我想自定义Spring安全会话管理过滤器,但我得到的错误说我的过滤器和默认的具有相同的'顺序'值(虽然我不'在我的<http>
配置中没有任何<session-managent>
,并且我的autoconfig = false,正如Spring Security在其文档中所述)。春季安全自定义sessionmanagementfilter相同的顺序值错误
这里是我的Spring Security的配置:
<http auto-config="false" use-expressions="true">
<custom-filter position="SESSION_MANAGEMENT_FILTER" ref="filtroGestionSesion" />
<intercept-url pattern="/resources/**" filters="none"/>
<intercept-url pattern="/faces/javax.faces.resource/**" filters="none"/>
<intercept-url pattern="/faces/inicio.xhtml" access="permitAll"/>
<intercept-url pattern="/faces/paginas/autenticacion/login.xhtml*" access="permitAll"/>
<intercept-url pattern="/faces/paginas/administracion/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/barco/**" access="isAuthenticated()"/>
<intercept-url pattern="/faces/paginas/catalogo/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/error/**" access="permitAll"/>
<intercept-url pattern="/faces/paginas/plantillas/**" access="permitAll"/>
<intercept-url pattern="/**" access="denyAll" />
<form-login login-processing-url="/j_spring_security_check"
login-page="/faces/paginas/autenticacion/login.xhtml"
default-target-url="/faces/paginas/administracion/inicioAdmon.xhtml"
always-use-default-target="true"
authentication-failure-url="/faces/paginas/autenticacion/login.xhtml?error=authentication" />
<logout logout-url="/j_spring_security_logout"
logout-success-url="/faces/inicio.xhtml"
invalidate-session="true" />
</http>
<global-method-security pre-post-annotations="enabled" />
<authentication-manager>
<authentication-provider>
<user-service>
<user name="myuser" password="myuser" authorities="" />
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="filtroGestionSesion" class="springSecurity.FiltroGestionSesion">
<beans:constructor-arg ref="securityContextRepository" />
<beans:property name="invalidSessionUrl" value="/faces/paginas/autenticacion/login.xhtml?error=timeout" />
</beans:bean>
<beans:bean id="securityContextRepository" class="org.springframework.security.web.context.HttpSessionSecurityContextRepository" />
与我的自定义过滤器(springSecurity.FiltroGestionSesion)类是从春季安全的一个(org.springframework.security.web.session一个复制粘贴.SessionManagementFilter),但更改包名称,类名和我添加到doFilter方法的一些自定义代码。
为什么它不工作,并抛出错误说两个过滤器都有相同的顺序?
我已经通过从<http>
中删除相应的子元素<session-mangement>
来禁用默认过滤器,以便过滤器的位置不会与默认过滤器冲突。
我是否必须删除其他元素或定制其他内容?
任何人都知道如何做一个自定义过滤器工作在SESSION_MANAGEMENT_FILTER的位置禁用默认的一个?
预先感谢您。