英文:
The same Spring APP behaves different when loading security core module?
问题
我有一个Springboot的WAR文件。当我在两台不同的机器上启动它时,它的行为不同。
在良好的机器上,日志中有以下信息:
11:45:29.289 [localhost-startStop-1] DEBUG o.a.f.i.c.b.WarWebApplicationInitializer - 使用 Spring Boot v2.2.4.RELEASE,Spring v5.2.3.RELEASE 运行
11:45:29.293 [localhost-startStop-1] INFO o.a.f.i.c.b.WarWebApplicationInitializer - 未设置活动配置文件,回退到默认配置文件:basicauth
11:45:36.709 [localhost-startStop-1] INFO o.s.s.core.SpringSecurityCoreVersion - 您正在使用 Spring Security Core 5.2.1.RELEASE
11:45:36.712 [localhost-startStop-1] INFO o.s.s.c.SecurityNamespaceHandler - Spring Security 'config' 模块版本为 5.2.1.RELEASE
11:45:36.725 [localhost-startStop-1] INFO o.s.s.c.m.GlobalMethodSecurityBeanDefinitionParser - 启用了方法安全表达式,但未配置 SecurityExpressionHandler。所有 hasPermision() 表达式将求值为 false。
在有问题的机器上运行,日志如下:
10:41:10.904 [localhost-startStop-1] DEBUG o.a.f.i.c.b.WarWebApplicationInitializer - 使用 Spring Boot v2.2.4.RELEASE,Spring v5.2.3.RELEASE 运行
10:41:10.907 [localhost-startStop-1] INFO o.a.f.i.c.b.WarWebApplicationInitializer - 未设置活动配置文件,回退到默认配置文件:basicauth
10:41:31.948 [localhost-startStop-1] WARN o.s.b.f.xml.XmlBeanDefinitionReader - 忽略 XML 验证警告
org.xml.sax.SAXParseException: schema_reference.4: 由于 1) 无法找到文档;2) 无法读取文档;3) 文档的根元素不是 <xsd:schema>,无法读取架构文档 'http://www.springframework.org/schema/security/spring-security.xsd'。
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.warning(ErrorHandlerWrapper.java:99)
我的问题是Spring使用什么过程来加载安全模块?在有问题的情况下,似乎应用程序无法在本地找到库,然后尝试在线获取?是这样吗?
在有问题的日志中稍后我看到了这个:
10:41:31.984 [localhost-startStop-1] ERROR o.s.boot.SpringApplication - 应用程序运行失败
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: 来自 URL [file:/bitnami/tomcat/data/fineract-provider/WEB-INF/classes/META-INF/spring/appContext.xml] 的 XML 文档中的第35行无效;嵌套异常是 org.xml.sax.SAXParseException;行号:35;列号:36;cvc-complex-type.2.4.c:匹配的通配符是严格的,但找不到元素 'sec:global-method-security' 的声明。
我猜这可能是由于 xsd 访问失败导致的。
英文:
I have an Springboot WAR file. When I start it on two different machine it behaves differently.
On good machine, it has this info in the log:
11:45:29.289 [localhost-startStop-1] DEBUG o.a.f.i.c.b.WarWebApplicationInitializer - Running with Spring Boot v2.2.4.RELEASE, Spring v5.2.3.RELEASE
11:45:29.293 [localhost-startStop-1] INFO o.a.f.i.c.b.WarWebApplicationInitializer - No active profile set, falling back to default profiles: basicauth
11:45:36.709 [localhost-startStop-1] INFO o.s.s.core.SpringSecurityCoreVersion - You are running with Spring Security Core 5.2.1.RELEASE
11:45:36.712 [localhost-startStop-1] INFO o.s.s.c.SecurityNamespaceHandler - Spring Security 'config' module version is 5.2.1.RELEASE
11:45:36.725 [localhost-startStop-1] INFO o.s.s.c.m.GlobalMethodSecurityBeanDefinitionParser - Expressions were enabled for method security but no SecurityExpressionHandler was configured. All hasPermision() expressions will evaluate to false.
Run it on bad machine, it gives:
10:41:10.904 [localhost-startStop-1] DEBUG o.a.f.i.c.b.WarWebApplicationInitializer - Running with Spring Boot v2.2.4.RELEASE, Spring v5.2.3.RELEASE
10:41:10.907 [localhost-startStop-1] INFO o.a.f.i.c.b.WarWebApplicationInitializer - No active profile set, falling back to default profiles: basicauth
10:41:31.948 [localhost-startStop-1] WARN o.s.b.f.xml.XmlBeanDefinitionReader - Ignored XML validation warning
org.xml.sax.SAXParseException: schema_reference.4: Failed to read schema document 'http://www.springframework.org/schema/security/spring-security.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>.
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:203)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.warning(ErrorHandlerWrapper.java:99)
My question here is what's the procedure Spring uses to load the security module? It seems to me in the bad case, the application failed to find library locally and try it online? Is that so?
Later in the bad log, I see this:
10:41:31.984 [localhost-startStop-1] ERROR o.s.boot.SpringApplication - Application run failed
org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 35 in XML document from URL [file:/bitnami/tomcat/data/fineract-provider/WEB-INF/classes/META-INF/spring/appContext.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 35; columnNumber: 36; cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'sec:global-method-security'.
I guess this is due to the fact that xsd access failed.
专注分享java语言的经验与见解,让所有开发者获益!
评论