- Spring security 设置多登陆页面,xml配置不成功
-
Spring security 设置多登陆页面,security 3.1
xml配置信息如下:<http auto-config='true' use-expressions="true"> <logout /> <session-management></session-management> <form-login login-page="/index" authentication-failure-url="/index?login_error=t" always-use-default-target="true" default-target-url="/"></form-login> <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http>尝试过配置多个,但没有成功,只一个登陆页面出来
xml 配置信息如下:<http auto-config='true' pattern="/admin" use-expressions="true"> <logout /> <session-management></session-management> <remember-me /> <form-login login-page="/index" authentication-failure-url="/index?login_error=t" always-use-default-target="true" default-target-url="/"></form-login> <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <http auto-config='true' pattern="/user" use-expressions="true"> <logout /> <session-management></session-management> <remember-me /> <form-login login-page="/login" authentication-failure-url="/login?login_error=t" always-use-default-target="true" default-target-url="/"></form-login> <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http>页面报错如下:
HTTP Status 405 - Request method 'GET' not supported
单登陆页面配置如下:
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!-- exclude static resources --> <http pattern="/resources/**" security="none" /> <http pattern="/app/**" security="none"></http> <http pattern="/**/*.jpg" security="none"></http> <http pattern="/**/*.ico" security="none"></http> <http pattern="/**/*.xlsx" security="none"></http> <http pattern="/**/*.xls" security="none"></http> <!-- exclude login page --> <http pattern="/login" security="none" /> <http pattern="/index" security="none" /> <http auto-config='true' pattern="/admin" use-expressions="true"> <logout /> <session-management></session-management> <!-- 实现免登陆验证 --> <remember-me /> <intercept-url pattern="/login" access="ROLE_USER" /> <intercept-url pattern="/index" access="ROLE_SYSTEM" /> <form-login login-page="/index" authentication-failure-url="/index?login_error=t" always-use-default-target="true" default-target-url="/"></form-login> <custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <authentication-manager alias="myAuthenticationManager"> <authentication-provider user-service-ref="myUserDetailServiceImpl"> <password-encoder hash="md5"> <salt-source system-wide="bgrimm" /> </password-encoder> </authentication-provider> </authentication-manager> </beans:beans>请大佬帮忙下!!
QQ 756233642
- 其他相关推荐
- spring security的多登陆怎么配置?
- <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http auto-config="true" create-session="always" access-denied-page="/static/common/denied.html" use-expressions="true" disable-url-rewriting="true"> <!-- 配置不要过滤的图片等静态资源,其中**代表可以跨越目录,*不可以跨越目录。 --> <!-- 后面带一个*,因为请求页面的时候可能会带一些参数 --> <intercept-url pattern="/services*" filters="none"/> <intercept-url pattern="/services/*" filters="none"/> <intercept-url pattern="/static/**" filters="none"/> <!-- 不过滤图片等静态资源 --> <intercept-url pattern="/login.jsp*" filters="none"/> <!-- 登录页面不过滤 --> <intercept-url pattern="/index1.jsp*" filters="none"/> <!-- 登录页面不过滤 --> <intercept-url pattern="/front/login" filters="none"/> <!-- 登录页面不过滤 --> <intercept-url pattern="/install.jsp*" filters="none"/> <!-- 系统初始化配置不过滤 --> <intercept-url pattern="/sys/init" filters="none"/> <intercept-url pattern="/front/**" filters="none"/> <intercept-url pattern="/**/*.swf" filters="none" /> <!-- 配置登录页面 --> <!-- <form-login login-page="/front/login.jsp" login-processing-url="/j_spring_security_check" --> <!-- authentication-failure-url="/front/login?error=true" --> <!-- default-target-url="/front/index" --> <!-- always-use-default-target="true" --> <!-- authentication-success-handler-ref="authenticationSuccess" --> <!-- authentication-failure-handler-ref="exceptionMappingAuthenticationFailureHandler"/> --> <form-login login-page="/login.jsp" login-processing-url="/j_spring_security_check" authentication-failure-url="/login.jsp?error=true" default-target-url="/index" always-use-default-target="true" authentication-success-handler-ref="authenticationSuccess" authentication-failure-handler-ref="exceptionMappingAuthenticationFailureHandler"/> <!--"记住我"功能,采用持久化策略(将用户的登录信息存放cookie) --> <remember-me use-secure-cookie="true"/> <!-- 用户退出的跳转页面 --> <logout invalidate-session="true" logout-url="/j_spring_security_logout" logout-success-url="/login.jsp"/> <!-- 会话管理,设置最多登录异常,error-if-maximum-exceeded = false为第二次登录就会使前一个登录失效 --> <session-management invalid-session-url="/login.jsp"> <concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login.jsp?expired=true"/> </session-management> <!--添加自定义的过滤器 放在FILTER_SECURITY_INTERCEPTOR之前有效 --> <custom-filter ref="customFilterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" /> <anonymous enabled="false" /> </http> <beans:bean id="authenticationSuccess" class="edu.buaa.hsps.system.service.MySavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/index"/> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="customUserDetailsService"> <password-encoder hash="md5" base64="true"> <salt-source user-property="username"/> </password-encoder> </authentication-provider> </authentication-manager> <beans:bean id="exceptionMappingAuthenticationFailureHandler" class="org.springframework.security.web.authentication.ExceptionMappingAuthenticationFailureHandler"> <beans:property name="exceptionMappings"> <beans:props> <beans:prop key="org.springframework.security.authentication.DisabledException">/login.jsp?role=false</beans:prop> <beans:prop key="org.springframework.security.authentication.BadCredentialsException">/login.jsp?error=true</beans:prop> </beans:props> </beans:property> </beans:bean> </beans:beans> ``` ``` 在这个配置里面要怎么修改,需要一个前台登录,这里只配置了后台
- 使用spring security提示Access is denied?
- ``` org.springframework.security.access.AccessDeniedException: Access is denied at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:158) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:526) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:678) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:408) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1579) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) ``` +++++++++++++++++++++++ 配置文件: spring-security.xml ``` <security:global-method-security pre-post-annotations="enabled" jsr250-annotations="enabled" secured-annotations="enabled"></security:global-method-security> <!-- 配置不拦截的资源 --> <security:http pattern="/pages/login.jsp" security="none"/> <security:http pattern="/failer.jsp" security="none"/> <security:http pattern="/css/**" security="none"/> <security:http pattern="/img/**" security="none"/> <security:http pattern="/plugins/**" security="none"/> <security:http auto-config="true" use-expressions="true"> <!-- 配置具体的拦截的规则 pattern="请求路径的规则" access="访问系统的人,必须有ROLE_USER的角色" --> <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')"/> <!-- 定义跳转的具体的页面 --> <security:form-login login-page="/pages/login.jsp" login-processing-url="/login" default-target-url="/index.jsp" authentication-failure-url="/failer.jsp" authentication-success-forward-url="/pages/main.jsp" /> <!-- 关闭跨域请求 --> <security:csrf disabled="true"/> <!-- 退出 --> <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="/pages/login.jsp"/> </security:http> <!-- 切换成数据库中的用户名和密码 --> <security:authentication-manager> <security:authentication-provider user-service-ref="userService"> <!-- 配置加密的方式--> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <!-- 配置加密类 --> <bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"/> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="123" password="{noop}123" authorities="ROLE_USER"/> </security:user-service> </security:authentication-provider> </security:authentication-manager> ``` +++++++++++++++++++++++ web.xml  +++++++++++++++++++++++ login.jsp  +++++++++++++++++ 请问大神是怎么回事呢?
- spring-security url拦截配置问题
- 刚接触spring-security,按照文档上的做最小配置,基本配置如下: web.xml [code=text]<!-- 权限 Spring Security的权限过滤--> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>[/code] spring-security.xml配置 [code=text] <debug /> <global-method-security pre-post-annotations="enabled" /> <http pattern="/common/**" security="none" /> <http pattern="/resources/**" security="none" /> <http pattern="/home/login" security="none" /> <http pattern="login.html" security="none" />[/code] 我的登录页面是由spring Controller跳转到web-inf文件夹下的login.html登录页面 我开始怀疑是配置问题,后来试试访问 http://xxxx:8099/resource下的资源文件,是能正确过滤掉不拦截, 但是在使用登录页面请求的url时 http://xxxx:8099/home/login 一直是404 spring mvc Controller代码是 [code=java]@Controller @RequestMapping("/home") public class WelcomeController { @RequestMapping("/login") public String index(){ return "login.html"; } }[/code] 请问下问题出在什么地方?
