我正在研究一个使用Spring-Security的Spring-MVC应用程序.在登录应用程序中,我必须使用2个登录网址
I am working on a Spring-MVC application which uses Spring-Security. In the application for login I have to use 2 login url's
- /j_spring_security_check_for_person 与
- /j_spring_security_check_for_group
- /j_spring_security_check_for_person AND
- /j_spring_security_check_for_group
登录URL均针对我实现了UserDetails和userDetailsService的数据库进行检查.要连接这两个URL进行登录,我正在使用springSecurityFilterChain.不幸的是,它不起作用.由于存在两天的时间,我遇到了这个问题,我可能会犯一些愚蠢的错误.请检查日志和xml,
Both the login url's check against the database where I have implemented UserDetails and userDetailsService. To connect these both url's for login, I am using springSecurityFilterChain. Unfortunately, it is not working. I am at this problem since 2 days, I might be making some silly mistake. Kindly check the log and xml,
错误日志:
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Could not resolve matching constructor (hint: specify index/type/name arguments for simple parameters to avoid type ambiguities) at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:239) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1114) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1017) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:475) at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:302) at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:228) at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:298) at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193) at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:28) at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:20) at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:168)security-application-context.xml
security-application-context.xml
<security:http create-session="ifRequired" use-expressions="true" auto-config="true" disable-url-rewriting="true"> <security:form-login login-page="/" default-target-url="/canvas/list" always-use-default-target="false" authentication-failure-url="/denied.jsp" /> <security:logout logout-success-url="/" delete-cookies="JSESSIONID" invalidate-session="true" logout-url="/j_spring_security_logout"/> </security:http> <bean id="springSecurityFilterChain" class="org.springframework.security.web.FilterChainProxy"> <security:filter-chain-map path-type="ant"> <security:filter-chain pattern="/**" filters="authenticationProcessingFilterForPersonal, authenticationProcessingFilterForGroup"/> </security:filter-chain-map> </bean> <bean id="authenticationProcessingFilterForPersonal" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManagerForPersonal"/> <property name="filterProcessesUrl" value="/j_spring_security_check_for_person" /> </bean> <bean id="authenticationProcessingFilterForGroup" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <property name="authenticationManager" ref="authenticationManagerForGroup"/> <property name="filterProcessesUrl" value="/j_spring_security_check_for_group"/> </bean> <bean id="authenticationManagerForPersonal" class="org.springframework.security.authentication.ProviderManager"> <property name="providers"> <list> <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService"> <ref bean="userDetailsService"/> </property> <property name="passwordEncoder" ref="encoder"/> </bean> </list> </property> </bean> <bean id="authenticationManagerForGroup" class="org.springframework.security.authentication.ProviderManager"> <property name="providers"> <list> <bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"> <property name="userDetailsService"> <ref bean="groupDetailsService"/> </property> <property name="passwordEncoder" ref="encoder"/> </bean> </list> </property> </bean> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider ref="authenticationManagerForPersonal"/> <security:authentication-provider ref="authenticationManagerForGroup"/> </security:authentication-manager> <beans:bean id="encoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"> <beans:constructor-arg name="strength" value="11" /> </beans:bean>
如果我用下面的代码片段替换身份验证管理器代码,则不会收到错误消息,但是2个登录网址未注册:
If I replace the authentication-manager code with the below snippet, I don't get an error, but the 2 login url's are not registered :
<security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="userDetailsService"> <security:password-encoder ref="encoder"/> </security:authentication-provider> <security:authentication-provider user-service-ref="groupDetailsService"> <security:password-encoder ref="encoder"/> </security:authentication-provider> </security:authentication-manager>-->推荐答案
authenticationManagerForPersonal和authenticationManagerForGroup的类型为ProviderManager.这是错误的.您必须将这些bean声明为DaoAuthenticationProvider类型. 请仔细查看我的 spring security 配置.
authenticationManagerForPersonal and authenticationManagerForGroup are of bean type ProviderManager. This is wrong. You have to declare those beans as type DaoAuthenticationProvider. Please take a closer look at my spring security configuration.
更多推荐
创建名称为AuthenticationManager的bean时出错
发布评论