Spring 安全性 XML 错误 - cvc-complex-type.2.4.a: 发现以元素 'csrf' 开头的无效内容
Spring Security XML Error - cvc-complex-type.2.4.a: Invalid content was found starting with element 'csrf'
我在我的 Web 应用程序项目中使用 Spring 安全性。我想在我的 Spring 应用程序中启用 csrf 保护。
我的application-context-security.xml如下
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security secured-annotations="enabled"/>
<http disable-url-rewriting="true" auto-config="false" access-decision-manager-ref="accessDecisionManager" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<!-- Enable CSRF protection -->
<csrf />
<access-denied-handler ref="accessDeniedHandler"/>
</http>
<!-- Remaining information -->
</beans:beans>
我正在为我的项目使用 Spring 3.0.5 jar。
虽然运行,但我收到以下错误
SEVERE: Exception sending context initialized event to listener
instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'csrf'.
One of
'{"http://www.springframework.org/schema/security":intercept-url,
"http://www.springframework.org/schema/security":access-denied-handler,
"http://www.springframework.org/schema/security":form-login,
"http://www.springframework.org/schema/security":openid-login,
"http://www.springframework.org/schema/security":x509,
"http://www.springframework.org/schema/security":http-basic,
"http://www.springframework.org/schema/security":logout,
"http://www.springframework.org/schema/security":session-management,
"http://www.springframework.org/schema/security":remember-me,
"http://www.springframework.org/schema/security":anonymous,
"http://www.springframework.org/schema/security":port-mappings,
"http://www.springframework.org/schema/security":custom-filter,
"http://www.springframework.org/schema/security":request-cache}'
is expected.
我尝试在 google 上搜索此错误。我找到了几个相似的地方,但他们都说错误是由于 Spring 3.2+ 中的一些变化。但是,就我而言,我使用的是 Spring 3.0.5.
如有任何帮助,我们将不胜感激。
我认为 spring 安全的 csrf 快捷方式是在版本 3.2.0 中引入的(参见 blogpost)
也许你应该考虑更新你用过的 spring 版本
从
更新后出现同样的错误
spring 3.2.5 到 4.2.0
spring 安全性 3.1.4 到 4.0.2
我不得不更改架构位置
http://www.springframework.org/schema/security/spring-security.xsd
至
http://www.springframework.org/schema/security/spring-security-4.0.xsd
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:osgi="http://www.springframework.org/schema/osgi" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
在您的情况下, 元素在 spring 3.0.5 中不存在。
因此至少更新到 3.2 将是解决方案。
我在我的 Web 应用程序项目中使用 Spring 安全性。我想在我的 Spring 应用程序中启用 csrf 保护。 我的application-context-security.xml如下
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<global-method-security secured-annotations="enabled"/>
<http disable-url-rewriting="true" auto-config="false" access-decision-manager-ref="accessDecisionManager" entry-point-ref="authenticationEntryPoint">
<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<intercept-url pattern="/j_spring_security_check" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/j_spring_security_logout" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_FULLY, IS_AUTHENTICATED_REMEMBERED"/>
<!-- Enable CSRF protection -->
<csrf />
<access-denied-handler ref="accessDeniedHandler"/>
</http>
<!-- Remaining information -->
</beans:beans>
我正在为我的项目使用 Spring 3.0.5 jar。
虽然运行,但我收到以下错误
SEVERE: Exception sending context initialized event to listener
instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException:
nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.a:
Invalid content was found starting with element 'csrf'.
One of
'{"http://www.springframework.org/schema/security":intercept-url,
"http://www.springframework.org/schema/security":access-denied-handler,
"http://www.springframework.org/schema/security":form-login,
"http://www.springframework.org/schema/security":openid-login,
"http://www.springframework.org/schema/security":x509,
"http://www.springframework.org/schema/security":http-basic,
"http://www.springframework.org/schema/security":logout,
"http://www.springframework.org/schema/security":session-management,
"http://www.springframework.org/schema/security":remember-me,
"http://www.springframework.org/schema/security":anonymous,
"http://www.springframework.org/schema/security":port-mappings,
"http://www.springframework.org/schema/security":custom-filter,
"http://www.springframework.org/schema/security":request-cache}'
is expected.
我尝试在 google 上搜索此错误。我找到了几个相似的地方,但他们都说错误是由于 Spring 3.2+ 中的一些变化。但是,就我而言,我使用的是 Spring 3.0.5.
如有任何帮助,我们将不胜感激。
我认为 spring 安全的 csrf 快捷方式是在版本 3.2.0 中引入的(参见 blogpost)
也许你应该考虑更新你用过的 spring 版本
从
更新后出现同样的错误
spring 3.2.5 到 4.2.0
spring 安全性 3.1.4 到 4.0.2
我不得不更改架构位置
http://www.springframework.org/schema/security/spring-security.xsd
至
http://www.springframework.org/schema/security/spring-security-4.0.xsd
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:osgi="http://www.springframework.org/schema/osgi" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/osgi http://www.springframework.org/schema/osgi/spring-osgi.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
在您的情况下,
因此至少更新到 3.2 将是解决方案。