spring security 配置问题

随风逐流88888 发布于 2015/09/25 10:39
阅读 1K+
收藏 0

请问以下两个配置文件,放在同一程序时,启动报错,具体错误如下:

Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration。

请大神们帮忙看下,filter chain哪里出现问题了 谢谢谢谢!

第一个spring security XML配置文件片段:
<sec:http entry-point-ref="restAuthenticationEntryPoint">
      <sec:intercept-url pattern="/api/admin/**" access="ROLE_ADMIN"/>
      <sec:form-login
         authentication-success-handler-ref="mySuccessHandler"
         authentication-failure-handler-ref="myFailureHandler"
      />
      <sec:logout />
   </sec:http>
 
   <bean id="mySuccessHandler" class="org.broadleafcommerce.demo.site.api.endpoint.application.MySavedRequestAwareAuthenticationSuccessHandler"/>
   <bean id="myFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"/>
   <sec:authentication-manager alias="authenticationManager">
      <sec:authentication-provider>
         <sec:user-service>
            <sec:user name="temporary" password="temporary" authorities="ROLE_ADMIN"/>
            <sec:user name="user" password="user" authorities="ROLE_USER"/>
         </sec:user-service>
      </sec:authentication-provider>
   </sec:authentication-manager>

这是另一spring security配置文件,如下:

<!-- Set up Spring security for the application -->
    <sec:http auto-config="false" authentication-manager-ref="blAuthenticationManager" disable-url-rewriting="true">
        <!-- We handle session fixation protection ourselves  -->
        <sec:session-management session-fixation-protection="none" />
        
        <!-- Wishlist modifications live under /account, but we don't need HTTPS -->
        <sec:intercept-url pattern="/account/wishlist/**" access="ROLE_USER" requires-channel="any" />
        
        <!-- Specify these URLs as requiring HTTPS to encrypt user data  -->
        <sec:intercept-url pattern="/register*" requires-channel="http" />
        <sec:intercept-url pattern="/login*/**" requires-channel="http" />
        <sec:intercept-url pattern="/account/**" access="ROLE_USER" requires-channel="http" />
        <sec:intercept-url pattern="/checkout/**" requires-channel="http" />
        <sec:intercept-url pattern="/null-checkout/**" requires-channel="http" />
        <sec:intercept-url pattern="/null-giftcard/**" requires-channel="http" />
        <sec:intercept-url pattern="/confirmation/**" requires-channel="http" />
        
        <!-- Since the cart page is viewing as a modal, we want to allow it on any page -->
        <sec:intercept-url pattern="/cart/**" requires-channel="any" />
        
        <!-- All URLs not explicitly specified as https will be served under http -->
        <sec:intercept-url pattern="/" requires-channel="http"/>
        <sec:intercept-url pattern="/**" requires-channel="http"/>
        
        <!-- Define the login form along with the success and failure handlers -->
        <sec:form-login login-page='/login'
            authentication-success-handler-ref="blAdminAuthenticationSuccessHandler"
            authentication-failure-handler-ref="blAuthenticationFailureHandler"
            login-processing-url="/login_post.htm" 
        />
        
        <!-- Provide the logout handler -->
        <sec:logout delete-cookies="ActiveID" invalidate-session="false" success-handler-ref="blAdminLogoutSuccessHandler" logout-url="/logout"/>
        
        <!-- Specify our custom filters -->
        <sec:custom-filter ref="blPreSecurityFilterChain" before="CHANNEL_FILTER"/>
        <sec:custom-filter ref="blCsrfFilter" before="FORM_LOGIN_FILTER"/>
        <sec:custom-filter ref="bldSessionFixationProtectionFilter" before="SESSION_MANAGEMENT_FILTER"/>
        <sec:custom-filter ref="blPostSecurityFilterChain" after="SWITCH_USER_FILTER"/>
        <sec:custom-filter ref="blAdminFilterSecurityInterceptor" after="EXCEPTION_TRANSLATION_FILTER"/>
        <sec:custom-filter ref="bldCheckWechatAndZoneFilterChain" before="LOGOUT_FILTER"/>
    </sec:http>
    
