我有一个问题无法解决。这是关于将应用程序扩展到Spring Security。
为此,我创建了一个security.xml文件(请参见下文)。
在web.xml中,我包含了此文件。
但是,启动应用程序时出现以下错误消息:
原因:java.lang.IllegalArgumentException:通用匹配 模式('/ **')在过滤器链中的其他模式之前定义, 导致它们被忽略。请检查您的订购 名称空间或FilterChainProxy bean配置
我已经上网数天了。但是,我还没有找到解决方法。
security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans
xmlns:context="http://www.springframework.org/schema/context"
xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
https://www.springframework.org/schema/security/spring-security.xsd">
<security:http auto-config="true">
<security:intercept-url
pattern="/ResetPassword**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:headers defaults-disabled="true">
<security:frame-options policy="SAMEORIGIN"/>
</security:headers>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="abc" authorities="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!-- ====================================================================== Die Web.xml fuer das Verfuegungstext-ga
In dieser Datei wird der ApplicationContext von Spring,isy-logging,das Axis-Servlet und das HttpInvoker-Servlet
konfiguriert.
Author: Christian Hinken Revision: $Id: web.xml 117069 2014-06-05 12:41:34Z sdm_mhaesner $ ====================================================================== -->
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>DQI-Scheduler</display-name>
<!-- KONTEXTPARAMETER -->
<!-- Spring: Registrierung der Properties für das Anwendungsprofil -->
<context-param>
<param-name>contextInitializerClasses</param-name>
<param-value>de.bund.bsi.pliscommon.dqischeduler.common.spring.ApplicationSpringWebInitializer</param-value>
</context-param>
<!-- Angabe des WebAppRootKeys. Dies ist notwendig sofern mehrere Anwendungen in einem Tomcat betrieben werden,da der Tomcat den WebAppRoot nicht fuer jede Anwendung separat verwaltet. Details siehe http://static.springframework.org/spring/docs/2.5.x/api/org/springframework/web/util/Log4jWebConfigurer.html -->
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>dqi-scheduler</param-value>
</context-param>
<!-- Use JSF view templates saved as *.xhtml,for use with Facelets -->
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<!-- Enables special Facelets debug output during development -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<!-- Causes Facelets to refresh templates during development -->
<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>1</param-value>
</context-param>
<!--
Angabe des Speicherorts der logback Konfiguration
Wenn nicht angegeben,greift die Standardinitialisierung:
Konfiguration im Classpath.
Aufgrund des Deplyoments liegt die Konfiguration aber unter
/classes/config/logback.xml
-->
<context-param>
<param-name>logbackConfigLocation</param-name>
<param-value>classpath:/config/logback.xml</param-value>
</context-param>
<!-- Die Größe des Buffers für das Rendern der Antwort,bevor Teile davon an den Client zurückgesendet werden.
Wichtig für Fehlerbehandlung (Fehler während des Renderns) -->
<context-param>
<param-name>javax.faces.FACELETS_BUFFER_SIZE</param-name>
<param-value>202400</param-value>
</context-param>
<!-- Spring Root Application Context -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:resources/spring/application-web.xml
/WEB-INF/security.xml
</param-value>
</context-param>
<!-- Entfernt Kommentare -->
<context-param>
<param-name>javax.faces.FACELETS_SKIP_COMMENTS</param-name>
<param-value>true</param-value>
</context-param>
<!-- FILTER -->
<!-- File Upload -->
<filter>
<filter-name>ExtensionsFilter</filter-name>
<filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class>
<init-param>
<!-- ignore files that take more than 10MB of disk space -->
<param-name>uploadMaxFileSize</param-name>
<param-value>10m</param-value>
</init-param>
<init-param>
<!-- keep files whose size is less that 100K in memory -->
<param-name>uploadThresholdSize</param-name>
<param-value>500k</param-value>
</init-param>
</filter>
<!-- Request-Scoping -->
<filter>
<filter-name>RequestContextFilter</filter-name>
<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
</filter>
<!-- Logging -->
<filter>
<filter-name>MdcFilter</filter-name>
<filter-class>de.bund.bva.pliscommon.aufrufkontext.http.HttpHeadernestedDiagnosticContextFilter</filter-class>
</filter>
<!-- Security -->
<filter>
<filter-name>SpringSecurityFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>springSecurityFilterChain</param-value>
</init-param>
</filter>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- Filter zur Initialisierung der Applikation (JavaScript De-/Aktiviert,...). -->
<filter>
<filter-name>applicationInitialisierungFilter</filter-name>
<filter-class>de.bund.bva.isyfact.common.web.servlet.filter.ApplicationInitialisierungFilter</filter-class>
<!-- Optionaler Parameter: Der Parameter "urlsToSkip" dient zur Aufnahme von Url-Pfaden,relativ zum ApplicationContext-Pfad,die von der Filterung ausgenommen werden. Mehrere Url-Pfade sind kommasepatiert anzugeben. Es ist pro
Url ein fuehrendes
"/" anzugeben. -->
<init-param>
<param-name>urlsToSkip</param-name>
<param-value>/app/resources,/app/javax.faces.resource</param-value>
</init-param>
<!-- Plicht-Parameter: Der Parameter "urlApplicationInitialisierung" enthaelt die Url zur Application-Initialisierungsseite.