- spring security不登陆也可以任意访问
- 项目中准备用spring security,根据网上搜索的资料做了一个demo,但是测试结果是不用登陆也能正常任意访问,请各位帮忙看下哪里有问题,谢谢。 以下是配置文件: web.xml [code="java"]<!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_5.xsd"> <context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:/applicationContext.xml,classpath*:/spring-security.xml</param-value> </context-param> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <filter> <filter-name>encodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>encodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring Security Filter --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> <!-- <init-param> <param-name>struts.i18n.encoding</param-name> <param-value>GBK</param-value> </init-param> --> </filter> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <session-config> <session-timeout>30</session-timeout> </session-config> </web-app> [/code] spring-security.xml [code="java"]<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <beans:description>Spring Security安全配置</beans:description> <http auto-config="true"> <form-login login-page="/login.htm" authentication-failure-url="/login.htm?error=1" authentication-success-handler-ref="customAuthenticationSuccessHandler" /> <logout logout-success-url="/index.htm" /> <remember-me key="oms123456789" token-validity-seconds="1209600"/> <access-denied-handler ref="accessDeniedHandler" /> <custom-filter ref="CustomFilterSecurityInterceptorImpl" before="FILTER_SECURITY_INTERCEPTOR" /> <http-basic /> </http> <!-- 登录成功后 操作类--> <beans:bean id="customAuthenticationSuccessHandler" class="com.ule.oms.user.security.CustomAuthenticationSuccessHandler" > <beans:constructor-arg value="/index.htm" /> <beans:property name="customAlwaysUseDefTargUrl" value="false"/> </beans:bean> <!-- 拒绝访问操作类 --> <beans:bean id="accessDeniedHandler" class="com.ule.oms.user.security.CustomAccessDeniedHandler" > <beans:property name="errorPage" value="/denied.htm"/> </beans:bean> <!-- 一个自定义的filter,必须包含authenticationManager,accessDecisionManager,securityMetadataSource三个属性。 --> <beans:bean id="CustomFilterSecurityInterceptorImpl" class="com.ule.oms.user.security.CustomFilterSecurityInterceptorImpl"> <beans:property name="authenticationManager" ref="autheticationManager" /><!-- 登陆的认证 --> <beans:property name="accessDecisionManager" ref="customAccessDecisionManager" /><!-- 资源访问决策 --> <beans:property name="securityMetadataSource" ref="customSecurityMetadataSource" /><!-- 资源和权限列表 --> </beans:bean> <authentication-manager alias="autheticationManager"> <authentication-provider user-service-ref="userDetailsServiceImpl"> </authentication-provider> </authentication-manager> </beans:beans> [/code] 不胜感激。
- eureka配置了spring security后,客户端启动报错,请求不到服务器
- 服务器端: pom.xml添加的spring security 启动类添加了@EnableEurekaServer注解 yml如下 spring: security: user: name: user password: psw123 eureka: client: service-url: defaultZone: http://user:psw123@localhost:8761/eureka register-with-eureka: false fetch-registry: false 客户端 pom添加spring-boot-starter-actuator依赖 启动类添加了@EnableDiscoveryClient注解 yml如下 eureka: client: service-url: defaultZone: http://user:psw123@localhost:8761/eureka instance: prefer-ip-address: true instance-id: ${spring.application.name}:${spring.application.instance_id:${server.port}} 服务器端启动正常,输入ip后也能通过输入用户名密码登录。但是客户端启动则报错。 com.netflix.discovery.shared.transport.TransportException: Cannot execute request on any known server 如果去掉spring security验证的话客户端是能够正常注册到注册中心的。 网上服务器的yml配置(如下),我这里是没有的。我这里只有spring.security, 没有直接就security。 security: basic: enable:true name: password
- 配置Spring-Security报错,找不到元素 'b:beans' 的声明
- Spring新手,现在想在SpringMVC的基础上使用Spring Security框架。但Spring Security配置报错,困扰了很久。先上代码 ``` <?xml version="1.0" encoding="UTF-8"?> <b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> ``` 报错 ``` org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 9 in XML document from class path resource [config/spring-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 9; columnNumber: 99; cvc-elt.1: 找不到元素 'b:beans' 的声明。 ``` 尝试网上的方法,加入 ``` <!DOCTYPE b:beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd"> ``` 则报错 ``` org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 9 in XML document from class path resource [config/spring-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 9; columnNumber: 99; 必须声明元素类型 "b:beans"。 ``` 请指教
- spring-security 配置<security:form-login>不起作用
- 其他的标签配置都有效就这个标签无效导致了一直无法拿到自己设置的自定义username参数,请问这是什么问题 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- 设置不拦截的资源url--> <security:http security="none" pattern="/css/**" /> <security:http security="none" pattern="/js/**" /> <security:http security="none" pattern="/images/**" /> <security:http security="none" pattern="/favicon.ico"/> <security:http security="none" pattern="/login*" /> <security:http security="none" pattern="/login/sendSms" /> <security:http security="none" pattern="/captchaServlet"/> <security:http security="none" pattern="/activecode*"/> <security:http security="none" pattern="/sendEmail*"/> <security:http security="none" pattern="/register*" /> <security:http security="none" pattern="/check/**" /> <security:http security="none" pattern="/accessDenied"/> <security:http security="none" pattern="/page/reply"/> <security:http security="none" pattern="/page/pages"/> <security:http auto-config="false" access-decision-manager-ref="accessDecisionManager" use-expressions="true" entry-point-ref="loginEntryPoint"> <!-- 禁用frame-option不禁用会阻止加载任何frame页面,包括图片上传超时--> <security:headers> <security:frame-options disabled="true"></security:frame-options> </security:headers> <!-- 配置登录页信息,分别为登录 URL、认证失败跳转 URL、认证成功跳转 URL、登录 URL、password 和 username 请求参数名称--> <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=1" login-processing-url="/login/doLogin" password-parameter="password" default-target-url="/personal/list" username-parameter="email" /> <security:access-denied-handler ref="accessDeniedHandler" /> <!-- 禁用csrf--> <security:csrf disabled="true"/> <security:intercept-url pattern="/" access="permitAll"/> <security:intercept-url pattern="/index**" access="permitAll"/> <security:intercept-url pattern="/login/sendSms" access="permitAll"/> <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/> <!-- session失效url session策略--> <security:session-management invalid-session-url="/index.jsp" session-authentication-strategy-ref="sessionStrategy"> </security:session-management> <!-- spring-security提供的过滤器 以及我们自定义的过滤器 authenticationFilter--> <security:custom-filter ref="logoutFilter" position="LOGOUT_FILTER" /> <security:custom-filter before="FORM_LOGIN_FILTER" ref="authenticationFilter"/> <security:custom-filter ref="concurrencyFilter" position="CONCURRENT_SESSION_FILTER"/> </security:http> <bean id="accessDeniedHandler" class="com.dream.sercurity.Account.MyAccessDeniedHandler"> <property name="errorPage" value="/accessDenied.jsp" /> </bean> <bean id="loginEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <!-- 用户未登录访问保护资源后弹到默认登录页的url --> <constructor-arg value="/login.jsp?error=login"/> </bean> <!-- 启用表达式 为了后面的投票器做准备 --> <bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" id="expressionHandler"/> <bean class="org.springframework.security.web.access.expression.WebExpressionVoter" id="expressionVoter"> <property name="expressionHandler" ref="expressionHandler"/> </bean> <!-- 认证管理器,使用自定义的accountService,并对密码采用md5加密 --> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="accountService"> <security:password-encoder hash="md5"> <security:salt-source user-property="email"></security:salt-source> </security:password-encoder> </security:authentication-provider> </security:authentication-manager> <bean id="authenticationFilter" class="com.dream.sercurity.Account.AccountAuthenticationFilter"> <property name="filterProcessesUrl" value="/login/doLogin"></property> <property name="authenticationManager" ref="authenticationManager"></property> <property name="sessionAuthenticationStrategy" ref="sessionStrategy"></property> <property name="authenticationSuccessHandler"> <bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <property name="defaultTargetUrl" value="/personal/list"></property> </bean> </property> <property name="authenticationFailureHandler"> <bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <property name="defaultFailureUrl" value="/login.jsp?error=fail"></property> </bean> </property> </bean> <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <!-- 处理退出的虚拟url --> <property name="filterProcessesUrl" value="/loginout" /> <!-- 退出处理成功后的默认显示url --> <constructor-arg index="0" value="/login.jsp?logout" /> <constructor-arg index="1"> <!-- 退出成功后的handler列表 --> <array> <bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" /> </array> </constructor-arg> </bean> <!-- ConcurrentSessionFilter过滤器配置(主要设置账户session过期路径) --> <bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <constructor-arg ref="sessionRegistry"></constructor-arg> <constructor-arg value="/login?error=expired"></constructor-arg> </bean> <bean id="sessionStrategy" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy"> <constructor-arg> <list> <bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy"> <property name="maximumSessions" value="1"></property> <property name="exceptionIfMaximumExceeded" value="false"></property> <constructor-arg ref="sessionRegistry"/> </bean> <bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"/> <bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy"> <constructor-arg ref="sessionRegistry"/> </bean> </list> </constructor-arg> </bean> <bean id="sessionRegistry" scope="singleton" class="org.springframework.security.core.session.SessionRegistryImpl"></bean> <bean id="accountService" class="com.dream.sercurity.Account.AccountDetailsService"/> <!-- An access decision voter that reads ROLE_* configuration settings --> <bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter"/> <bean id="authenticatedVoter" class="org.springframework.security.access.vote.AuthenticatedVoter"/> <bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased"> <constructor-arg> <list> <ref bean="roleVoter"/> <ref bean="authenticatedVoter"/> <ref bean="expressionVoter"/> </list> </constructor-arg> </bean> </beans> ``` ```
- spring-security配置的一点点小问题求解惑
- 刚接触spring-security,按照文档上的做最小配置,基本配置如下: web.xml ``` <!-- 权限 Spring Security的权限过滤--> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ``` spring-security.xml配置 ``` <debug /> <global-method-security pre-post-annotations="enabled" /> <http pattern="/common/**" security="none" /> <http pattern="/resources/**" security="none" /> <http pattern="/home/login" security="none" /> <http pattern="login.html" security="none" /> ``` 我的登录页面是由spring Controller跳转到web-inf文件夹下的login.html登录页面 我开始怀疑是配置问题,后来试试访问 http://xxxx:8099/resource下的资源文件,是能正确过滤掉不拦截, 但是在使用登录页面请求的url时 http://xxxx:8099/home/login 一直是404 spring mvc Controller代码是 ``` @Controller @RequestMapping("/home") public class WelcomeController { @RequestMapping("/login") public String index(){ return "login.html"; } } ``` 请问下问题出在什么地方?
