spring security3 求救。。

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<loginFilter>' and '<org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
Offending resource: class path resource [applicationContext-security.xml]
at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72)
at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.checkFilterChainOrder(HttpSecurityBeanDefinitionParser.java:237)
at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.createFilterChain(HttpSecurityBeanDefinitionParser.java:132)
at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:81)
at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:88)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1419)
at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1409)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:184)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:140)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:111)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:522)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:436)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3830)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4337)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920)
at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:516)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
好像是配置问题。。求高手帮助。。

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

配置    <debug/>
    <global-method-security pre-post-annotations="enabled" ></global-method-security>
    <http  auto-config="false" use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint">
     <form-login login-page="/login.jsp"/>
     <intercept-url pattern="/login.jsp" access="permitAll"/>
     <intercept-url pattern="/skin/**" access="permitAll"/>
     <intercept-url pattern="/images/**"  access="permitAll"/>
     <intercept-url pattern="/loginInit.action"  access="permitAll"/>

     <session-management  invalid-session-url="/login.jsp" session-fixation-protection="newSession" session-authentication-error-url="/login.jsp">
     <concurrency-control max-sessions="1" expired-url="/login.jsp" error-if-maximum-exceeded="true"  />
     </session-management>
     <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"  />
<custom-filter ref="securityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>

     <access-denied-handler error-page="/accessno.jsp"/>
     <logout invalidate-session="true" logout-success-url="/login.jsp" logout-url="/j_spring_security_logout"/>
     <remember-me key="rememberpassword"  services-ref="ipconfig"/>

    </http>
    
     <beans:bean id="securityFilter" class="com.manage.security.filter.MySecurityFilter">
     
     <beans:property name="authenticationManager" ref="myUserDetailsprivate" />
     
     <beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
     
     <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" />
    </beans:bean>

<authentication-manager alias="myUserDetailsprivate">
<authentication-provider user-service-ref="myspringdetail" >

<password-encoder ref="mdpassword">
<salt-source ref="saltsource"/>
</password-encoder>
</authentication-provider>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>
</authentication-manager>
      
    <beans:bean id="loginFilter"
class="com.manage.security.filter.MyUsernamePasswordAuthenticationFilter">

<beans:property name="filterProcessesUrl" value="/j_spring_security_check"></beans:property>
<beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"></beans:property>
<beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property>
<beans:property name="authenticationManager" ref="myUserDetailsprivate"></beans:property>

<beans:property name="dao" ref="ManageUserIMP"></beans:property>
</beans:bean>

<beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="mdpassword"></beans:bean>
<beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource" id="saltsource">
<beans:property name="userPropertyToUse" value="username"></beans:property>
</beans:bean>

    <beans:bean id="ipconfig" class="com.manage.security.IpTockenServer">
     <beans:property name="key">
     <beans:value>rememberpassword</beans:value>
     </beans:property>
     <beans:property name="userDetailsService" ref="myspringdetail"></beans:property>
    </beans:bean>
<beans:bean id="myspringdetail" class="com.manage.security.MyUserDetailServiceImp">
<beans:property name="dao" ref="ManageUserIMP"></beans:property>
</beans:bean>
<beans:bean id="myAccessDecisionManager" class="com.manage.security.MyAccessDecisionManager"></beans:bean>
<beans:bean id="mySecurityMetadataSource"
class="com.manage.security.MySecurityMetadataSource">
<beans:constructor-arg name="adminUrlDAO" ref="AdminUrl"></beans:constructor-arg>
</beans:bean>
<beans:bean id="loginLogAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/index.jsp"></beans:property>
</beans:bean>
<beans:bean id="simpleUrlAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp"></beans:property>
</beans:bean>


