Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <security:http auto-config="true" use-expressions="true" pattern="/ext/**">
- <csrf disabled="true" />
- </security:http>
- <security:http auto-config="true" use-expressions="true" authentication-manager-ref="authenticationManager">
- <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER')" />
- <security:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login" login-processing-url="/j_spring_security_check" />
- <security:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
- </security:http>
- Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter gov.in.controller.filter.LoginAdtAuthFailHdlr.usernamePasswordAuthenticationFilter; nested exception is org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] is defined: expected single matching bean but found 2: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#1
- at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:561)
- at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
- at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
- ... 58 more
- Caused by: org.springframework.beans.factory.NoUniqueBeanDefinitionException: No qualifying bean of type [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter] is defined: expected single matching bean but found 2: org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#1
- at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1054)
- at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:942)
- at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:533)
- ... 60 more
- <security:http use-expressions="true" authentication-manager-ref="authenticationManager">
- <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER')" />
- <security:form-login login-page="/login" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-url="/login" login-processing-url="/j_spring_security_check" />
- <security:logout invalidate-session="true" logout-url="/logout" success-handler-ref="logoutSuccessHandler" />
- <security:csrf request-matcher-ref="csrfSecurityRequestMatcher" />
- </security:http>
- public class CsrfSecurityRequestMatcher implements RequestMatcher {
- private Pattern allowedMethods = Pattern.compile("^(GET|HEAD|TRACE|OPTIONS)$");
- private RegexRequestMatcher unprotectedMatcher = new RegexRequestMatcher("/ext/**", null);
- @Override
- public boolean matches(HttpServletRequest request) {
- if(allowedMethods.matcher(request.getMethod()).matches()){
- return false;
- }
- return !unprotectedMatcher.matches(request);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement