1. дома
  2. Вопрос и ответ
  3. Обновление с Spring Security 3.x до 4.x

Обновление с Spring Security 3.x до 4.x

2016-08-17 3 views
2 
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter"> 
     <property name="channelDecisionManager" ref="channelDecisionManager"/> 
     <property name="securityMetadataSource"> 
     <security:filter-security-metadata-source request-matcher="regex" use-expressions="true"> 
      <security:intercept-url pattern="\A/login.*\Z" access="REQUIRES_SECURE_CHANNEL"/> 
      <security:intercept-url pattern="\A/Home.*\Z" access="REQUIRES_INSECURE_CHANNEL"/> 
      <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> 
     </security:filter-security-metadata-source> 
     </property> 
    </bean>

Вышеприведенный фрагмент ошибки при переходе на Spring Security 4.x. Пожалуйста, дайте мне знать, если есть решение. Я проверил руководство по миграции, но в нем не упоминается какое-либо решение для этого. Этот снипп отлично работает с Spring Security 3.x.Обновление с Spring Security 3.x до 4.x

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceBindingGenerator': Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'channelProcessingFilter' defined in URL [jar:file:xxxxx.jar!/META-INF/spring-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ANY_CHANNEL, REQUIRES_INSECURE_CHANNEL, REQUIRES_SECURE_CHANNEL] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:136) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:408) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446) ~[spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328) ~[spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4729) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5167) [catalina.jar:8.0.26] 
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) [catalina.jar:8.0.26] 
    at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945) [catalina.jar:8.0.26] 
    at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1768) [catalina.jar:8.0.26] 
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_60] 
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_60] 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60] 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60] 
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60] 
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'channelProcessingFilter' defined in URL [jar:file:/xxxxxx.jar!/META-INF/spring-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ANY_CHANNEL, REQUIRES_INSECURE_CHANNEL, REQUIRES_SECURE_CHANNEL] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1054) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_60] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_60] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_60] 
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_60] 
    at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426) ~[springloaded-1.2.5.RELEASE.jar:1.2.5.RELEASE] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:354) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:305) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:133) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    ... 27 common frames omitted 
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [ANY_CHANNEL, REQUIRES_INSECURE_CHANNEL, REQUIRES_SECURE_CHANNEL] 
    at org.springframework.security.web.access.channel.ChannelProcessingFilter.afterPropertiesSet(ChannelProcessingFilter.java:131) ~[spring-security-web-4.1.2.RELEASE.jar:4.1.2.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    ... 44 common frames omitted

источник

2016-08-17 jslearner07

+0

Вы должны использовать 'требует-channel' атрибут с возможными значениями 'http',' https' и 'any'. – manish

ответ

0

Вы должны переписать свои intercept-url определения, как это:

<!-- old --> 
<security:intercept-url 
    pattern="\A/.*\Z" 
    access="ANY_CHANNEL"/> 

<!-- new --> 
<security:intercept-url 
    pattern="\A/.*\Z" 
    access="hasRole(...)" 
    requires-channel="any" />

По documentation вы можете использовать это VALES для requires-channel:

Доступные опции "HTTP", " https "или" any ". Использование значения «any» означает, что можно использовать HTTP или HTTPS.

источник

2016-08-17 15:03:18 vsminkov

+0

Спасибо. Я объявил конфигурацию, как указано выше. . Теперь я получаю ниже ошибки \ nСохранение проблемы: Неожиданный сбой при анализе определения bean-компонента Оскорбительный ресурс: URL [jarxxxxxxx.jar! /META-INF/spring-security.xml] Bean 'channelProcessingFilter'; Вложенное исключение - org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Проблема с конфигурацией: атрибут 'require-channel' здесь не разрешен. Оскорбительный ресурс: URL [jar: file: xxxxxx.jar! /META-INF/spring-security.xml – jslearner07

+0

@ jslearner07 какую именно весеннюю версию вы используете? – vsminkov

+0

Я использую Spring 4.3.2.RELEASE – jslearner07

0

Set use-expressions = "false". Согласно documentation, это значение истина, если доступ является выражение для оценки,

<security:filter-security-metadata-source use-expressions="true"> 
    <security:intercept-url pattern="/**" access="isAuthenticated()" /> 
</security:filter-security-metadata-source>

еще ложь:

<security:filter-security-metadata-source request-matcher="regex" use-expressions="false"> 
    <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> 
</security:filter-security-metadata-source>

источник

2018-02-07 20:15:41 Greg

 Смежные вопросы

  • Нет связанных вопросов^_^