<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp"></beans:property>
</beans:bean>
<debug/>
    <global-method-security pre-post-annotations="enabled" ></global-method-security>
    <http  auto-config="false" use-expressions="true" entry-point-ref="authenticationProcessingFilterEntryPoint">
     <form-login login-page="/login.jsp"/>
     <intercept-url pattern="/login.jsp" access="permitAll"/>
     <intercept-url pattern="/skin/**" access="permitAll"/>
     <intercept-url pattern="/images/**"  access="permitAll"/>
     <intercept-url pattern="/loginInit.action"  access="permitAll"/>

     <session-management  invalid-session-url="/login.jsp" session-fixation-protection="newSession" session-authentication-error-url="/login.jsp">
     <concurrency-control max-sessions="1" expired-url="/login.jsp" error-if-maximum-exceeded="true"  />
     </session-management>
     <custom-filter ref="loginFilter" position="FORM_LOGIN_FILTER"  />
<custom-filter ref="securityFilter" before="FILTER_SECURITY_INTERCEPTOR"/>

     <access-denied-handler error-page="/accessno.jsp"/>
     <logout invalidate-session="true" logout-success-url="/login.jsp" logout-url="/j_spring_security_logout"/>
     <remember-me key="rememberpassword"  services-ref="ipconfig"/>

    </http>
    
     <beans:bean id="securityFilter" class="com.manage.security.filter.MySecurityFilter">
     
     <beans:property name="authenticationManager" ref="myUserDetailsprivate" />
     
     <beans:property name="accessDecisionManager" ref="myAccessDecisionManager" />
     
     <beans:property name="securityMetadataSource" ref="mySecurityMetadataSource" />
    </beans:bean>

<authentication-manager alias="myUserDetailsprivate">
<authentication-provider user-service-ref="myspringdetail" >

<password-encoder ref="mdpassword">
<salt-source ref="saltsource"/>
</password-encoder>
</authentication-provider>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"/>
</authentication-provider>
</authentication-manager>
      
    <beans:bean id="loginFilter"
class="com.manage.security.filter.MyUsernamePasswordAuthenticationFilter">

<beans:property name="filterProcessesUrl" value="/j_spring_security_check"></beans:property>
<beans:property name="authenticationSuccessHandler" ref="loginLogAuthenticationSuccessHandler"></beans:property>
<beans:property name="authenticationFailureHandler" ref="simpleUrlAuthenticationFailureHandler"></beans:property>
<beans:property name="authenticationManager" ref="myUserDetailsprivate"></beans:property>

<beans:property name="dao" ref="ManageUserIMP"></beans:property>
</beans:bean>

<beans:bean class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" id="mdpassword"></beans:bean>
<beans:bean class="org.springframework.security.authentication.dao.ReflectionSaltSource" id="saltsource">
<beans:property name="userPropertyToUse" value="username"></beans:property>
</beans:bean>

    <beans:bean id="ipconfig" class="com.manage.security.IpTockenServer">
     <beans:property name="key">
     <beans:value>rememberpassword</beans:value>
     </beans:property>
     <beans:property name="userDetailsService" ref="myspringdetail"></beans:property>
    </beans:bean>
<beans:bean id="myspringdetail" class="com.manage.security.MyUserDetailServiceImp">
<beans:property name="dao" ref="ManageUserIMP"></beans:property>
</beans:bean>
<beans:bean id="myAccessDecisionManager" class="com.manage.security.MyAccessDecisionManager"></beans:bean>
<beans:bean id="mySecurityMetadataSource"
class="com.manage.security.MySecurityMetadataSource">
<beans:constructor-arg name="adminUrlDAO" ref="AdminUrl"></beans:constructor-arg>
</beans:bean>
<beans:bean id="loginLogAuthenticationSuccessHandler"
class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/index.jsp"></beans:property>
</beans:bean>
<beans:bean id="simpleUrlAuthenticationFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp"></beans:property>
</beans:bean>


<beans:bean id="authenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.jsp"></beans:property>
</beans:bean>
从错误信息来看，你的过滤器和默认的这个'order' 冲突了，
你看看你的loginFilter 有没有这么回事
<http auto-config='true'> 这个是这样的吗，去掉 auto-config='true'