本文档详细记录了从Spring 2.5及Spring Security 2.0升级到Spring 3.28及Spring Security 3.14的过程。包括删除旧版jar包、下载新版jar包、调整代码适应新版本API变化等内容。
关于spring2.5,spring-security2.0升级到 spring3.28 spring-security3.14
1.将原有的spring,spirng-security jar包全部删除掉。
2.建议直接下载完整的spring,和spring-security jar(因为老版本jar在新版本中有可能被拆分为多个。还有可能添加了新的依赖包 ,这样也是为了避免不必要错误出现)
3.修改代码中编译错误问题.
3.1
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
这些路径 在新版本的jar中已经变了。需改为新版本的jar。备注:我改的时候 使用到了第三方的jar包, 封装的是 老版本的路径。这个大家要注意,不要忘记改掉(在项目中新建相同路径的类进行重写).如果改动jar包中代码的时候会出现
类头上报The type org.springframework.security.AuthenticationException cannot be resolved. It is indirectly referenced from required .class files
3.2 AuthenticationProcessingFilter 在spring-security3中也被删掉了。我是替换为UsernamePasswordAuthenticationFilter
3.3 public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response),spring-security3新加了HttpServletResponse参数
3.4Configuration problem: You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd schema with Spring Security 3.1. Please update your schema declarations to the 3.1 schema.
Offending resource: file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\security\component-security.xml]
解决办法:component-security.xml 中命名空间spring-security2.0.xsd 改为 spring-security-3.1.xsd
3.5
Line 27 in XML document from file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\security\component-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-enumeration-valid: Value 'AUTHENTICATION_PROCESSING_FILTER' is not facet-valid with respect to enumeration
解决办法: 看这个链接 http://blog.youkuaiyun.com/runming56/article/details/18032701
注释掉<!-- <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> -->
并在 <security:http></security:http> 标签里面新增 <security:custom-filter ref="authenticationProcessingFilter" before="FORM_LOGIN_FILTER" /> 备注: <bean id="authenticationProcessingFilter" class="com.xxx.security.service.authentication.CustomAuthenticationProcessingFilter">
3.6
Configuration problem: The use of "filters='none'" is no longer supported. Please define a separate <http> element for the pattern you want to exclude and use the attribute "security='none'".
解决办法: http://www.educity.cn/wenda/135819.html spring security升级到3.1的一个小问题:不再支持filter="none"了
原<security:intercept-url pattern="/security/login.jsp" filters="none" />
改成<security:http security="none" pattern="/security/login.jsp" />
3.7
Cannot resolve reference to bean 'taskService' while setting bean property 'targetObject'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'taskService' defined in file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\applicationContext-service.xml]: Cannot resolve reference to bean 'exportService' while setting bean property 'exportService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'exportService': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.cpic.naiu.cpic.service.UserLockService com.cpic.naiu.cpic.service.imp.ExportServiceImpl.userLockService; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint] for bean with name 'authenticationEntryPoint' defined in file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\security\component-security.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint
解决办法:org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint 在spring-security3.1 中已经不存在了!改为了org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
3.8
could not instantiate listener org.springframework.security.ui.session.HttpSessionEventPublisher
java.lang.ClassNotFoundException: org.springframework.security.ui.session.HttpSessionEventPublisher
解决办法: 在web.xml 发现了这个配置,好像是找不到路径了, 替换为
org.springframework.security.web.session.HttpSessionEventPublisher
到此,启动服务成功!还不知道有无运行异常!
3.9
登录后:HTTP ERROR:401 Auuthentication Failed:No AuthenticationProvider found for org.springframework.security.authentication.
