春季安全中读取属性文件中的值时出错：会话管理标记

Question

我需要在spring security中实现会话管理，但在tomcat上部署应用程序时出现错误。应用程序试图从属性文件中获取invalid-session-url和expired-url属性值，但在耗尽时出错。

<security:http entry-point-ref="casAuthenticationEntryPoint" auto-config="true"> 
    <security:intercept-url pattern="/*" access="ROLE_USER"/> 
    <security:custom-filter position="CAS_FILTER" ref="casAuthenticationFilter"/> 
    <security:logout invalidate-session="true" logout-url="/logout" logout-success-url="#{CAS_server}/logout?service=#{CAS_application}/" delete-cookies="JSESSIONID"/> 
    <security:session-management invalid-session-url="#{CAS_server}/logout?service=#{CAS_application}" session-fixation-protection="newSession" > 
     <security:concurrency-control max-sessions="1" expired-url="#{CAS_server}/logout?service=#{CAS_application}" error-if-maximum-exceeded="true" /> 
    </security:session-management> 
</security:http> 

我只会在会话管理标签上看到这个错误。任何人都有任何想法。

Answer 1

快速配置，Spring的安全应用程序，我的配置包含以下，它工作正常（注意性能的会话管理标签注入）

test.properties

mytestservice=MyApp 
loginurl=/my-login.html 
invalidsessionurl=/my-login.html 

春季安全配置

<bean id="webPropertyConfigurer" 
     class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"> 
     <property name="ignoreResourceNotFound" value="true" /> 
     <property name="ignoreUnresolvablePlaceholders" value="true" /> 
     <property name="locations"> 
      <list> 
       <value>classpath:test.properties</value> 
      </list> 
     </property> 
    </bean> 



    <security:http> 
     <security:intercept-url pattern="/my-login.jsp" access="permitAll" /> 
     <security:intercept-url pattern="/**" access="hasRole('USER')" /> 
     <security:form-login login-page="${loginurl}" 
          authentication-failure-url="${loginurl}?error" /> 
     <security:http-basic /> 
     <security:session-management invalid-session-url="${invalidsessionurl}/logout?service=${mytestservice}" session-fixation-protection="newSession" /> 
     <security:logout /> 
    </security:http>