- @Service("userService")配置之后,在spring-security.xml文件<security:authentication-provider user-service-ref="userService">报错
- 难道是我service没有bean注入成功?,明明在spring中扫描了service所在包了   大佬指点指点,谢谢~
- spring-session和security同时配置时,session不对该如何解决?
- 项目中已经在使用了security,在web.xml配置如下 ``` <filter> <filter-name>springSessionRepositoryFilter</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> ``` 近期想要增加spingSession,按照网上说明添加了一个filter ``` <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> ``` 两个filter同时配置后,spring-session是生效的,但是security中拿到的session不是同一个,改变filter顺序也没用。我认为不能这样配置两个filter,但是filter-name好像spring要求必须按照规范来写,所以没法把两个filter合并。那么该如何让spring-session和security并存,并且保证security拿到的是同一个session?
- spring security报错,实在是找不出原因
- # 说明一下,给别人的项目部署的时候报错的,项目代码没问题,配置也不会错,找了很久的原因不知道错在哪。  #这是spring security的配置 ``` <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http auto-config='true'> <curity:http> <security:http auto-config="true" use-expressions="false" access-denied-page="/login.jsp"> <security:form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" authentication-success-handler-ref="loginSuccessHandler" always-use-default-target="true" /> <security:logout logout-url="/logout" logout-success-url="/login.jsp"/> <security:session-management> <security:concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login.jsp?error=islogin"><curity:concurrency-control> <curity:session-management> <security:intercept-url pattern="rvices/**" access="IS_AUTHENTICATED_FULLY"><curity:intercept-url> <security:intercept-url pattern="/jsp/*.jsp" access="IS_AUTHENTICATED_FULLY"><curity:intercept-url> <security:custom-filter ref="myFilter" before="FILTER_SECURITY_INTERCEPTOR" /> <curity:http> <security:authentication-manager alias="authenticationManager"> <security:authentication-provider user-service-ref="myUserDetailService"> <curity:authentication-provider> <curity:authentication-manager> <bean id="loginSuccessHandler" class="com.springsecurity.handler.LoginSuccessHandler"> <property name="jdbcService" ref="jdbcService" /> </bean> <bean id="myFilter" class="com.springsecurity.filter.MyFilterSecurityInterceptor"> <property name="authenticationManager" ref="authenticationManager" /> <property name="accessDecisionManager" ref="myAccessDecisionManagerBean" /> <property name="securityMetadataSource" ref="mySecurityMetadataSource" /> </bean> <bean id="myUserDetailService" class="com.springsecurity.handler.MyUserDetailService"> <property name="userDao" ref="userDao" /> <property name="jdbcService" ref="jdbcService" /> </bean> <bean id="myAccessDecisionManagerBean" class="com.springsecurity.filter.MyAccessDecisionManager"> <property name="myInvocationSecurityMetadataSource" ref="mySecurityMetadataSource" /> </bean> <bean id="mySecurityMetadataSource" class="com.springsecurity.filter.MyInvocationSecurityMetadataSource"> <constructor-arg> <ref bean="roleDao" /> </constructor-arg> </bean> </beans> ``` # 这是web.xml的配置 ``` <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> ``` ## 怀疑是架包冲突  # 工程目录  # 还老报这个错 
- spring security 基于数据库的配置 控制不了url
- spring security 配置文件 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:s="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd" > <description>使用SpringSecurity的安全配置文件</description> <s:global-method-security secured-annotations="enabled"> </s:global-method-security> <!-- http安全配置 --> <s:http auto-config="true" access-denied-page="/403.jsp" access-decision-manager-ref="accessDecisionManager"> <s:intercept-url pattern="/login.jsp" filters="none"/> <s:intercept-url pattern="/jsp/security/**" access="A_MODIFY_USER"/> <s:intercept-url pattern="/**" access="A_VIEW_USER"/> <s:form-login login-page="/login.jsp" default-target-url="/portal/login.jspx" authentication-failure-url="/login.jsp?error=true" /> <s:logout logout-success-url="/portal/logout.jspx" /> </s:http> <s:authentication-provider user-service-ref="userDetailsService"> <!-- <s:user-service>--> <!-- <s:user name="luwh" password="luwh" authorities="ROLE_USER,ROLE_VIEW" />--> <!-- <s:user name="manager" password="manager" authorities="ROLE_MODIFY,ROLE_USER" />--> <!-- </s:user-service>--> </s:authentication-provider> <s:authentication-manager alias="authenticationManager"/> <!-- 项目实现的用户查询服务 --> <bean id="userDetailsService" class="com.zldigital.security.service.security.UserDetailServiceImpl"> <property name="userDAO"> <ref bean="userDAO"/> </property> </bean> <!-- 项目实现的URL-授权查询服务 --> <bean id="resourceDetailService" class="com.zldigital.security.service.security.ResourceDetailServiceImpl"> <property name="resourceDAO"> <ref bean="resourceDAO"/> </property> </bean> <!-- DefinitionSource工厂,使用resourceDetailService提供的URL-授权关系. --> <bean id="databaseDefinitionSource" class="com.zldigital.security.service.security.DefinitionSourceFactoryBean"> <property name="resourceDetailService" ref="resourceDetailService" /> </bean> <!-- 重新定义的FilterSecurityInterceptor,使用databaseDefinitionSource提供的url-授权关系定义 --> <bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor"> <property name="accessDecisionManager" ref="accessDecisionManager" /> <property name="objectDefinitionSource" ref="databaseDefinitionSource" /> <property name="authenticationManager" ref="authenticationManager"/> <property name="observeOncePerRequest" value="false"></property> <s:custom-filter before="FILTER_SECURITY_INTERCEPTOR"/> </bean> <!-- 授权判断配置, 将授权名称的默认前缀由ROLE_改为A_. --> <bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased"> <property name="decisionVoters"> <list> <bean class="org.springframework.security.vote.RoleVoter"> <property name="rolePrefix" value="A_" /> </bean> <bean class="org.springframework.security.vote.AuthenticatedVoter" /> </list> </property> </bean> </beans> userDetailServiceImpl类 public class UserDetailServiceImpl implements UserDetailsService{ private IUserDAO userDAO; public IUserDAO getUserDAO() { return userDAO; } public void setUserDAO(IUserDAO userDAO) { this.userDAO = userDAO; } public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { Users user = this.getUserDAO().findByLoginName(username); if(null == user) { throw new UsernameNotFoundException(username); } GrantedAuthority[] grantedAuths = obtainGrantedAuthorities(user); boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; User userdetail = new org.springframework.security.userdetails.User( user.getLoginName(), user.getPassword(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuths); return userdetail; } private GrantedAuthority[] obtainGrantedAuthorities(Users user) { Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>(); for (Roles role : user.getUsersRoleses()) { for (Authorities authorities : role.getRolesAuthoritieses()) { authSet.add(new GrantedAuthorityImpl(authorities.getName())); } } return authSet.toArray(new GrantedAuthority[authSet.size()]); } } ResourceDetailServiceImpl类 public class ResourceDetailServiceImpl implements ResourceDetailService { private IResourceDAO resourceDAO; public IResourceDAO getResourceDAO() { return resourceDAO; } public void setResourceDAO(IResourceDAO resourceDAO) { this.resourceDAO = resourceDAO; } @SuppressWarnings("unchecked") public LinkedHashMap<String, String> getRequestMap() throws Exception { List<Resources> list = (List<Resources>) this.getResourceDAO().findAll(); LinkedHashMap<String, String> requestMap = new LinkedHashMap<String, String>(); for(Resources resources : list) { System.out.println(resources.getValue() + "====" + resources.getAuthNames()); requestMap.put(resources.getValue(), resources.getAuthNames()); } return requestMap; } } DefinitionSourceFactoryBean类 public class DefinitionSourceFactoryBean implements FactoryBean { private ResourceDetailService resourceDetailService; public void setResourceDetailService(ResourceDetailService requestMapService) { this.resourceDetailService = requestMapService; } public Object getObject() throws Exception { LinkedHashMap<RequestKey, ConfigAttributeDefinition> requestMap = getRequestMap(); UrlMatcher matcher = getUrlMatcher(); DefaultFilterInvocationDefinitionSource definitionSource = new DefaultFilterInvocationDefinitionSource(matcher, requestMap); return definitionSource; } @SuppressWarnings("unchecked") public Class getObjectType() { return FilterInvocationDefinitionSource.class; } public boolean isSingleton() { return true; } private UrlMatcher getUrlMatcher() { return new AntUrlPathMatcher(); } private LinkedHashMap<RequestKey, ConfigAttributeDefinition> getRequestMap() throws Exception { LinkedHashMap<String, String> srcMap = resourceDetailService.getRequestMap(); LinkedHashMap<RequestKey, ConfigAttributeDefinition> requestMap = new LinkedHashMap<RequestKey, ConfigAttributeDefinition>(); ConfigAttributeEditor editor = new ConfigAttributeEditor(); for (Map.Entry<String, String> entry : srcMap.entrySet()) { RequestKey key = new RequestKey(entry.getKey(), null); editor.setAsText(entry.getValue()); requestMap.put(key, (ConfigAttributeDefinition) editor.getValue()); } return requestMap; } } 数据库里头配置url和权限,在web页面拦截不了,不知道为什么?
