0
我有一个Spring 3.2.4应用程序,允许公共用户(无需登录)在表单中搜索。我想CSRF保护添加到该表单,所以我在applicationContext.xml中匹配的通配符是严格的,但没有声明可以找到元素的安全性:filter-invocation-definition-source'
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<security:http auto-config='true'>
<security:intercept-url pattern="/**" access="permitAll" />
<security:csrf/>
</security:http>
<bean id="anonymousProcessingFilter"
class="org.springframework.security.providers.anonymous.AnonymousProcessingFilter">
<property name="key" value="foobar"/>
<property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
</bean>
<bean id="anonymousAuthenticationProvider"
class="org.springframework.security.providers.anonymous.AnonymousAuthenticationProvider">
<property name="key" value="foobar"/>
</bean>
<bean id="filterInvocationInterceptor"
class="org.springframework.security.intercept.web.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="accessDecisionManager" ref="httpRequestAccessDecisionManager"/>
<property name="objectDefinitionSource">
<security:filter-invocation-definition-source>
<security:intercept-url pattern="/**" access='ROLE_ANONYMOUS,ROLE_USER'/>
</security:filter-invocation-definition-source>
</property>
</bean>
添加此声明,但是在编译项目时,我得到这个错误,但我当然不需要,因为任何类型的AuthenticationManager的没有认证的用户在应用程序中
org.xml.sax.SAXParseException; lineNumber: 43; columnNumber: 52; cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:filter-invocation-definition-source'.:org.xml.sax.SAXParseException:cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:filter-invocation-definition-source'.