When I place the bean definition for springSecurityFilterChainin web.xml, I get an error indicating that Tomcat 7 will not start because there is a duplicate bean definition for springSecurityFilterChain. I uploaded the entire stack trace to a file sharing site, which you can read by clicking on this link. However, when I the comment out the springSecurityFilterChainbean definition in web.xmland try to restart the server, I get a different error message indicating that there is no bean definition for springSecurityFilterChain. You can read the second stack trace at the file sharing site by clicking on this link.

当我为springSecurityFilterChainin放置 bean 定义时web.xml，我收到一条错误消息，指出 Tomcat 7 将无法启动，因为有一个duplicate bean definition for springSecurityFilterChain. 我将整个堆栈跟踪上传到了一个文件共享站点，您可以通过单击此链接来阅读该站点。但是，当我注释掉springSecurityFilterChainbean 定义web.xml并尝试重新启动服务器时，我收到一条不同的错误消息，表明没有springSecurityFilterChain. 您可以通过单击此链接在文件共享站点上阅读第二个堆栈跟踪。

So where should I put the bean definition for springSecurityFilterChain, and what should its syntax be?

那么我应该把 bean 定义放在哪里springSecurityFilterChain，它的语法应该是什么？

I think the problem might be that the spring petclinic sample app, which I am using to test this approach, has its own way of using a clinicserviceand its own xml config files to handle application startup and the management of resources. You can view the entire code for the spring petclinic app at this link.

我认为问题可能在于我用来测试这种方法的 spring petclinic 示例应用程序有自己的使用方式clinicservice和自己的 xml 配置文件来处理应用程序启动和资源管理。您可以在此链接查看 spring petclinic 应用程序的完整代码。

The changes I made to the petclinic app are as follows:

我对 petclinic 应用程序所做的更改如下：

I added the following to pom.xml:

我在 pom.xml 中添加了以下内容：

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-core</artifactId>
  <version>3.2.2.RELEASE</version>
</dependency>

<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-web</artifactId>
  <version>3.2.2.RELEASE</version>
</dependency>
<dependency>
  <groupId>org.springframework.security</groupId>
  <artifactId>spring-security-config</artifactId>
  <version>3.2.2.RELEASE</version>
</dependency>  

I added the following to web.xml:

我在 web.xml 中添加了以下内容：

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

I added a package named org.springframework.security.samples.knowledgemanager.configto src/main/javain Java Resources, and then I added the following two classes to it:

我添加了一个名为包org.springframework.security.samples.knowledgemanager.config来src/main/java的Java Resources，然后我增加了以下两类它：

MessageSecurityWebApplicationInitializer.java:

MessageSecurityWebApplicationInitializer.java：

@Order(2)
public class MessageSecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}  

SecurityConfig.java:

安全配置.java：

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Autowired
    private UserDetailsService myCustomUserDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
        .jdbcAuthentication()
            .dataSource(dataSource)
            .and()
        .userDetailsService(myCustomUserDetailsService);
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
            .antMatchers("/app/**").hasRole("ADMIN")
            .and()
        .formLogin()
            .loginPage("/index.jsp")
            .defaultSuccessUrl("/app/")
            .failureUrl("/index.jsp")
            .permitAll()
            .and()
        .logout()
            .logoutSuccessUrl("/index.jsp");
    }
}