- spring security3拦截器问题
- 未登录系统的情况下,第一次访问页面会跳转到登录页面,第二次访问就能够访问 配置如下: ``` <http entry-point-ref="loginAuthenticationEntryPoint" > <!-- UsernamePasswordAuthenticationFilter default-target-url 指定了从登录页面登录后进行跳转的页面 always-use-default-target true表示登录成功后强制跳转 authentication-failure-url 表示验证失败后进入的页面 login-processing-url 设置验证登录验证地址,如果不设置,默认是j_spring_security_check username-parameter,password-parameter 设置登录用户名和密码的请求name,默认:j_username,j_password <form-login login-page="/login" default-target-url="/index" authentication-failure-url="/login?error=1" login-processing-url="/logined" username-parameter="loginUser" password-parameter="password" /> --> <logout logout-success-url="/login" invalidate-session="true" delete-cookies="JSESSIONID"/> <!-- 尝试访问没有权限的页面时跳转的页面 --> <access-denied-handler error-page="/permission" /> <!-- session-fixation-protection session固化保护 none使得 session 固化攻击失效,不会配置 SessionManagementFilter (除非其它的 <session-management> 属性不是默认值) migrateSession当用户经过认证后分配一个新的 session ,它保证原 session 的所有属性移到新 session 中。我们将在后面的章节中讲解,通过基于 bean 的方式如何进行这样的配置。 newSession当用户认证后,建立一个新的 session ,原(未认证时) session 的属性不会进行移到新 session 中来。--> <session-management invalid-session-url="/login" session-authentication-strategy-ref="compositeSessionAuthenticationStrategy" /> <custom-filter position="FORM_LOGIN_FILTER" ref="formloginFilter" /> <custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> <!-- 增加一个filter,这点与 Acegi是不一样的,不能修改默认的filter了, 这个filter位于FILTER_SECURITY_INTERCEPTOR之前 --> <custom-filter before="FILTER_SECURITY_INTERCEPTOR" ref="myFilter" /> </http> <!-- ConcurrentSessionFilter过滤器配置(主要设置账户session过期路径) 并发会话处理包所需要的过滤器。该过滤器具有双重作用。 首先,它会调用sessionregistry.refreshlastrequest为每个请求注册session总是有一个正确的最后更新时间。 第二,它会为每个请求从sessionregistry中获取sessioninformation并且检查session是否已被标记为已过期。 如果它被标记为已过期,配置注销处理程序将被调用(如同logoutfilter),重定向到指定的expiredurl,session失效将导致httpsessiondestroyedevent被触发 通过在web.xml注册httpsessioneventpublisher。 --> <beans:bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"> <beans:property name="sessionRegistry" ref="sessionRegistry" /> <beans:property name="expiredUrl" value="/login" /> </beans:bean> <!-- 登录过滤器(相当于<form-login/>) --> <beans:bean id="formloginFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> <beans:property name="usernameParameter" value="loginUser"></beans:property> <beans:property name="passwordParameter" value="password"></beans:property> <beans:property name="sessionAuthenticationStrategy" ref="compositeSessionAuthenticationStrategy" /> <!--处理登录的action --> <beans:property name="filterProcessesUrl" value="/logined"></beans:property> <!--验证成功后的处理 --> <beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"></beans:property> <!--验证失败后的处理 --> <beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property> <beans:property name="authenticationManager" ref="authenticationManager"></beans:property> </beans:bean> <!-- 混合session授权策略 --> <beans:bean id="compositeSessionAuthenticationStrategy" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy"> <beans:constructor-arg> <beans:list> <beans:bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy"> <beans:constructor-arg ref="sessionRegistry" /> <beans:property name="maximumSessions" value="1" /> <beans:property name="exceptionIfMaximumExceeded" value="true" /> </beans:bean> <beans:bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy"> </beans:bean> <beans:bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy"> <beans:constructor-arg ref="sessionRegistry" /> </beans:bean> </beans:list> </beans:constructor-arg> </beans:bean> <!--SessionRegistry的默认实现,它会在spring应用上下文中监听SessionDestroyedEvents事件 --> <beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" /> <!-- 登录点 --> <beans:bean id="loginAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> <beans:property name="loginFormUrl" value="/login"></beans:property> </beans:bean> <!-- 验证成功后的处理 --> <beans:bean id="loginLogAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"> <beans:property name="defaultTargetUrl" value="/index"></beans:property> </beans:bean> <!-- 验证失败后的处理 --> <beans:bean id="simpleUrlAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"> <!--可以配置相应的跳转方式。属性forwardToDestination为true采用forward false为sendRedirect --> <beans:property name="defaultFailureUrl" value="/login?error=1"></beans:property> </beans:bean> <!-- 一个自定义的filter,必须包含 authenticationManager,accessDecisionManager,securityMetadataSource三个属性, 我们的所有控制将在这三个类中实现,解释详见具体配置 --> <beans:bean id="myFilter" class="com.sanchuan.erp.security.MyFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="accessDecisionManager" ref="myAccessDecisionManagerBean" /> <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" /> </beans:bean> <!-- 验证配置 , 认证管理器,实现用户认证的入口,主要实现UserDetailsService接口即可 --> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="myUserDetailsService"> <!-- <s:password-encoder hash="sha" /> --> </authentication-provider> </authentication-manager> <!-- 项目实现的用户查询服务,将用户信息查询出来 --> <beans:bean id="myUserDetailsService" class="com.sanchuan.erp.security.MyUserDetailService"> <beans:property name="userService" ref="userServiceImpl"></beans:property> <beans:property name="roleService" ref="roleServiceImpl"></beans:property> </beans:bean> <!-- 访问决策器,决定某个用户具有的角色,是否有足够的权限去访问某个资源 --> <beans:bean id="myAccessDecisionManagerBean" class="com.sanchuan.erp.security.MyAccessDecisionManager"> </beans:bean> <!-- 资源源数据定义,将所有的资源和权限对应关系建立起来,即定义某一资源可以被哪些角色访问 --> <beans:bean id="mySecurityMetadataSource" class="com.sanchuan.erp.security.MyInvocationSecurityMetadataSourceService"> </beans:bean> ```
- spring security filterSecurityInterceptor
- ``` <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd" default-lazy-init="true"> <context:property-placeholder location="classpath:application.properties" ignore-unresolvable="true"/> <!--将启动基于表达式的语法--> <global-method-security pre-post-annotations="enabled" jsr250-annotations="enabled" proxy-target-class="true"/> <http pattern="/user/saveIcon" security="none"/> <http pattern="/security/anonymous/*" security="none"/> <http pattern="/system/*" security="none"/> <http auto-config="false" entry-point-ref="casEntryPoint" servlet-api-provision="true" use-expressions="true"> <anonymous enabled="false"/> <intercept-url pattern="/**" access="isFullyAuthenticated()"/> <access-denied-handler ref="accessDeniedHandler"/> <custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER"/> <custom-filter ref="singleLogoutFilter" before="CAS_FILTER"/> <custom-filter ref="casAuthenticationFilter" position="CAS_FILTER"/> <custom-filter ref="exceptionTranslationFilter" after="EXCEPTION_TRANSLATION_FILTER"/> <custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/> </http> <beans:bean id="exceptionTranslationFilter" class="net.xuele.member.web.manager.MemberExceptionTranslationFilter"> <beans:constructor-arg ref="casEntryPoint"></beans:constructor-arg> <beans:property name="accessDeniedHandler" ref="accessDeniedHandler" /> </beans:bean> <beans:bean id="accessDeniedHandler" class="net.xuele.member.web.manager.MemberAccessDeniedHandlerImpl"> </beans:bean> <!--权限验证--> <beans:bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager"/> <!--投票--> <beans:property name="accessDecisionManager" ref="xueleAccessDecisionManager"/> <!--资源权限关系认证 提供getAttributes方法,根据资源获取角色id列表--> <beans:property name="securityMetadataSource" ref="securityMetadataSource"/> </beans:bean> <!--决策管理器--> <beans:bean id="xueleAccessDecisionManager" class="net.xuele.common.security.XueleAccessDecisionManager"/> <!--资源角色对应--> <beans:bean id="securityMetadataSource" class="org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource"> <beans:constructor-arg name="requestMap" ref="requestMap"/> </beans:bean> <beans:bean id="requestMap" class="net.xuele.member.util.RequestMapFactoryBean"> <beans:property name="resourceService" ref="resourceService"/> </beans:bean> <!--security--> <!--拦截认证异常到CAS登录页--> <beans:bean id="casEntryPoint" class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"> <!--登录地址统一到http://www.xueleyun.com/member/--> <beans:property name="loginUrl" value="${cas.url}"/> <beans:property name="encodeServiceUrlWithSessionId" value="false"/> <beans:property name="serviceProperties" ref="serviceProperties"/> </beans:bean> <beans:bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties"> <!--验证--> <beans:property name="service" value="${member-web}j_spring_cas_security_check"/> <beans:property name="sendRenew" value="false"/> </beans:bean> <!--ticket认证 AbstractAuthenticationProcessingFilter封装简单au,--> <beans:bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"> <beans:property name="authenticationManager" ref="authenticationManager"/> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider ref="casAuthenticationProvider"/> </authentication-manager> <beans:bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentication.CasAuthenticationProvider"> <beans:property name="authenticationUserDetailsService" ref="casAuthenticationUserDetailsService"/> <beans:property name="serviceProperties" ref="serviceProperties"/> <beans:property name="ticketValidator"> <beans:bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"> <beans:constructor-arg index="0" value="${cas.url}"/> </beans:bean> </beans:property> <beans:property name="key" value="an_id_for_this_auth_provider_only"/> </beans:bean> <!--补充usersession--> <beans:bean id="casAuthenticationUserDetailsService" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper"> <beans:property name="userDetailsService"> <beans:ref bean="userDetailsService"/> </beans:property> </beans:bean> <!-- 注销客户端 --> <beans:bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/> <!-- 注销服务器端 --> <beans:bean id="requestSingleLogoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter"> <beans:constructor-arg value="${cas.url}/logout?service=${member-web}"/> <beans:constructor-arg> <beans:bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/> </beans:constructor-arg> <beans:property name="filterProcessesUrl" value="/j_spring_cas_security_logout"/> </beans:bean> </beans:beans> ``` 登出的时候跳回自己的主页,没有要求去重新登录。 <custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR"/> 去掉就没问题,或者将before换成after,但这样权限认证就失效了。 
- spring boot security 异常消息如何本地化?
