安全命名空間不支持元素[自定義過濾器]

Question

我需要執行自定義授權的裝飾，所以我已經預定AuthenticationManager和LoginUrlAuthenticationEntryPoint並將其設置爲UsernamePasswordAuthenticationFilter。

這裏是我的spring-security.xml：

<beans xmlns="http://www.springframework.org/schema/beans" 
     xmlns:security="http://www.springframework.org/schema/security" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd 
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd"> 

    <security:http auto-config="false" entry-point-ref="alterAuthenticationEntryPoint" create-session="always" use-expressions="true"> 
     <security:intercept-url pattern="/blog**" access="hasRole('ROLE_ADMIN')"/> 
    </security:http> 

    <security:authentication-manager alias="authenticationManager"> 
     <security:authentication-provider> 
      <security:user-service> 
       <security:user name="d" password="secret" authorities="ROLE_ADMIN"/> 
      </security:user-service> 
     </security:authentication-provider> 
    </security:authentication-manager> 

    <security:custom-filter position="FORM_LOGIN_FILTER" ref="customizedFormLoginFilter"/><!--replace the default one--> 

    <bean id="customizedFormLoginFilter" 
      class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"> 
     <property name="authenticationManager" 
        ref="alterAuthenticationManager"/> 
     <property name="allowSessionCreation" value="true"/> 
    </bean> 

    <!--Custom auth manager--> 
    <bean id="alterAuthenticationManager" class="com.fluid.ixtrm.newmodule.security.CustomAuthenticationManager"/> 

    <!--Authentication entry point--> 
    <bean id="alterAuthenticationEntryPoint" class="com.fluid.ixtrm.newmodule.security.CustomAuthenticationEntryPoint"> 
     <constructor-arg type="java.lang.String" value="/blog"/> 
    </bean> 

</beans> 

兩個類（CustomAuthenticationEntryPoint extends LoginUrlAuthenticationEntryPoint和CustomAuthenticationManager implements AuthenticationManager）來實現，但它是太多的代碼樣本（我不認爲它們所造成的問題）。

，我發現了以下錯誤：

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Security namespace does not support decoration of element [custom-filter] 
Offending resource: ServletContext resource [/WEB-INF/spring-security.xml] 

我使用Spring Security 3.2.3，並custom-filter標籤存在於spring-security-3.2.xsd。請告訴我，在我的安全配置中有什麼不正確。

Answer 1

你的配置是無效的，請參閱Spring Security Reference：

41.1.19 <custom-filter>

This element is used to add a filter to the filter chain. It doesn’t create any additional beans but is used to select a bean of type javax.servlet.Filter which is already defined in the application context and add that at a particular position in the filter chain maintained by Spring Security. Full details can be found in the namespace chapter.

Parent Elements of <custom-filter>

• http

你修改的<security:http>配置：

<security:http auto-config="false" entry-point-ref="alterAuthenticationEntryPoint" create-session="always" use-expressions="true"> 
    <security:intercept-url pattern="/blog**" access="hasRole('ROLE_ADMIN')"/> 
    <security:custom-filter position="FORM_LOGIN_FILTER" ref="customizedFormLoginFilter"/> 
</security:http>