Spring Security基本示例给出了此异常.
错误:"通用匹配模式('/**')在过滤器链中的其他模式之前定义,导致它们被忽略.请检查命名空间或FilterChainProxy bean配置中的顺序"
我在同一个问题上查了很多帖子.但找不到任何解决方案.任何人都可以部署一个hello spring security吗?
我使用的是这些版本 - Spring 3.2.0.RELEASE/Spring security 3.2.0.RELEASE/Tomcat 7/Java 1.7.
这是我的代码:
web.xml中
Spring security sample Web Application
contextConfigLocation
/WEB-INF/spring-context.xml,
/WEB-INF/security-context.xml
springSecurityFilterChain
org.springframework.web.filter.DelegatingFilterProxy
springSecurityFilterChain
/*
org.springframework.web.context.ContextLoaderListener
spring-dispatcher-servlet
org.springframework.web.servlet.DispatcherServlet
contextConfigLocation
/WEB-INF/spring-context.xml
spring-dispatcher-servlet
/
弹簧的context.xml
MyController.java
package com.jai.spring.security.controller;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@Controller
public class MyConroller {
@RequestMapping(value = "/security", method = RequestMethod.GET)
public String security(Model model) {
System.out.println("calling ... /security");
model.addAttribute("name", "Jay");
return "pages/hello";
}
@RequestMapping(value = "/profile", method = RequestMethod.GET)
public String profile(Model model) {
System.out.println("calling ... /profile");
return "user/profile";
}
}
的pom.xml
4.0.0
com.jai.spring.security
springsec
war
0.0.1-SNAPSHOT
springsec Maven Webapp
http://maven.apache.org
3.2.0.RELEASE
3.2.0.RELEASE
org.springframework
spring-web
${spring-version}
org.springframework
spring-webmvc
${spring-version}
org.springframework.security
spring-security-web
${spring-security-version}
org.springframework.security
spring-security-config
${spring-security-version}
org.springframework.security
spring-security-core
${spring-security-version}
log4j
log4j
1.2.14
runtime
junit
junit
3.8.1
test
springsec
org.apache.maven.plugins
maven-compiler-plugin
2.3.2
1.7
org.apache.tomcat.maven
tomcat7-maven-plugin
2.2
http://localhost:8080/manager/text
localhost
/${project.build.finalName}
文件结构
您错误地使用了XML上下文文件,这会导致重复的bean定义(包括安全配置).并<http>
没有配置pattern
属性映射到/**
=>您的错误.
在这里,您可以为servlet定义根XML上下文文件:
<servlet>
<servlet-name>spring-dispatcher-servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-context.xml</param-value>
</init-param>
</servlet>
改为创建一个新的上下文配置(如果使用默认名称{your-servlet-name}-servlet.xml
= => ,则可以省略此声明spring-dispatcher-servlet-servlet.xml
):
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
</init-param>
StackOverflow上已经多次讨论了root和servlet上下文之间的区别.基本上根上下文(spring-context.xml
和security-context.xml
你的情况),应持申请宽豆(服务,DAO中,包括安全配置)和调度上下文(dispatcher-servlet.xml
在我的例子)应持调度servlet的具体豆状控制器,视图解析器等.
进一步阅读:
为什么DispatcherServlet会创建另一个应用程序上下文?
Spring Framework中applicationContext.xml和spring-servlet.xml之间的区别
为什么使用Spring ApplicationContext层次结构?