- xml配置是加上个bean就可以 , <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <property name="basename" value="classpath:org/springframework/security/messages"/> </bean> spring boot中需要怎么配置呢?我也声明了个bean但没有效果 @Bean MessageSource getMessageSource(){ ReloadableResourceBundleMessageSource parentMessageSource = new ReloadableResourceBundleMessageSource(); parentMessageSource.setDefaultEncoding("UTF-8"); parentMessageSource.setBasename("classpath:org/springframework/security/messages"); return parentMessageSource; }
- spring security3 自定义登录页面,无论输入什么,直接被拦截跳到错误页面
- spring security 3,做数据库验证,启动没有问题,但每次点登录按钮的时候,不论输入正确或错误的用户名密码,都直接跳到错误页面,debug跟踪后发现,在InvocationSecurityMetadataSourceService中的getAttributes(Object object)方法传入的object的url值就是验证失败页面的url,感觉就是没有权限,被拦截了,请教各位,我的配置有什么问题吗?下面是代码 login.jsp [code="jsp"]<form method="post" action="${pageContext.request.contextPath}/j_spring_security_check"> <table> <td>用户名</td> <td><input type="text" name="j_username" value=""></td> <tr> <td>密码</td> <td><input type="password" name="j_password" value=""></td> </table> <input type="submit" name="button" value="登录" /> </form>[/code] security.xml [code="xml"] <http auto-config="true" access-denied-page="/jsp/home.jsp"> <intercept-url pattern="/css/**" filters="none" /> <intercept-url pattern="/style/**" filters="none" /> <intercept-url pattern="/images/**" filters="none" /> <intercept-url pattern="/js/**" filters="none" /> <intercept-url pattern="/jsp/login.jsp" filters="none" /> <!-- <intercept-url pattern="/jsp/admin.jsp" access="ROLE_ADMIN" /> <intercept-url pattern="/**" access="ROLE_USER" /> --> <form-login login-page="/jsp/login.jsp" authentication-failure-url="/jsp/error.jsp" default-target-url="/jsp/index.jsp" /> <logout logout-success-url="/jsp/login.jsp"/> <session-management> <concurrency-control max-sessions="1" error-if-maximum-exceeded="true" /> </session-management> <custom-filter ref="pawnFilter" before="FILTER_SECURITY_INTERCEPTOR" /> </http> <beans:bean id="pawnFilter" class="com.sywzsh.security.PawnFilterSecurityInterceptor"> <beans:property name="authenticationManager" ref="authenticationManager" /> <beans:property name="accessDecisionManager" ref="pawnAccessDecisionManagerService" /> <beans:property name="securityMetadataSource" ref="pawnSecurityDataSourceService" /> </beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider user-service-ref="userDetailsService"> </authentication-provider> </authentication-manager> <!-- 查询用户信息 --> <beans:bean id="userDetailsService" class="com.sywzsh.security.PawnUsersDetailsService" /> <!-- 决策访问器,判断是否有权限访问某个资源 --> <beans:bean id="pawnAccessDecisionManagerService" class="com.sywzsh.security.PawnAccessDecisionManagerService" /> <!-- 资源数据定义,资源与角色相关联,一个资源可被哪些角色访问 --> <beans:bean id="pawnSecurityDataSourceService" init-method="loadResourceDefine" class="com.sywzsh.security.PawnInvocationSecurityMetadataSourceService"> </beans:bean> [/code] 过滤器等代码与网上教程一致,如http://andy-ghg.iteye.com/blog/1081622 ,http://blog.csdn.net/remote_roamer/archive/2010/07/05/5713777.aspx 代码大同小异,不知道有哪位兄台遇到过这种情况。
- Spring Security /j_spring_security_check 无法找到404错误
- Spring Security /j_spring_security_check 无法找到404错误。在WAS7和JBoss上都试过了,一样的错误。在WAS上也试过加入com.ibm.ws.webcontainer.invokeFiltersCompatibility=true,都不成功。 <br /> <br />//-- web.xml --// <br /><pre name="code" class="java"><?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <!-- load Spring configurations --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/myApplicationContext.xml</param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <welcome-file-list> <welcome-file>index.html</welcome-file> <welcome-file>index.htm</welcome-file> <welcome-file>index.jsp</welcome-file> <welcome-file>default.html</welcome-file> <welcome-file>default.htm</welcome-file> <welcome-file>default.jsp</welcome-file> </welcome-file-list> </web-app> </pre> <br /> <br />//-- myApplicationContext.xml --// <br /><pre name="code" class="java"><?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http auto-config="true"> <security:form-login login-processing-url="/j_spring_security_check" login-page="/login.jsp" authentication-failure-url="/login.jsp" /> <security:intercept-url pattern="/secured/**" access="ROLE_ADMIN" /> <security:logout /> </security:http> <security:user-service id="dummyUserRegistry"> <security:user name="jack" password="12345678" authorities="ROLE_ADMIN" /> </security:user-service> <security:authentication-manager> <security:authentication-provider user-service-ref="dummyUserRegistry" /> </security:authentication-manager> </beans> </pre> <br /> <br />//-- JSP --// <br /><pre name="code" class="java"> <form method="POST" action="/j_spring_security_check"> <label for="j_username">Username:&nbsp;&nbsp;</label> <input type="text" name="j_username" /><br/> <label for="j_password">Password:&nbsp;&nbsp;</label> <input type="password" name="j_password" /><br/> <input type="submit" value="Login" /> </form></pre> <br /><br/><strong>问题补充</strong><br/>这个貌似是老生常谈的问题,但是我试了很多的方法,依然不行。<br /><br />在WAS7上加了invokeFiltersCompatibility=true,还是不行。换了JBoss 7.1,同样错误,应该和平台无关了,应该是我的配置出问题了。<br /><br />求指正
- StringMVC+Spring-Security 登陆后地址栏出现/timeout 跳转到404页面
- 第一次使用Spring-Security ,下载了几个demo 也看了 文档, 使用最小http配置和配置测试用户 都是正常的, 就是使用数据库用户登录的时候,不知道是哪里出的问题, 求指点,感激不尽! [b]spring-security.xml内容[/b]: [code="java"] <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd" default-autowire="byType" default-lazy-init="true"> <http auto-config='true'> <intercept-url pattern="/img/**" filters="none"/> <!-- 静态资源、登陆页面不过滤, filters="none" 表示不过滤 --> <intercept-url pattern="/js/**" filters="none"/> <intercept-url pattern="/css/**" filters="none"/> <intercept-url pattern="/dwz/**" filters="none"/> <intercept-url pattern="/index.jsp*" filters="none"/> <intercept-url pattern="/hello" filters="none"/> <intercept-url pattern="/user/login" filters="none"/> <intercept-url pattern="/**" access="ROLE_USER"/> <form-login login-page='/hello' default-target-url='/user/index' always-use-default-target='true'/> </http> <!-- 测试用户 <authentication-manager> <authentication-provider> <user-service> <user name="jimi" password="jimispassword" authorities="ROLE_USER,ROLE_ADMIN"/> <user name="bob" password="bobspassword" authorities="ROLE_USER"/> </user-service> </authentication-provider> </authentication-manager> --> <!