当试图到达/测试URL为未登录时,我得到这个:
HTTP Status 500 - Filter execution threw an exception
type Exception report
message Filter execution threw an exception
description The server encountered an internal error that prevented it from fulfilling this request.
exception
javax.servlet.ServletException: Filter execution threw an exception
root cause
java.lang.NoSuchMethodError: org.springframework.security.web.access.expression.WebSecurityExpressionRoot.setDefaultRolePrefix(Ljava/lang/String;)V
org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler.createSecurityExpressionRoot(DefaultWebSecurityExpressionHandler.java:31)
org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler.createSecurityExpressionRoot(DefaultWebSecurityExpressionHandler.java:17)
org.springframework.security.access.expression.AbstractSecurityExpressionHandler.createEvaluationContext(AbstractSecurityExpressionHandler.java:47)
org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:33)
org.springframework.security.web.access.expression.WebExpressionVoter.vote(WebExpressionVoter.java:18)
org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:62)
org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:123)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:122)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
etc.
我的spring-config.xml文件:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/profilepage**" access="ROLE_USER" />
<intercept-url pattern="/test**" access="ROLE_USER" />
<access-denied-handler error-page="/accessdenied" />
<form-login login-page="/login"
login-processing-url="/authorize"
default-target-url="/profile"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout invalidate-session="true" logout-success-url="/login?logout" logout-url="/logout"/>
<csrf />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder ref="encoder" />
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username, password, enabled from users where username = ?"
authorities-by-username-query="select username, ROLE from user_roles where username = ?" />
</authentication-provider>
</authentication-manager>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
<beans:constructor-arg name="strength" value="11" />
</beans:bean>
</beans:beans>
截url模式分别为/test和/test/**、hasRole('ROLE_USER')和hasRole('USER')时,截url模式没有差异。只有当。jsp文件名与pattern相同时才有效-但在这种情况下,当我试图以未经授权的用户身份访问页面时,它会使一切都无用,因为在我的控制器中有这样的东西:
@RequestMapping(value = "/profile", method = RequestMethod.GET)
public String showprofilePage(Model model, Principal principal) {
String username = principal.getName();
//do smth
return "user/profilepage";
}
Spring在返回时刻阻止访问,而不是在发出请求时。这是我的pom.xml文件:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com</groupId>
<artifactId>prospr</artifactId>
<version>1.0.0-SNAPSHOT</version>
<name>ProSpr</name>
<packaging>war</packaging>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
<version>RELEASE</version>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.1.0.Final</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.36</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.hibernate.javax.persistence</groupId>
<artifactId>hibernate-jpa-2.1-api</artifactId>
<version>1.0.0.Draft-16</version>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>5.2.0.CR1</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-beans</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-tx</artifactId>
<version>4.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-test</artifactId>
<version>4.1.7.RELEASE</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>4.0.1.RELEASE</version>
</dependency>
</dependencies>
<build>
<defaultGoal>install</defaultGoal>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
<configuration>
<server>TomcatServer</server>
<url>http://localhost:8080/manager/text</url>
<path>/prospr</path>
<username>admin</username>
<password>password</password>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-eclipse-plugin</artifactId>
<version>2.10</version>
<configuration>
<downloadSources>true</downloadSources>
<downloadJavadocs>true</downloadJavadocs>
<wtpversion>2.0</wtpversion>
<sourceIncludes>
<sourceInclude>**/*.*</sourceInclude>
</sourceIncludes>
<additionalBuildcommands>
<buildCommand>
<name>org.springframework.ide.eclipse.core.springbuilder</name>
</buildCommand>
<buildCommand>
<name>org.eclipse.m2e.core.maven2Builder</name>
</buildCommand>
</additionalBuildcommands>
<additionalProjectnatures>
<projectnature>org.eclipse.jdt.core.javanature</projectnature>
<projectnature>org.springframework.ide.eclipse.core.springnature</projectnature>
<projectnature>org.eclipse.m2e.core.maven2Nature</projectnature>
</additionalProjectnatures>
</configuration>
</plugin>
<plugin>
<artifactId>maven-surefire-plugin</artifactId>
<configuration>
<includes>
<include>**/*Tests.java</include>
</includes>
<systemPropertyVariables>
<java.util.logging.config.file>
src/test/logging.properties
</java.util.logging.config.file>
</systemPropertyVariables>
<redirectTestOutputToFile>true</redirectTestOutputToFile>
</configuration>
</plugin>
</plugins>
</build>
</project>
您可以看到,我使用Tomcat
尽管您的Maven pom看起来正确,但似乎在您的类路径上有不正确的WebSecurityExpressionRoot版本。具体来说,它似乎在你的类路径中有spring-security-web-3.x.jar而不是spring-security-web-4.x.jar。
请确保运行干净的构建。如果您有多个版本的spring-security-web,也可能发生这种情况。如果你有一个war文件,你可以查看它的内容,看看里面是什么版本的Spring Security。您还应该查看任何父类加载器(即/lib)。有关其类加载器和搜索位置的其他信息,请参阅Tomcat Docs。