Es ist ein fuehrendes "/" anzugeben. -->
<init-param>
<param-name>urlApplicationInitialisierung</param-name>
<param-value>/app/common/init/applicationInitialisierung.xhtml</param-value>
</init-param>
<!-- Die URL auf die umgeleitet wird,sofern die Initialisierungseite per AJAX aufgerufen wird (z.B. möglich
nach einem Session-Timeout). -->
<init-param>
<param-name>ajaxRedirectUrl</param-name>
<param-value>/dqi-scheduler/index.html</param-value>
</init-param>
</filter>
<!-- Authentication configuration. WARNING: The AuthenticationFilter must be the first filter in the filter
chain,so that he can decide whether access to the application is allowed or denied. -->
<filter>
<filter-name>AuthenticationFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>configurableAuthenticationFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>GeneralGuiAuthorizationFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>configurableAuthorizationFilter</param-value>
</init-param>
<init-param>
<param-name>targetFilterLifecycle</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<!-- FILTER-MAPPINGS -->
<!-- Authentication -->
<filter-mapping>
<filter-name>AuthenticationFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<!-- Request-Scoping -->
<filter-mapping>
<filter-name>RequestContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Logging -->
<filter-mapping>
<filter-name>MdcFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Security -->
<filter-mapping>
<filter-name>GeneralGuiAuthorizationFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>SpringSecurityFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<!-- Encoding -->
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Filter zur Initialisierung der Applikation (JavaScript De-/Aktiviert,...). -->
<filter-mapping>
<filter-name>applicationInitialisierungFilter</filter-name>
<url-pattern>/app/*</url-pattern>
</filter-mapping>
<!--
Angabe des zu verwendenden Listeners fuer logback
Dies ist noetig,da Container,die die Servlet 2.4 API implementieren
verlangen,dass Listener vor load-on-startup Servlets geladen werden.
Servlet 2.3 Container erzwingen dieses Vorgehen.
Ausserdem ist der LogbackConfigListener vor dem ContextLoaderListener zu
registrieren,siehe analoge Vorgaben für log4j unter http://static.springframework.org/spring/docs/2.0.x/
api/org/springframework/web/util/Log4jConfigListener.html
Anmerkung: Sollte ein aelterer Servlet-Container (2.2) verwendet werden ist
LogbackConfigServlet anstelle von LogbackConfigListener zu verwenden.
-->
<listener>
<listener-class>ch.qos.logback.ext.spring.web.LogbackConfigListener</listener-class>
</listener>
<!-- Bootstrap Listener zum Starten des Springs Haupt-WebApplicationContexts von Spring. Delegiert an ContextLoader.
Sofern der Log4jConfigListener verwendet wird ist dieser vor dem ContextLoaderListener in der web.xml zu
registrieren.
Anmerkung: Sollte ein aelterer Servlet-Container (2.2) verwendet werden ist ContextLoaderServlet anstelle
von ContextLoaderListener
zu verwenden -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- SERVLETS -->
<!-- Just here so the JSF implementation can initialize,*not* used at runtime -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>Spring MVC Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:resources/spring/gui.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Der Front-Controller für alle HTTPInvoker-Aufrufe.
Enthält alle Spring-Beans die HTTP-Invoker spezifisch sind.
Das Servlet nimmt die Aufrufe entgegen und verteilt sie auf die RemoteBeans.
Die entsprechene Konfiguration befindet sich in remoting-servlet.xml -->
<servlet>
<servlet-name>remoting</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/resources/spring/service/remoting-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Tomahawk Upload Widget auf MVC legen -->
<filter-mapping>
<filter-name>ExtensionsFilter</filter-name>
<servlet-name>Spring MVC Servlet</servlet-name>
</filter-mapping>
<!-- Servlet zur Kommunikation mit dem Loadbalancer. Das Servlet prueft fuer jeden HTTP-GET-Aufruf,ob eine
isAlive-Datei vorhanden ist. Falls ja,wird HTTP-OK zurueckgeliefert. Falls nein HTTP-FORBIDDEN. -->
<servlet>
<servlet-name>loadbalancer</servlet-name>
<servlet-class>de.bund.bva.pliscommon.ueberwachung.service.loadbalancer.LoadbalancerServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Servlet-Mappings für Test-Schnittstellen -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Spring MVC Servlet</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>remoting</servlet-name>
<url-pattern>/AdminBean_v1_0</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>loadbalancer</servlet-name>
<url-pattern>/Loadbalancer</url-pattern>
</servlet-mapping>
<!-- DEFAULT-PAGE -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
´
整个控制台输出
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain,causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1583)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:553)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:778)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:843)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:541)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4792)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5256)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1421)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1411)
at java.util.concurrent.Futuretask.run(Futuretask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain,causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:53)
at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:40)
at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:167)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1642)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1579)
... 21 common frames omitted
[P: ERROR] [T: localhost-startStop-1] [L: org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/dqi-scheduler]] - [M: Exception sending context initialized event to listener instance of class [org.springframework.web.context.ContextLoaderListener]]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain,causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:53)
at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:40)
at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:167)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1642)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1579)
... 21 common frames omitted
其他信息
已使用的Spring依赖版本