-- 指定一个自定义的authentication-manager :customUserDetailsService --> <authentication-manager> <authentication-provider user-service-ref="customUserDetailsService"> <password-encoder hash="plaintext"/> </authentication-provider> </authentication-manager> <beans:bean id="customUserDetailsService" class="com.travel.spring.service.UserDetailsServiceImpl" /> </beans:beans> [/code] [b] com.travel.spring.service.UserDetailsServiceImpl 代码:[/b] [code="java"] package com.travel.spring.service; import java.util.ArrayList; import java.util.Collection; import javax.annotation.Resource; import org.apache.log4j.Logger; import org.springframework.dao.DataAccessException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.springframework.transaction.annotation.Transactional; import com.travel.spring.model.WebUser; @Transactional(readOnly = true) public class UserDetailsServiceImpl implements UserDetailsService { protected static Logger logger = Logger.getLogger("service"); @Resource(name = "webUserService") private IWebUserService webUserService; public UserDetails loadUserByUsername(String username){ try { WebUser user = webUserService.getUserByName(username);// user已经获得 为:admin,123456,李岩 if (user == null) { throw new UsernameNotFoundException("用户{ " + username + " }不存在!"); } //Set<GrantedAuthority> grantedAuths = obtainGrantedAuthorities(user); Collection<GrantedAuthority>grantedAuths = obtainGrantedAuthorities(user); // -- mini-web示例中无以下属性, 暂时全部设为true. --// boolean enabled = true; boolean accountNonExpired = true; boolean credentialsNonExpired = true; boolean accountNonLocked = true; UserDetails userdetails = new org.springframework.security.core.userdetails.User( user.getLoginName(), user.getPassWord(), enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, grantedAuths); return userdetails; } catch (Exception e) { // TODO: handle exception } return null; } /** * 获得当前User的权限('ROLE_' 开头的) */ private Collection<GrantedAuthority> obtainGrantedAuthorities(WebUser user) { Collection<GrantedAuthority> auths=new ArrayList<GrantedAuthority>(); GrantedAuthorityImpl auth2=new GrantedAuthorityImpl("ROLE_USER"); auths.add(auth2); return auths; } } [/code] [b]登陆页面代码:[/b] [code="java"] <div class="panel-c-l"> <form name="f" action="<%=path%>/j_spring_security_check" method='post'> <table cellpadding="0" cellspacing="0"> <tbody> <tr> <td align="left" colspan="2"> <h3>请使用Travel Manager系统账号登陆</h3> </td> </tr> <tr> <td align="right">账号:</td><td align="left"><input type="text" id="j_username" name="j_username" class="login-text" /></td> </tr> <tr> <td align="right">密码:</td><td align="left"><input type="password" name="j_password" class="login-text" /></td> </tr> <tr> <td align="center" colspan="2"> <input type="submit" id="btnLogin" value="登陆" class="login-btn" /> </td> </tr> </tbody> </table> </form> </div> [/code] [b] UserController.java 代码[/b] [code="java"]package com.travel.spring.web; import java.util.ArrayList; import java.util.Collection; import java.util.List; import java.util.Set; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.GrantedAuthorityImpl; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestParam; import com.travel.spring.model.WebUser; import com.travel.spring.service.IWebUserService; @Controller @RequestMapping("/user") public class UserController { private IWebUserService webUserService; public IWebUserService getWebUserService() { return webUserService; } public void setWebUserService(IWebUserService webUserService) { this.webUserService = webUserService; } @RequestMapping(value="/index") public String index(Model model,HttpServletRequest request,HttpSession session) throws Exception{ return "admin/index"; } } [/code] 用户名 密码填写错误,还是跳转到当前页面, 如果填写正确了,就会出现 /timeout 404页面 ,如图 [img]http://dl.iteye.com/upload/attachment/0083/5848/ea079fb1-37b6-3aaa-806e-7af4198b89a3.jpg[/img]
- springcloud Hoxton.SR1 在网关中添加 zipkin 配置后报错 This converter does not support this method 应该如何解决
- pom.xml 配置 ``` <dependencies> <!--微服务注册--> <!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-netflix-eureka-client --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-eureka-client</artifactId> </dependency> <!--网关配置--> <!-- https://mvnrepository.com/artifact/org.springframework.cloud/spring-cloud-starter-netflix-zuul --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-netflix-zuul</artifactId> </dependency> <!--限流--> <!-- https://mvnrepository.com/artifact/com.marcosbarbero.cloud/spring-cloud-zuul-ratelimit --> <dependency> <groupId>com.marcosbarbero.cloud</groupId> <artifactId>spring-cloud-zuul-ratelimit</artifactId> <version>2.3.0.RELEASE</version> </dependency> <!--限流redis数据库记录数据--> <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-redis --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-data-redis</artifactId> </dependency> <!--OAuth--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-oauth2</artifactId> </dependency> <!-- https://mvnrepository.com/artifact/org.projectlombok/lombok --> <dependency> <groupId>org.projectlombok</groupId> <artifactId>lombok</artifactId> </dependency> <!--自定义config配置--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-configuration-processor</artifactId> <optional>true</optional> </dependency> <dependency> <groupId>com.alibaba</groupId> <artifactId>fastjson</artifactId> <version>1.2.62</version> </dependency> <!-- 被zipkin服务追踪的启动依赖--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-zipkin</artifactId> </dependency> <!--配置rabbitmq--> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-stream-rabbit</artifactId> </dependency> </dependencies> ``` application.yml ``` server: port: 6020 spring: application: name: Gateway-Zuul #对曝光的微服务的名称 #配置redis redis: host: 127.0.0.1 port: 6379 password: admin jedis: pool: max-active: 100 max-idle: 8 min-idle: 4 max-wait: 10000 timeout: 3000 #rabbitmq rabbitmq: host: 127.0.0.1 port: 5672 username: admin password: admin #zipkin在rabbitmq消息队列zipkin zipkin: sender: type: rabbit rabbitmq: queue: zipkin #被追踪的可能性,默认是0.1 表示百分之10 sleuth: sampler: probability: 1.0 eureka: client: service-url: defaultZone: http://Eureka7001.com:7001/eureka/ registry-fetch-interval-seconds: 5 # 默认为30秒 表示eureka client间隔多久去拉取服务注册信息,默认为30秒,对于api-gateway,如果要迅速获取服务注册状态,可以缩小该值,比如5秒 instance: instance-id: ${spring.application.name}:${spring.cloud.client.ip-address}:${spring.application.instance_id:${server.port}} #修改之后的ip prefer-ip-address: true #访问路径显示IP地址 zuul: host: connect-timeout-millis: 15000 #HTTP连接超时要比Hystrix的大 socket-timeout-millis: 60000 #socket超时 ignored-services: "*" # 不允许用微服务名访问了,如果禁用所有的,可以使用 "*" routes: OAuth-server: /auth/** sensitive-headers: #允许传递敏感信息 #限流配置 ratelimit: enabled: true repository: REDIS behind-proxy: true add-response-headers: false default-policy-list: #optional - will apply unless specific policy exists - limit: 20 #optional - request number limit per refresh interval window quota: 1 #optional - request time limit per refresh interval window (in seconds) refresh-interval: 1 #default value (in seconds) type: #optional # - user - origin - url - httpmethod security: oauth2: client: #令牌端点 access-token-uri: http://localhost:${server.port}/auth/oauth/token #授权端点 user-authorization-uri: http://localhost:${server.port}/auth/oauth/authorize #OAuth2客户端ID client-id: test #OAuth2客户端密钥 client-secret: test authorization: check-token-access: http://localhost:${server.port}/auth/oauth/check_token