全框架。...本实例简单配置了springsecurity权限控制,提供admin,user两个用户,在页面登录时以不同角色可访问不同页面,初学者可加以参考此例 谢谢!
一个能够为基于Spring的企业应用系统提供声明式的安全訪问控制解决方式的安全框架(简单说是对访问权限进行控制嘛),... spring security的主要核心功能为 认证和授权,所有的架构也是基于这两个核心功能去实现的。
四是修改spring security的源代码,主要是修改InvocationSecurityMetadataSourceService和UserDetailsService两个类。 前者是将配置文件或数据库中存储的资源(url)提取出来加工成为url和权限列表的Map供Security...
你可能知道,安全包括两个主要操作。 第一个被称为“认证”,是为用户建立一个他所声明的主体。主题一般式指用户,设备或可以在你系 统中执行动作的其他系统。“授权”指的是一个用户能否在你的应用中执行某个操作...
spring security3.07中的tutorial和contacts示例只有war包,没有src中的源码,资源中包含了两个示例的src目录源码。
这就是Spring Security面向的两个主要方向。“认证” 是为用户建立一个他所声明的主体的过程, (“主体”一般是指用户,设备或可以在你系统中执行行动的其他系统)。 “验证”指的一个用户能否在你的应用中执行...
在企业应用中,认证和授权是非常重要的一部分内容,业界最出名的两个框架就是大名鼎鼎的 Shiro和Spring Security。由于Spring Boot非常的流行,选择Spring Security做认证和授权的 人越来越多,今天我们就来看看用...
springsecurity3.0.5简单例子 当用firefox访问时产生的临时cookie,在下次访问中还存在的话,获取的session还是原来的session(user验证信息不变),如果把那个临时cookie删除的话,则springsecuriyt生成新的session...
四是修改spring security的源代码,主要是修改InvocationSecurityMetadataSourceService和UserDetailsService两个类。前者是将配置文件或数据库中存储的资源(url)提取出来加工成为url和权限列表的Map供Security使用...
主要介绍了详解spring security 配置多个AuthenticationProvider ,小编觉得挺不错的,现在分享给大家,也给大家做个参考。一起跟随小编过来看看吧
熟悉Spring特别是一来注入原理两帮助你更快更方便的使用Spring Security。 Spring Boot是用来简化Spring应用初始搭建以及开发过程的全新框架,被认为是Spring MVC的“接班人”,和微服务紧密联系在一起。
我搜集到的两个例子,都是可以用的,war3貌似简单点,另一个复杂多了- -
自定义用户详情服务基于数据库实现登录认证及授权。 使用access()方法实现RBAC权限模型(另包涵简单动态菜单实现)
正如你可能知道的关于安全方面的两个主要区域是“**认证**”和“**授权**”(或者访问控制),一般来说,Web 应用的安全性包括**用户认证(Authentication)** 和 **用户授权(Authorization)** 两个部分,这两点也...
里面有两个PDF文档,分别是Spring3_权威开发指南.pdf和Spring3Security-3.0.1中文官方文档.pdf。
Spring Security实现RBAC权限管理一简介在企业应用中,认证和授权是非常重要的一部分内容,业界最出名的两个框架就是大名鼎鼎的Shiro和Spring Security。由于Spring Boot非常的流行,选择Spring Security做认证和...
Spring Security 提供了基于javaEE的企业应有个你软件全面的安全服务。这里特别强调支持使用SPring框架构件的项目,Spring框架是企业软件开发javaEE方案的领导者。如果你还没有使用Spring来开发企业应用程序,我们...
Java开发人员在解决Web应用安全相关的问题时,通常会采用两个非常流行的安全框架,Shiro和SpringSecurity。Shiro配置简单,上手快,满足一般应用的安全需求,但是功能相对单一。SpringSecurity安全粒度细,与Spring...