我想替换默认的SessionManagementFilter和我自己的,但我遇到了这个
17:31:32,901 ERROR [[/accounts]] Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<accountsSessionManageFilter>' and 'Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
Offending resource: ServletContext resource [/WEB-INF/spring-contexts/security.xml]
问题似乎是我使用的是 <http>在同一位置设置默认过滤器的元素/属性。但是我不是(或者如果我是无意的)。
这是我的安全上下文 <http>定义:
<http use-expressions="true" auto-config="false" entry-point-ref="loginUrlAuthenticationEntryPoint">
<!-- lots of intercept-url definitions (nothing else) -->
<custom-filter position="SESSION_MANAGEMENT_FILTER" ref="accountsSessionManageFilter"/>
<custom-filter position="FORM_LOGIN_FILTER" ref="accountsSsoFilter"/>
</http>
.......
<beans:bean id="accountsSessionManageFilter" class="org.springframework.security.web.session.SessionManagementFilter">
<beans:property name="sessionAuthenticationStrategy" ref="NullAuthenticatedSessionStrategy"/>
</beans:bean>
.......
<bean id="accountsSsoFilter" class="cayetano.core.base.service.impl.spring.filter.SsoUserPassAuthFilter">
<property name="authenticationManager" ref="ssoAuthManager" />
<property name="authenticationFailureHandler" ref="relativeLoginFailureHandler" />
<property name="authenticationSuccessHandler" ref="noopLoginSuccessHandler" />
<property name="authenticationService" ref="basicAuthenticatorService" />
<property name="authorityService" ref="userTypeBasedAuthotiryService" />
</bean>
那么为什么 Spring 会提示我使用的是 <http>使用默认过滤器的元素?
文档还指出 <session-management>是唯一<http>使用默认过滤器的元素,还有其他吗?
我正在使用 Spring Security 3.0。
谢谢,
最佳答案
如果您尝试指定一个自定义 SESSION_MANAGEMENT_FILTER 以便您可以更改默认类/实例的 sessionAuthenticationStrategy,只需使用 the session-authentication-strategy-ref attribute :
<http ...>
<session-management session-authentication-strategy-ref="NullAuthenticatedSessionStrategy"/>
</http>
这当然假定 NullAuthenticatedSessionStrategy 是上下文中定义的另一个 bean。由于这也是 Spring Security 中的一个类的名称,我认为您真正想要的是:
<http ...>
<session-management session-authentication-strategy-ref="sessionStrategy"/>
</http>
<bean id="sessionStrategy" class="org.springframework.security.web.authentication.session.NullAuthenticatedSessionStrategy"/>
关于java - 替换 SESSION_MANAGEMENT_FILTER 位置的默认过滤器,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10300369/