resource: jwt: key-value: jkdfjkdf ribbon: ReadTimeout: 10000 ConnectTimeout: 10000 hystrix: command: default: execution: isolation: thread: timeoutInMilliseconds: 3000 circuitBreaker: enabled: true requestVolumeThreshold: 10 sleepWindowInMilliseconds: 10000 errorThresholdPercentage: 60 ``` 报错信息: ``` 2020-02-09 17:04:44.448 ERROR [Gateway-Zuul,bb484313c41a709a,0245f4527d3b0826,true] 20368 --- [ask-scheduler-1] o.s.integration.handler.LoggingHandler : org.springframework.messaging.MessagingException: Failed to invoke method; nested exception is java.lang.UnsupportedOperationException: This converter does not support this method at org.springframework.integration.endpoint.MethodInvokingMessageSource.doReceive(MethodInvokingMessageSource.java:115) at org.springframework.integration.endpoint.AbstractMessageSource.receive(AbstractMessageSource.java:167) at org.springframework.integration.endpoint.SourcePollingChannelAdapter.receiveMessage(SourcePollingChannelAdapter.java:250) at org.springframework.integration.endpoint.AbstractPollingEndpoint.doPoll(AbstractPollingEndpoint.java:359) at org.springframework.integration.endpoint.AbstractPollingEndpoint.pollForMessage(AbstractPollingEndpoint.java:328) at org.springframework.integration.endpoint.AbstractPollingEndpoint.lambda$null$1(AbstractPollingEndpoint.java:275) at org.springframework.integration.util.ErrorHandlingTaskExecutor.lambda$execute$0(ErrorHandlingTaskExecutor.java:57) at org.springframework.core.task.SyncTaskExecutor.execute(SyncTaskExecutor.java:50) at org.springframework.integration.util.ErrorHandlingTaskExecutor.execute(ErrorHandlingTaskExecutor.java:55) at org.springframework.integration.endpoint.AbstractPollingEndpoint.lambda$createPoller$2(AbstractPollingEndpoint.java:272) at org.springframework.cloud.sleuth.instrument.async.TraceRunnable.run(TraceRunnable.java:67) at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:93) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180) at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) Caused by: java.lang.UnsupportedOperationException: This converter does not support this method at org.springframework.integration.support.converter.DefaultDatatypeChannelMessageConverter.toMessage(DefaultDatatypeChannelMessageConverter.java:85) at org.springframework.messaging.converter.CompositeMessageConverter.toMessage(CompositeMessageConverter.java:83) at org.springframework.cloud.function.context.catalog.BeanFactoryAwareFunctionRegistry$FunctionInvocationWrapper.lambda$convertOutputValueIfNecessary$2(BeanFactoryAwareFunctionRegistry.java:620) at java.util.stream.ReferencePipeline$3$1.accept(ReferencePipeline.java:193) at java.util.ArrayList$ArrayListSpliterator.tryAdvance(ArrayList.java:1359) at java.util.stream.ReferencePipeline.forEachWithCancel(ReferencePipeline.java:126) at java.util.stream.AbstractPipeline.copyIntoWithCancel(AbstractPipeline.java:499) at java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:486) at java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:472) at java.util.stream.FindOps$FindOp.evaluateSequential(FindOps.java:152) at java.util.stream.AbstractPipeline.evaluate(AbstractPipeline.java:234) at java.util.stream.ReferencePipeline.findFirst(ReferencePipeline.java:464) at org.springframework.cloud.function.context.catalog.BeanFactoryAwareFunctionRegistry$FunctionInvocationWrapper.convertOutputValueIfNecessary(BeanFactoryAwareFunctionRegistry.java:626) at org.springframework.cloud.function.context.catalog.BeanFactoryAwareFunctionRegistry$FunctionInvocationWrapper.doApply(BeanFactoryAwareFunctionRegistry.java:569) at org.springframework.cloud.function.context.catalog.BeanFactoryAwareFunctionRegistry$FunctionInvocationWrapper.get(BeanFactoryAwareFunctionRegistry.java:474) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:282) at org.springframework.util.ReflectionUtils.invokeMethod(ReflectionUtils.java:266) at org.springframework.integration.endpoint.MethodInvokingMessageSource.doReceive(MethodInvokingMessageSource.java:112) ... 19 moreyi ```
- 动态规划入门到熟悉,看不懂来打我啊
- 持续更新。。。。。。 2.1斐波那契系列问题 2.2矩阵系列问题 2.3跳跃系列问题 3.1 01背包 3.2 完全背包 3.3多重背包 3.4 一些变形选讲 2.1斐波那契系列问题 在数学上,斐波纳契数列以如下被以递归的方法定义:F(0)=0,F(1)=1, F(n)=F(n-1)+F(n-2)(n>=2,n∈N*)根据定义,前十项为1, 1, 2, 3...
- 终于明白阿里百度这样的大公司,为什么面试经常拿ThreadLocal考验求职者了
- 点击上面↑「爱开发」关注我们每晚10点,捕获技术思考和创业资源洞察什么是ThreadLocalThreadLocal是一个本地线程副本变量工具类,各个线程都拥有一份线程私...
- 对计算机专业来说学历真的重要吗?
- 我本科学校是渣渣二本,研究生学校是985,现在毕业五年,校招笔试、面试,社招面试参加了两年了,就我个人的经历来说下这个问题。 这篇文章很长,但绝对是精华,相信我,读完以后,你会知道学历不好的解决方案,记得帮我点赞哦。 先说结论,无论赞不赞同,它本质就是这样:对于技术类工作而言,学历五年以内非常重要,但有办法弥补。五年以后,不重要。 目录: 张雪峰讲述的事实 我看到的事实 为什么会这样 ...
- Java学习的正确打开方式
- 在博主认为,对于入门级学习java的最佳学习方法莫过于视频+博客+书籍+总结,前三者博主将淋漓尽致地挥毫于这篇博客文章中,至于总结在于个人,实际上越到后面你会发现学习的最好方式就是阅读参考官方文档其次就是国内的书籍,博客次之,这又是一个层次了,这里暂时不提后面再谈。博主将为各位入门java保驾护航,各位只管冲鸭!!!上天是公平的,只要不辜负时间,时间自然不会辜负你。 何谓学习?博主所理解的学习,它是一个过程,是一个不断累积、不断沉淀、不断总结、善于传达自己的个人见解以及乐于分享的过程。
- 程序员必须掌握的核心算法有哪些?
- 由于我之前一直强调数据结构以及算法学习的重要性,所以就有一些读者经常问我,数据结构与算法应该要学习到哪个程度呢?,说实话,这个问题我不知道要怎么回答你,主要取决于你想学习到哪些程度,不过针对这个问题,我稍微总结一下我学过的算法知识点,以及我觉得值得学习的算法。这些算法与数据结构的学习大多数是零散的,并没有一本把他们全部覆盖的书籍。下面是我觉得值得学习的一些算法以及数据结构,当然,我也会整理一些看过
- 大学四年自学走来,这些私藏的实用工具/学习网站我贡献出来了
- 大学四年,看课本是不可能一直看课本的了,对于学习,特别是自学,善于搜索网上的一些资源来辅助,还是非常有必要的,下面我就把这几年私藏的各种资源,网站贡献出来给你们。主要有:电子书搜索、实用工具、在线视频学习网站、非视频学习网站、软件下载、面试/求职必备网站。 注意:文中提到的所有资源,文末我都给你整理好了,你们只管拿去,如果觉得不错,转发、分享就是最大的支持了。 一、电子书搜索 对于大部分程序员...
- Python 植物大战僵尸代码实现(2):植物卡片选择和种植
- 这篇文章要介绍的是: - 上方植物卡片栏的实现。 - 点击植物卡片,鼠标切换为植物图片。 - 鼠标移动时,判断当前在哪个方格中,并显示半透明的植物作为提示。
- 防劝退!数据结构和算法难理解?可视化动画带你轻松透彻理解!
- 大家好,我是 Rocky0429,一个连数据结构和算法都不会的蒟蒻… 学过数据结构和算法的都知道这玩意儿不好学,没学过的经常听到这样的说法还没学就觉得难,其实难吗?真难! 难在哪呢?当年我还是个小蒟蒻,初学数据结构和算法的时候,在忍着枯燥看完定义原理,之后想实现的时候,觉得它们的过程真的是七拐八绕,及其难受。 在简单的链表、栈和队列这些我还能靠着在草稿上写写画画理解过程,但是到了数论、图...
- 【搞定 Java 并发面试】面试最常问的 Java 并发基础常见面试题总结!
- 本文为 SnailClimb 的原创,目前已经收录自我开源的 JavaGuide 中(61.5 k Star!【Java学习 面试指南】 一份涵盖大部分Java程序员所需要掌握的核心知识。欢迎 Star!)。 另外推荐一篇原创:终极推荐!可能是最适合你的Java学习路线 方法 网站 书籍推荐! Java 并发基础常见面试题总结 1. 什么是线程和进程? 1.1. 何为进程? 进程是程...
- 西游记团队中如果需要裁掉一个人,会先裁掉谁?
- 2019年互联网寒冬,大批企业开始裁员,下图是网上流传的一张截图: 裁员不可避免,那如何才能做到不管大环境如何变化,自身不受影响呢? 我们先来看一个有意思的故事,如果西游记取经团队需要裁员一名,会裁掉谁呢,为什么? 西游记团队组成: 1.唐僧 作为团队teamleader,有很坚韧的品性和极高的原则性,不达目的不罢休,遇到任何问题,都没有退缩过,又很得上司支持和赏识(直接得到唐太宗的任命,既给
- shell脚本:备份数据库、代码上线
- 备份MySQL数据库 场景: 一台MySQL服务器,跑着5个数据库,在没有做主从的情况下,需要对这5个库进行备份 需求: 1)每天备份一次,需要备份所有的库 2)把备份数据存放到/data/backup/下 3)备份文件名称格式示例:dbname-2019-11-23.sql 4)需要对1天以前的所有sql文件压缩,格式为gzip 5)本地数据保留1周 6)需要把备份的数据同步到远程备份中心,假如...
- iOS Bug 太多,苹果终于坐不住了!
- 开源的 Android 和闭源的 iOS,作为用户的你,更偏向哪一个呢? 整理 | 屠敏 出品 | CSDN(ID:CSDNnews) 毋庸置疑,当前移动设备操作系统市场中,Android 和 iOS 作为两大阵营,在相互竞争的同时不断演进。不过一直以来,开源的 Android 吸引了无数的手机厂商涌入其中,为其生态带来了百花齐放的盛景,但和神秘且闭源的 iOS 系统相比,不少网友...
- 神经⽹络可以计算任何函数的可视化证明
- 《Neural Networks and Deep Learning》读书笔记第四篇本章其实和前面章节的关联性不大,所以大可将本章作为小短文来阅读,当然基本的深度学习基础还是要有的。主要介绍了神经⽹络拥有的⼀种普遍性,比如说不管目标函数是怎样的,神经网络总是能够对任何可能的输入,其值(或者说近似值)是网络的输出,哪怕是多输入和多输出也是如此,我们大可直接得出一个结论:不论我们想要计算什么样的函数,...