UsernamePasswordAuthToken
新增配置
<security:authentication-manager alias="authenticationManager" >
<security:authentication-provider
user-service-ref="userDetailsService">
</security:authentication-provider>
</security:authentication-manager>
备注:authenticationManager 需要注入到<bean id="authenticationProcessingFilter" class="com.newtouch.security.service.authentication.CustomAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" /> </bean>
3.10
2016-03-01 00:44:44.486::WARN: /naiu/upgradeLog.do
java.lang.ClassCastException: org.springframework.util.LinkedCaseInsensitiveMap
at com.cpic.naiu.cpic.repository.imp.UpgradeLogRepositoryImp.find(UpgradeLogRepositoryImp.java:52)
at com.cpic.naiu.cpic.service.imp.UpgradeLogServiceImp.find(UpgradeLogServiceImp.java:29)s
解决办法:
老写法 List listp= jdbcTemplate.queryForList(ps);
ListOrderedMap om = (ListOrderedMap) temp.get(i);
新写法List<Map<String, Object>> listp = jdbcTemplate.queryForList(ps);
Map<String,Object> tempMap=(Map<String,Object>)temp.get(i);
ListOrderedMap om =new ListOrderedMap();
om.putAll(tempMap);
3.11
spirng-seurity 在故意输入错账号密码的时候: http总是 返回401 页面(bad credentials)证书无效。
解决办法: 在<bean id="authenticationProcessingFilter" class="com.newtouch.security.service.authentication.CustomAuthenticationProcessingFilter"> 注入以下
<!-- 认证异常处理 -->
<property name="unsuccessfulAuthenticationHandlers">
<list>
<bean
class="com.newtouch.security.service.authentication.imp.BadCredentialsExceptionHandler">
<property name="targetUri" value="/security/error.jsp"></property>
</bean>
</list>
</property>
3.11.1 unsuccessfulAuthenticationHandlers 在CustomAuthenticationProcessingFilter 需要 get set方法
声明方式 private List<UnsuccessfulAuthenticationHandler> unsuccessfulAuthenticationHandlers = Collections.emptyList();
3.11.2 BadCredentialsExceptionHandler 写法为
public class BadCredentialsExceptionHandler
implements UnsuccessfulAuthenticationHandler
{
private Logger logger = LoggerFactory.getLogger(BadCredentialsExceptionHandler.class);
private String handleableExceptioName = "org.springframework.security.authentication.BadCredentialsException";
private String targetUri = "/security/error.jsp";
public String getHandleableExceptioName() {
return this.handleableExceptioName;
}
public void handlerAuthenticationException(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
this.logger.info(" # handle:[" + this.handleableExceptioName + "]");
SecurityContextHolder.clearContext();
String contextPath = request.getContextPath();
response.sendRedirect(contextPath + this.targetUri);
}
public void setHandleableExceptioName(String handleableExceptioName) {
this.handleableExceptioName = handleableExceptioName;
}
public void setTargetUri(String targetUri) {
this.targetUri = targetUri;
}
}
3.11.3 并在CustomAuthenticationProcessingFilter 新增处理方式
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
throws IOException, ServletException
{
SecurityContextHolder.clearContext();
if (this.logger.isDebugEnabled()) {
this.logger.debug("Authentication request failed: " + failed.toString());
this.logger.debug("Updated SecurityContextHolder to contain null Authentication");
this.logger.debug("Delegating to authentication failure handler " + this.failureHandler);
}
Object obj=(Object)failed.getExtraInformation();
User user=(User)obj;
if(StUtils.isNnull(user)){
if(!user.isRoot()){
//登录失败,错误次数+1并更新当前时间
UserLockModel userLockModel=new UserLockModel();
userLockModel.setUsername(user.getUsername());
userLockService.updateUserLock(userLockModel,"fail");
}
}
String exceptionClassName = failed.getClass().getName();
this.logger.warn(" # [" + exceptionClassName + "] happend.");
UnsuccessfulAuthenticationHandler handler = null;
if (this.failureHandlerMap.containsKey(exceptionClassName)) {
handler = (UnsuccessfulAuthenticationHandler)this.failureHandlerMap.get(exceptionClassName);
}
else {
for (UnsuccessfulAuthenticationHandler h : this.unsuccessfulAuthenticationHandlers) {
if (exceptionClassName.equals(h.getHandleableExceptioName())) {
handler = h;
this.failureHandlerMap.put(exceptionClassName, h);
break;
}
}
}
if (handler == null) {
this.logger.warn(" # default handler.");
SecurityContextHolder.clearContext();
String contextPath = request.getContextPath();
response.sendRedirect(contextPath + "/security/login.jsp");
}
else {
try {
handler.handlerAuthenticationException(request, response, failed);
SecurityContextHolder.clearContext();
}
catch (Exception e) {
this.logger.error(" # exception happened, when [" + handler.getClass().getName() + "] handlerAuthenticationException.", e);
SecurityContextHolder.clearContext();
String contextPath = request.getContextPath();
response.sendRedirect(contextPath + "/security/login.jsp");
}
}
}
3.11.4 UnsuccessfulAuthenticationHandler实现方式为;
public abstract interface UnsuccessfulAuthenticationHandler
{
public abstract String getHandleableExceptioName();
public abstract void handlerAuthenticationException(HttpServletRequest paramHttpServletRequest, HttpServletResponse paramHttpServletResponse, AuthenticationException paramAuthenticationException)
throws IOException;
}
1.将原有的spring,spirng-security jar包全部删除掉。
2.建议直接下载完整的spring,和spring-security jar(因为老版本jar在新版本中有可能被拆分为多个。还有可能添加了新的依赖包 ,这样也是为了避免不必要错误出现)
3.修改代码中编译错误问题.
