Aide sécuriser plusieurs modules avec spring security

**ahmedpa** · 15/06/2015, 19h03

Bonjour,

J'ai développé un espace candidat en utilisant spring security et ça marche très bien mais lorsque je voulais ajouter un autre espace admin qui possède une authentification aussi et je voulais utiliser spring security mais ça ne marche plus.

Je voudrais savoir pourquoi ça ne marche pas s'il vous plait.

Voici mon code de security :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
	xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:security="http://www.springframework.org/schema/security"
	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
		http://www.springframework.org/schema/beans
	   http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
	   http://www.springframework.org/schema/security
	  http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
 
 
	<security:http use-expressions="true"
	access-denied-page="/404.xhtml" >
 
		<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/candidat.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/aproposdemoi.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/chargermoncv.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/completermonprofil.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/maphotodeprofil.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/mescompetences.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/mesexperiences.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/meslangues.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/moncompte.xhtml" />
			<security:intercept-url access="hasAnyRole('candidat')"
			pattern="/supprimercompte.xhtml" />
 
		<security:form-login login-processing-url="/j_spring_security_check" 
			login-page="/carrieres?login_error=1" always-use-default-target="true"
			default-target-url="/candidat.xhtml" />		
		<security:logout logout-success-url="/carrieres.xhtml" />	
		<security:remember-me key="uniqueAndSecret"/>
	</security:http>
 
 
 
 
	 <security:http use-expressions="true" 
	access-denied-page="/404.xhtml" >
 
		<security:form-login login-processing-url="/j_spring_security_check" 
			login-page="/adminzone?login_error=1" always-use-default-target="true"
			default-target-url="/candidat.xhtml" />		
		<security:logout logout-success-url="/carrieres.xhtml" />
 
		<security:remember-me key="uniqueAndSecret"/>
 
	</security:http>
 
 
 
 
	   <security:authentication-manager>
		<security:authentication-provider>
			<security:password-encoder hash="md5" />
			<security:jdbc-user-service id="jdbcMemoryAP"
				data-source-ref="dataSource"
				users-by-username-query="
		      select email_candidat,mot_de_passe_candidat,enabled  
		      from candidat where email_candidat=?"
				authorities-by-username-query="
		      select u.email_candidat, ur.autorite from candidat u, role_candidat ur 
		      where u.id_candidat = ur.candidat and u.email_candidat =? " />
		</security:authentication-provider>
	</security:authentication-manager>
 
 
 
	<security:authentication-manager>
		<security:authentication-provider>
			<security:password-encoder hash="md5" />
			<security:jdbc-user-service id="jdbcMemoryAP"
				data-source-ref="dataSource"
				users-by-username-query="
		      select email_admin,mot_de_passe,enabled  
		      from administrateur where email_admin=?"
 
				authorities-by-username-query="
		      select u.email_admin, ur.autorite from administrateur u, role_admin ur 
		      where u.idAdmin = ur.administateur and u.email_admin =? " />
		</security:authentication-provider>
	</security:authentication-manager>
 
 
 
</beans>

et donc j'ai deux authentification et deux connexion à la base.

L'erreur est la suivante :

Code :

Sélectionner tout - Visualiser dans une fenêtre à part

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:469)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4729)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5167)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1409)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1399)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
	at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49)
	at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39)
	at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:151)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
	... 21 more

Merci

Aide sécuriser plusieurs modules avec spring security

Spring Java

Mode arborescent

Discussions similaires

Partager

Partager