- 聊聊C语言和指针的本质
- 坐着绿皮车上海到杭州,24块钱,很宽敞,在火车上非正式地聊几句。 很多编程语言都以 “没有指针” 作为自己的优势来宣传,然而,对于C语言,指针却是与生俱来的。 那么,什么是指针,为什么大家都想避开指针。 很简单, 指针就是地址,当一个地址作为一个变量存在时,它就被叫做指针,该变量的类型,自然就是指针类型。 指针的作用就是,给出一个指针,取出该指针指向地址处的值。为了理解本质,我们从计算机模型说起...
- 为什么你学不过动态规划?告别动态规划,谈谈我的经验
- 动态规划难吗?说实话,我觉得很难,特别是对于初学者来说,我当时入门动态规划的时候,是看 0-1 背包问题,当时真的是一脸懵逼。后来,我遇到动态规划的题,看的懂答案,但就是自己不会做,不知道怎么下手。就像做递归的题,看的懂答案,但下不了手,关于递归的,我之前也写过一篇套路的文章,如果对递归不大懂的,强烈建议看一看:为什么你学不会递归,告别递归,谈谈我的经验 对于动态规划,春招秋招时好多题都会用到动态...
- 程序员一般通过什么途径接私活?
- 二哥,你好,我想知道一般程序猿都如何接私活,我也想接,能告诉我一些方法吗? 上面是一个读者“烦不烦”问我的一个问题。其实不止是“烦不烦”,还有很多读者问过我类似这样的问题。 我接的私活不算多,挣到的钱也没有多少,加起来不到 20W。说实话,这个数目说出来我是有点心虚的,毕竟太少了,大家轻喷。但我想,恰好配得上“一般程序员”这个称号啊。毕竟苍蝇再小也是肉,我也算是有经验的人了。 唾弃接私活、做外...
- 字节跳动面试官这样问消息队列:分布式事务、重复消费、顺序消费,我整理了一下
- 你知道的越多,你不知道的越多 点赞再看,养成习惯 GitHub上已经开源 https://github.com/JavaFamily 有一线大厂面试点脑图、个人联系方式和人才交流群,欢迎Star和完善 前言 消息队列在互联网技术存储方面使用如此广泛,几乎所有的后端技术面试官都要在消息队列的使用和原理方面对小伙伴们进行360°的刁难。 作为一个在互联网公司面一次拿一次Offer的面霸...
- 如何安装 IntelliJ IDEA 最新版本——详细教程
- IntelliJ IDEA 简称 IDEA,被业界公认为最好的 Java 集成开发工具,尤其在智能代码助手、代码自动提示、代码重构、代码版本管理(Git、SVN、Maven)、单元测试、代码分析等方面有着亮眼的发挥。IDEA 产于捷克,开发人员以严谨著称的东欧程序员为主。IDEA 分为社区版和付费版两个版本。 我呢,一直是 Eclipse 的忠实粉丝,差不多十年的老用户了。很早就接触到了 IDEA...
- 面试还搞不懂redis,快看看这40道面试题(含答案和思维导图)
- Redis 面试题 1、什么是 Redis?. 2、Redis 的数据类型? 3、使用 Redis 有哪些好处? 4、Redis 相比 Memcached 有哪些优势? 5、Memcache 与 Redis 的区别都有哪些? 6、Redis 是单进程单线程的? 7、一个字符串类型的值能存储最大容量是多少? 8、Redis 的持久化机制是什么?各自的优缺点? 9、Redis 常见性...
- 大学四年自学走来,这些珍藏的「实用工具/学习网站」我全贡献出来了
- 知乎高赞:文中列举了互联网一线大厂程序员都在用的工具集合,涉及面非常广,小白和老手都可以进来看看,或许有新收获。
- 为什么要推荐大家学习字节码?
- 配套视频: 为什么推荐大家学习Java字节码 https://www.bilibili.com/video/av77600176/ 一、背景 本文主要探讨:为什么要学习 JVM 字节码? 可能很多人会觉得没必要,因为平时开发用不到,而且不学这个也没耽误学习。 但是这里分享一点感悟,即人总是根据自己已经掌握的知识和技能来解决问题的。 这里有个悖论,有时候你觉得有些技术没用恰恰是...
- 互联网公司的裁员,能玩出多少种花样?
- 裁员,也是一门学问,可谓博大精深!以下,是互联网公司的裁员的多种方法:-正文开始-135岁+不予续签的理由:千禧一代网感更强。95后不予通过试用期的理由:已婚已育员工更有责任心。2通知接下来要过苦日子,让一部分不肯同甘共苦的员工自己走人,以“兄弟”和“非兄弟”来区别员工。3强制996。员工如果平衡不了工作和家庭,可在离婚或离职里二选一。4不布置任何工作,但下班前必须提交千字工作日报。5不给活干+...
- 【超详细分析】关于三次握手与四次挥手面试官想考我们什么?
- 在面试中,三次握手和四次挥手可以说是问的最频繁的一个知识点了,我相信大家也都看过很多关于三次握手与四次挥手的文章,今天的这篇文章,重点是围绕着面试,我们应该掌握哪些比较重要的点,哪些是比较被面试官给问到的,我觉得如果你能把我下面列举的一些点都记住、理解,我想就差不多了。 三次握手 当面试官问你为什么需要有三次握手、三次握手的作用、讲讲三次三次握手的时候,我想很多人会这样回答: 首先很多人会先讲下握...
- 新程序员七宗罪
- 当我发表这篇文章《为什么每个工程师都应该开始考虑开发中的分析和编程技能呢?》时,我从未想到它会对读者产生如此积极的影响。那些想要开始探索编程和数据科学领域的人向我寻求建议;还有一些人问我下一篇文章的发布日期;还有许多人询问如何顺利过渡到这个职业。我非常鼓励大家继续分享我在这个旅程的经验,学习,成功和失败,以帮助尽可能多的人过渡到一个充满无数好处和机会的职业生涯。亲爱的读者,谢谢你。 -罗伯特。 ...
- 活到老,学到老,程序员也该如此
- 全文共2763字,预计学习时长8分钟 图片来源:Pixabay 此前,“网传阿里巴巴要求尽快实现P8全员35周岁以内”的消息闹得沸沸扬扬。虽然很快被阿里辟谣,但苍蝇不叮无缝的蛋,无蜜不招彩蝶蜂。消息从何而来?真相究竟怎样?我们无从而知。我们只知道一个事实:不知从何时开始,程序猿也被划在了“吃青春饭”行业之列。 饱受“996ICU”摧残后,好不容易“头秃了变强了”,即将步入为“高...
- Vue快速实现通用表单验证
- 本文开篇第一句话,想引用鲁迅先生《祝福》里的一句话,那便是:“我真傻,真的,我单单知道后端整天都是CRUD,我没想到前端整天都是Form表单”。这句话要从哪里说起呢?大概要从最近半个月的“全栈工程师”说起。项目上需要做一个城市配载的功能,顾名思义,就是通过框选和拖拽的方式在地图上完成配载。博主选择了前后端分离的方式,在这个过程中发现:首先,只要有依赖jQuery的组件,譬如Kendoui,即使使用...
- 2019年Spring Boot面试都问了什么?快看看这22道面试题!
- Spring Boot 面试题 1、什么是 Spring Boot? 2、Spring Boot 有哪些优点? 3、什么是 JavaConfig? 4、如何重新加载 Spring Boot 上的更改,而无需重新启动服务器? 5、Spring Boot 中的监视器是什么? 6、如何在 Spring Boot 中禁用 Actuator 端点安全性? 7、如何在自定义端口上运行 Sprin...
- 【图解】记一次手撕算法面试:字节跳动的面试官把我四连击了
- 字节跳动这家公司,应该是所有秋招的公司中,对算法最重视的一个了,每次面试基本都会让你手撕算法,今天这篇文章就记录下当时被问到的几个算法题,并且每个算法题我都详细着给出了最优解,下面再现当时的面试场景。看完一定让你有所收获 一、小牛试刀:有效括号 大部分情况下,面试官都会问一个不怎么难的问题,不过你千万别太开心,因为这道题往往可以拓展出更多有难度的问题,或者一道题看起来很简单,但是给出最优解,确实很...
- 关于裁员几点看法及建议
- 最近网易裁员事件引起广泛关注,昨天网易针对此事,也发了声明,到底谁对谁错,孰是孰非?我们作为吃瓜观众实在是知之甚少,所以不敢妄下定论。身处软件开发这个行业,近一两年来,对...
- 面试官:关于Java性能优化,你有什么技巧
- 通过使用一些辅助性工具来找到程序中的瓶颈,然后就可以对瓶颈部分的代码进行优化。 一般有两种方案:即优化代码或更改设计方法。我们一般会选择后者,因为不去调用以下代码要比调用一些优化的代码更能提高程序的性能。而一个设计良好的程序能够精简代码,从而提高性能。 下面将提供一些在JAVA程序的设计和编码中,为了能够提高JAVA程序的性能,而经常采用的一些方法和技巧。 1.对象的生成和大小的调整。 J...
相似问题
-
3
- @Service("userService")配置之后,在spring-security.xml文件<security:authentication-provider user-service-ref="userService">报错
-
0
- java后台请求postgres-xl提示### Cause: org.postgresql.util.PSQLException: ERROR: Could not begin transaction on data node.