3.1
import org.springframework.security.Authentication;
import org.springframework.security.AuthenticationException;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.ui.webapp.AuthenticationProcessingFilter;
这些路径 在新版本的jar中已经变了。需改为新版本的jar。备注:我改的时候 使用到了第三方的jar包, 封装的是 老版本的路径。这个大家要注意,不要忘记改掉(在项目中新建相同路径的类进行重写).如果改动jar包中代码的时候会出现
类头上报The type org.springframework.security.AuthenticationException cannot be resolved. It is indirectly referenced from required .class files
3.2 AuthenticationProcessingFilter 在spring-security3中也被删掉了。我是替换为UsernamePasswordAuthenticationFilter
3.3 public Authentication attemptAuthentication(HttpServletRequest request,HttpServletResponse response),spring-security3新加了HttpServletResponse参数
3.4Configuration problem: You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd schema with Spring Security 3.1. Please update your schema declarations to the 3.1 schema.
Offending resource: file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\security\component-security.xml]
解决办法:component-security.xml 中命名空间spring-security2.0.xsd 改为 spring-security-3.1.xsd
3.5
Line 27 in XML document from file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\security\component-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-enumeration-valid: Value 'AUTHENTICATION_PROCESSING_FILTER' is not facet-valid with respect to enumeration
解决办法: 看这个链接 http://blog.youkuaiyun.com/runming56/article/details/18032701
注释掉<!-- <security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" /> -->
并在 <security:http></security:http> 标签里面新增 <security:custom-filter ref="authenticationProcessingFilter" before="FORM_LOGIN_FILTER" /> 备注: <bean id="authenticationProcessingFilter" class="com.xxx.security.service.authentication.CustomAuthenticationProcessingFilter">
3.6
Configuration problem: The use of "filters='none'" is no longer supported. Please define a separate <http> element for the pattern you want to exclude and use the attribute "security='none'".
解决办法: http://www.educity.cn/wenda/135819.html spring security升级到3.1的一个小问题:不再支持filter="none"了
原<security:intercept-url pattern="/security/login.jsp" filters="none" />
改成<security:http security="none" pattern="/security/login.jsp" />
3.7
Cannot resolve reference to bean 'taskService' while setting bean property 'targetObject'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'taskService' defined in file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\applicationContext-service.xml]: Cannot resolve reference to bean 'exportService' while setting bean property 'exportService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'exportService': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private com.cpic.naiu.cpic.service.UserLockService com.cpic.naiu.cpic.service.imp.ExportServiceImpl.userLockService; nested exception is org.springframework.beans.factory.CannotLoadBeanClassException: Cannot find class [org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint] for bean with name 'authenticationEntryPoint' defined in file [E:\eclipse\workspace\NAIU\src\main\webapp\WEB-INF\classes\beans\security\component-security.xml]; nested exception is java.lang.ClassNotFoundException: org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint
解决办法:org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint 在spring-security3.1 中已经不存在了!改为了org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint
3.8
could not instantiate listener org.springframework.security.ui.session.HttpSessionEventPublisher
java.lang.ClassNotFoundException: org.springframework.security.ui.session.HttpSessionEventPublisher
解决办法: 在web.xml 发现了这个配置,好像是找不到路径了, 替换为
org.springframework.security.web.session.HttpSessionEventPublisher
到此,启动服务成功!还不知道有无运行异常!
3.9
登录后:HTTP ERROR:401 Auuthentication Failed:No AuthenticationProvider found for org.springframework.security.authentication.