    <!--  The BLC Authentication manager.   -->
    <sec:authentication-manager alias="blAuthenticationManager">
        <sec:authentication-provider user-service-ref="blUserDetailsService">
            <sec:password-encoder ref="blPasswordEncoder">
                <sec:salt-source ref="blSaltSource" />
            </sec:password-encoder>
        </sec:authentication-provider>
    </sec:authentication-manager>
    
    <!-- Configuration for salting user passwords. If you would like to change this property or generate a random salt to store
        on a per-customer basis or if you need to allow users to change their password then you will need to modify this
        configuration and likely provide a custom UserDetailsService. -->
    <bean id="blSaltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
        <property name="userPropertyToUse" value="id" />
    </bean>
    
    <bean id="blCsrfFilter" class="org.broadleafcommerce.common.security.handler.CsrfFilter" >
        <property name="excludedRequestPatterns">
            <list>
                <value>/null-checkout/**</value>
                <value>/null-giftcard/**</value>
                <value>/hosted/null-checkout/**</value>
            </list>
        </property>
    </bean>

    <!-- Sets the login failure URL -->
    <bean id="blAuthenticationFailureHandler" class="org.broadleafcommerce.common.security.BroadleafAuthenticationFailureHandler">
        <constructor-arg value="/login?error=true" />
        <property name="redirectStrategy" ref="blAuthenticationFailureRedirectStrategy" />
    </bean>
 	<!-- Sets the login failure URL -->
    <bean id="blAdminAuthenticationFailureHandler" class="org.broadleafcommerce.openadmin.security.BroadleafAdminAuthenticationFailureHandler">
        <constructor-arg value="/login?login_error=true" />
    </bean>

    <!-- Sets the login success URL -->
    <bean id="blAdminAuthenticationSuccessHandler" class="org.broadleafcommerce.openadmin.security.BroadleafAdminAuthenticationSuccessHandler">
        <property name="defaultTargetUrl" value="/"/>
        <property name="alwaysUseDefaultTargetUrl" value="false"/>
    </bean>
    
    <!-- Sets the login success URL -->
    <bean id="blAuthenticationSuccessHandler" class="org.broadleafcommerce.core.web.order.security.BroadleafAuthenticationSuccessHandler">
        <property name="redirectStrategy" ref="blAuthenticationSuccessRedirectStrategy" />
        <property name="defaultTargetUrl" value="/" />
        <property name="targetUrlParameter" value="successUrl" />
        <property name="alwaysUseDefaultTargetUrl" value="false" />
    </bean>
     <!-- Sets the logout success Handler -->
    <bean id="blAdminLogoutSuccessHandler" class="org.broadleafcommerce.openadmin.security.BroadleafAdminLogoutSuccessHandler"></bean>
    
     <!-- This ensures that the user has permissions to perform the requested operation -->
    <bean id="blAdminFilterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <property name="accessDecisionManager" ref="blAccessDecisionManager"/>
        <property name="authenticationManager" ref="blAdminAuthenticationManager" />
        <property name="securityMetadataSource">
            <sec:filter-security-metadata-source>
                <sec:intercept-url pattern="/**/account" access="PERMISSION_OTHER_DEFAULT" />
                <sec:intercept-url pattern="/admin/**" access="PERMISSION_OTHER_DEFAULT" />
                <sec:intercept-url pattern="/checkout" access="PERMISSION_OTHER_DEFAULT" />
            </sec:filter-security-metadata-source>
        </property>
    </bean>
     <!-- The BLC Admin authentication manager -->
    <sec:authentication-manager alias="blAdminAuthenticationManager">
        <sec:authentication-provider user-service-ref="blAdminUserDetailsService">
            <sec:password-encoder ref="blAdminPasswordEncoder">
                <sec:salt-source ref="blAdminSaltSource"/>
            </sec:password-encoder>
        </sec:authentication-provider>
    </sec:authentication-manager>




加载中
0
pantrick
pantrick
/** 映射定义放到最后面,提示你放到了最前面,因为这个模式比较宽,导致后面的url定义都不起作用,
随风逐流88888
随风逐流88888
我理解也是这个意思,但是能帮忙帮我看下配置文件吗?具体是哪块。谢谢
返回顶部
顶部