Spring新手,现在想在SpringMVC的基础上使用Spring Security框架。但Spring Security配置报错,困扰了很久。先上代码
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemalocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
报错
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 9 in XML document from class path resource [config/spring-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 9; columnNumber: 99; cvc-elt.1: 找不到元素 'b:beans' 的声明。
尝试网上的方法,加入
<!DOCTYPE b:beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
则报错
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 9 in XML document from class path resource [config/spring-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 9; columnNumber: 99; 必须声明元素类型 "b:beans"。
请指教
<?xml version="1.0" encoding="UTF-8"?>
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config='true'>
<curity:http>
<security:http auto-config="true" use-expressions="false"
access-denied-page="/login.jsp">
<security:form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
authentication-success-handler-ref="loginSuccessHandler"
always-use-default-target="true" />
<security:logout logout-url="/logout" logout-success-url="/login.jsp"/>
<security:session-management>
<security:concurrency-control
max-sessions="1" error-if-maximum-exceeded="false" expired-url="/login.jsp?error=islogin"><curity:concurrency-control>
<curity:session-management>
<security:intercept-url pattern="rvices/**"
access="IS_AUTHENTICATED_FULLY"><curity:intercept-url>
<security:intercept-url pattern="/jsp/*.jsp"
access="IS_AUTHENTICATED_FULLY"><curity:intercept-url>
<security:custom-filter ref="myFilter"
before="FILTER_SECURITY_INTERCEPTOR" />
<curity:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
user-service-ref="myUserDetailService">
<curity:authentication-provider>
<curity:authentication-manager>
<bean id="loginSuccessHandler" class="com.springsecurity.handler.LoginSuccessHandler">
<property name="jdbcService" ref="jdbcService" />
</bean>
<bean id="myFilter" class="com.springsecurity.filter.MyFilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="myAccessDecisionManagerBean" />
<property name="securityMetadataSource" ref="mySecurityMetadataSource" />
</bean>
<bean id="myUserDetailService" class="com.springsecurity.handler.MyUserDetailService">
<property name="userDao" ref="userDao" />
<property name="jdbcService" ref="jdbcService" />
</bean>
<bean id="myAccessDecisionManagerBean" class="com.springsecurity.filter.MyAccessDecisionManager">
<property name="myInvocationSecurityMetadataSource" ref="mySecurityMetadataSource" />
</bean>
<bean id="mySecurityMetadataSource"
class="com.springsecurity.filter.MyInvocationSecurityMetadataSource">
<constructor-arg>
<ref bean="roleDao" />
</constructor-arg>
</bean>
改成这种即可解决。