UsernamePasswordAuthToken
新增配置
<security:authentication-manager alias="authenticationManager" >
<security:authentication-provider
user-service-ref="userDetailsService">
</security:authentication-provider>
</security:authentication-manager>
备注:authenticationManager 需要注入到<bean id="authenticationProcessingFilter" class="com.newtouch.security.service.authentication.CustomAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" /> </bean>
3.10
2016-03-01 00:44:44.486::WARN: /naiu/upgradeLog.do
java.lang.ClassCastException: org.springframework.util.LinkedCaseInsensitiveMap
at com.cpic.naiu.cpic.repository.imp.UpgradeLogRepositoryImp.find(UpgradeLogRepositoryImp.java:52)
at com.cpic.naiu.cpic.service.imp.UpgradeLogServiceImp.find(UpgradeLogServiceImp.java:29)s
解决办法:
老写法 List listp= jdbcTemplate.queryForList(ps);
ListOrderedMap om = (ListOrderedMap) temp.get(i);
新写法List<Map<String, Object>> listp = jdbcTemplate.queryForList(ps);
Map<String,Object> tempMap=(Map<String,Object>)temp.get(i);
ListOrderedMap om =new ListOrderedMap();
om.putAll(tempMap);
3.11
spirng-seurity 在故意输入错账号密码的时候: http总是 返回401 页面(bad credentials)证书无效。
解决办法: 在<bean id="authenticationProcessingFilter" class="com.newtouch.security.service.authentication.CustomAuthenticationProcessingFilter"> 注入以下
<!-- 认证异常处理 -->
<property name="unsuccessfulAuthenticationHandlers">
<list>
<bean
class="com.newtouch.security.service.authentication.imp.BadCredentialsExceptionHandler">
<property name="targetUri" value="/security/error.jsp"></property>
</bean>
</list>
</property>
3.11.1 unsuccessfulAuthenticationHandlers 在CustomAuthenticationProcessingFilter 需要 get set方法
声明方式 private List<UnsuccessfulAuthenticationHandler> unsuccessfulAuthenticationHandlers = Collections.emptyList();
3.11.2 BadCredentialsExceptionHandler 写法为
public class BadCredentialsExceptionHandler
implements UnsuccessfulAuthenticationHandler
{
private Logger logger = LoggerFactory.getLogger(BadCredentialsExceptionHandler.class);
private String handleableExceptioName = "org.springframework.security.authentication.BadCredentialsException";
private String targetUri = "/security/error.jsp";
public String getHandleableExceptioName() {
return this.handleableExceptioName;
}
public void handlerAuthenticationException(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException {
this.logger.info(" # handle:[" + this.handleableExceptioName + "]");
SecurityContextHolder.clearContext();
String contextPath = request.getContextPath();
response.sendRedirect(contextPath + this.targetUri);
}
public void setHandleableExceptioName(String handleableExceptioName) {
this.handleableExceptioName = handleableExceptioName;
}
public void setTargetUri(String targetUri) {
this.targetUri = targetUri;
}
}
3.11.3 并在CustomAuthenticationProcessingFilter 新增处理方式
protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed)
throws IOException, ServletException
{
SecurityContextHolder.clearContext();
if (this.logger.isDebugEnabled()) {
this.logger.debug("Authentication request failed: " + failed.toString());
this.logger.debug("Updated SecurityContextHolder to contain null Authentication");
this.logger.debug("Delegating to authentication failure handler " + this.failureHandler);
}
Object obj=(Object)failed.getExtraInformation();
User user=(User)obj;
if(StUtils.isNnull(user)){
if(!user.isRoot()){
//登录失败,错误次数+1并更新当前时间
UserLockModel userLockModel=new UserLockModel();
userLockModel.setUsername(user.getUsername());
userLockService.updateUserLock(userLockModel,"fail");
}
}
String exceptionClassName = failed.getClass().getName();
this.logger.warn(" # [" + exceptionClassName + "] happend.");
UnsuccessfulAuthenticationHandler handler = null;
if (this.failureHandlerMap.containsKey(exceptionClassName)) {
handler = (UnsuccessfulAuthenticationHandler)this.failureHandlerMap.get(exceptionClassName);
}
else {
for (UnsuccessfulAuthenticationHandler h : this.unsuccessfulAuthenticationHandlers) {
if (exceptionClassName.equals(h.getHandleableExceptioName())) {
handler = h;
this.failureHandlerMap.put(exceptionClassName, h);
break;
}
}
}
if (handler == null) {
this.logger.warn(" # default handler.");
SecurityContextHolder.clearContext();
String contextPath = request.getContextPath();
response.sendRedirect(contextPath + "/security/login.jsp");
}
else {
try {
handler.handlerAuthenticationException(request, response, failed);
SecurityContextHolder.clearContext();
}
catch (Exception e) {
this.logger.error(" # exception happened, when [" + handler.getClass().getName() + "] handlerAuthenticationException.", e);
SecurityContextHolder.clearContext();
String contextPath = request.getContextPath();
response.sendRedirect(contextPath + "/security/login.jsp");
}
}
}
3.11.4 UnsuccessfulAuthenticationHandler实现方式为;
public abstract interface UnsuccessfulAuthenticationHandler
{
public abstract String getHandleableExceptioName();
public abstract void handlerAuthenticationException(HttpServletRequest paramHttpServletRequest, HttpServletResponse paramHttpServletResponse, AuthenticationException paramAuthenticationException)
throws IOException;
}
扫一扫
115
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
