1. Zuhause
  2. Frage und Antwort
  3. Aktualisieren von Spring Security 3.x auf 4.x

Aktualisieren von Spring Security 3.x auf 4.x

2016-08-17 6 views
2 
<bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter"> 
     <property name="channelDecisionManager" ref="channelDecisionManager"/> 
     <property name="securityMetadataSource"> 
     <security:filter-security-metadata-source request-matcher="regex" use-expressions="true"> 
      <security:intercept-url pattern="\A/login.*\Z" access="REQUIRES_SECURE_CHANNEL"/> 
      <security:intercept-url pattern="\A/Home.*\Z" access="REQUIRES_INSECURE_CHANNEL"/> 
      <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> 
     </security:filter-security-metadata-source> 
     </property> 
    </bean>

Das obige Snippet wirft Fehler bei Migration zu Spring Security 4.x. Bitte lassen Sie mich wissen, ob es eine Lösung gibt. Ich habe den Migrationsleitfaden überprüft, aber keine Lösung dafür erwähnt. Dieses Snippet funktioniert einwandfrei mit Spring Security 3.x.Aktualisieren von Spring Security 3.x auf 4.x

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'serviceBindingGenerator': Invocation of init method failed; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'channelProcessingFilter' defined in URL [jar:file:xxxxx.jar!/META-INF/spring-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ANY_CHANNEL, REQUIRES_INSECURE_CHANNEL, REQUIRES_SECURE_CHANNEL] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:136) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsBeforeInitialization(AbstractAutowireCapableBeanFactory.java:408) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1570) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:839) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:538) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446) ~[spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328) ~[spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107) [spring-web-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4729) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5167) [catalina.jar:8.0.26] 
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:725) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:701) [catalina.jar:8.0.26] 
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:717) [catalina.jar:8.0.26] 
    at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:945) [catalina.jar:8.0.26] 
    at org.apache.catalina.startup.HostConfig$DeployWar.run(HostConfig.java:1768) [catalina.jar:8.0.26] 
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) [na:1.8.0_60] 
    at java.util.concurrent.FutureTask.run(FutureTask.java:266) [na:1.8.0_60] 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) [na:1.8.0_60] 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) [na:1.8.0_60] 
    at java.lang.Thread.run(Thread.java:745) [na:1.8.0_60] 
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'channelProcessingFilter' defined in URL [jar:file:/xxxxxx.jar!/META-INF/spring-security.xml]: Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: Unsupported configuration attributes: [ANY_CHANNEL, REQUIRES_INSECURE_CHANNEL, REQUIRES_SECURE_CHANNEL] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1578) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:545) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:306) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:302) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:197) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:1054) ~[spring-context-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:1.8.0_60] 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[na:1.8.0_60] 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:1.8.0_60] 
    at java.lang.reflect.Method.invoke(Method.java:497) ~[na:1.8.0_60] 
    at org.springsource.loaded.ri.ReflectiveInterceptor.jlrMethodInvoke(ReflectiveInterceptor.java:1426) ~[springloaded-1.2.5.RELEASE.jar:1.2.5.RELEASE] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleElement.invoke(InitDestroyAnnotationBeanPostProcessor.java:354) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor$LifecycleMetadata.invokeInitMethods(InitDestroyAnnotationBeanPostProcessor.java:305) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.annotation.InitDestroyAnnotationBeanPostProcessor.postProcessBeforeInitialization(InitDestroyAnnotationBeanPostProcessor.java:133) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    ... 27 common frames omitted 
Caused by: java.lang.IllegalArgumentException: Unsupported configuration attributes: [ANY_CHANNEL, REQUIRES_INSECURE_CHANNEL, REQUIRES_SECURE_CHANNEL] 
    at org.springframework.security.web.access.channel.ChannelProcessingFilter.afterPropertiesSet(ChannelProcessingFilter.java:131) ~[spring-security-web-4.1.2.RELEASE.jar:4.1.2.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1637) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1574) ~[spring-beans-4.2.4.RELEASE.jar:4.2.4.RELEASE] 
    ... 44 common frames omitted

Quelle

2016-08-17 jslearner07

+0

sollten Sie verwenden das 'erfordert-channel' Attribut mit möglichen Werten 'http',' https' und 'any'. – manish

Antwort

0

Sie benötigen intercept-url Definitionen wie folgt zu umschreiben:

<!-- old --> 
<security:intercept-url 
    pattern="\A/.*\Z" 
    access="ANY_CHANNEL"/> 

<!-- new --> 
<security:intercept-url 
    pattern="\A/.*\Z" 
    access="hasRole(...)" 
    requires-channel="any" />

documentation Nach Sie diese vales für requires-channel verwenden:

Die verfügbaren Optionen sind "http", " https "oder" any ". Wenn Sie den Wert "any" verwenden, können Sie entweder HTTP oder HTTPS verwenden.

Quelle

2016-08-17 15:03:18 vsminkov

+0

Danke. Ich habe die Konfiguration wie oben erklärt. . Jetzt bekomme ich unter Fehler \ nKonfigurationsproblem: Unerwarteter Fehler beim Analysieren der Bean-Definition Beleidigende Ressource: URL [jarxxxxxxx.jar! /META-INF/spring-security.xml] Bean 'channelProcessingFilter'; verschachtelte Ausnahme ist org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Konfigurationsproblem: Das Attribut 'requires-channel' ist hier nicht erlaubt. Beleidigende Ressource: URL [jar: Datei: xxxxxx.jar! /META-INF/spring-security.xml – jslearner07

+0

@ jslearner07 Welche genaue Federversion verwenden Sie? – vsminkov

+0

Ich verwende Spring 4.3.2.RELEASE – jslearner07

0

Setzen Sie use-expressions = "false". Nach dem documentation wird dieser Wert auf true gesetzt, wenn der Zugriff ein Ausdruck,

<security:filter-security-metadata-source use-expressions="true"> 
    <security:intercept-url pattern="/**" access="isAuthenticated()" /> 
</security:filter-security-metadata-source>

sonst falsch ausgewertet werden soll:

<security:filter-security-metadata-source request-matcher="regex" use-expressions="false"> 
    <security:intercept-url pattern="\A/.*\Z" access="ANY_CHANNEL"/> 
</security:filter-security-metadata-source>

Quelle

2018-02-07 20:15:41 Greg

Verwandte Themen

 Verwandte Themen