我在我的Web应用程序项目中使用Spring Security。我想在我的Spring应用程序中启用csrf保护。我的application-context-security.xml如下
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security secured-annotations="enabled"/>
<http disable-url-rewriting="true" auto-config="false" access-decision-manager-ref="accessDecisionManager" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<!-- Enable CSRF protection -->
<csrf />
<access-denied-handler ref="accessDeniedHandler"/>
</http>
<!-- Remaining information -->
</beans:beans>
我正在为项目使用Spring 3.0.5 jar。
但是在运行时,出现以下错误
SEVERE: Exception sending context initialized event to listener
instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'csrf'.
One of
'{"http://www.springframework.org/schema/security":intercept-url,
"http://www.springframework.org/schema/security":access-denied-handler,
"http://www.springframework.org/schema/security":form-login,
"http://www.springframework.org/schema/security":openid-login,
"http://www.springframework.org/schema/security":x509,
"http://www.springframework.org/schema/security":http-basic,
"http://www.springframework.org/schema/security":logout,
"http://www.springframework.org/schema/security":session-management,
"http://www.springframework.org/schema/security":remember-me,
"http://www.springframework.org/schema/security":anonymous,
"http://www.springframework.org/schema/security":port-mappings,
"http://www.springframework.org/schema/security":custom-filter,
"http://www.springframework.org/schema/security":request-cache}'
is expected.
我尝试在Google上搜索此错误。我找到了两个类似的地方,但是他们都说错误是由于Spring 3.2+中的某些更改引起的。但是,就我而言,我正在使用Spring 3.0.5。
任何帮助,将不胜感激。
我认为Spring Security的csrf快捷方式是在3.2.0版本中引入的(请参阅blogpost)
也许您应该考虑更新您使用的Spring版本
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句