Spring security authentication Filter Exception - spring

I'm trying to integrate spring security to my application after configuration i'm blocked in this error
I'm trying to implement Spring 3 Security in a project, but I can not get rid of the following error:
GRAVE: Servlet.service() for servlet [Faces Servlet] in context with path [/Gelt]
threw exception [L''exécution du filtre (Filter) a lancé une exception] with root
cause java.lang.NoSuchMethodError: org.springframework.security.access.intercept.AbstractSecurityInterceptor.finallyInvocation(Lorg/springframework/security/access/intercept/InterceptorStatusToken;)V
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:120)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<http use-expressions="true">
<intercept-url pattern="/pages/centres.jsf" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<intercept-url pattern="/pages/services.jsf" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<intercept-url pattern="/pages/medecins.jsf" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<intercept-url pattern="/pages/fiches.jsf" access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
<intercept-url pattern="/pages/users.jsf" access="hasRole('ROLE_ADMIN')" />
<!--
<access-denied-handler error-page="/403.jsf" />-->
<!-- access denied page
<access-denied-handler error-page="/403.jsf" />-->
<form-login />
<logout logout-success-url="/index.jsf" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="SELECT username , password , idrole FROM user U where U.username=?"
authorities-by-username-query="SELECT U.username as username, R.role as role FROM user U, role R WHERE U.idrole=R.idrole and U.username=?"
/>
</authentication-provider>
</authentication-manager>
<beans:bean id="LoginBean" name="LoginBean" class="com.mdsoft.gelt.bean.LoginBean" scope="prototype">
<beans:property name="authenticationManager" ref="authenticationManager"></beans:property>
</beans:bean>
pom.xml
<!-- Spring Security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>3.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.webflow</groupId>
<artifactId>spring-faces</artifactId>
<version>2.3.1.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.1.RELEASE</version>
<type>jar</type>
</dependency>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns
/javaee/web-app_2_5.xsd"
id="WebApp_ID"
version="2.5">
<display-name>GELT</display-name>
<!-- Spring Security Facelets Tag Library -->
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Spring Context Configuration' s Path definition -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- The Bootstrap listener to start up and shut down Spring's root WebApplicationContext. It is registered to Servlet Container -->
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<!-- Project Stage Level -->
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<!-- Welcome Page -->
<welcome-file-list>
<welcome-file>/index.jsf</welcome-file>
</welcome-file-list>
<!-- JSF Servlet is defined to container -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Mapping with servlet and url for the http requests. -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
please help me
thanks for your helps
regards

You typically see such errors when your code is compiled against one version of a library but another version of the library is on the classpath at runtime.
If we look at the method in question we can see it does not exist in v3.1.1 of Spring Security
http://docs.spring.io/autorepo/docs/spring-security/3.1.1.RELEASE/apidocs/org/springframework/security/access/intercept/AbstractSecurityInterceptor.html
but was present in v3.1.5
http://docs.spring.io/autorepo/docs/spring-security/3.1.5.RELEASE/apidocs/org/springframework/security/access/intercept/AbstractSecurityInterceptor.html
I note the mismatch in your POM between spring-security-core (3.1.1) and the web and config modules (3.1.5). So we can guess that you code is compiled against 3.1.1 (look at the Maven dependency hierarchy) to confirm but that 3.1.5 is being used at runtime (look in WEB-INF/lib folder of your deployed web app to confirm 3.1.5 is present - this is being pull in as a transitive dependency of web and config modules).
Suggested fix is then to update your POM to point core module to 3.1.5.
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>3.1.5.RELEASE</version>
<type>jar</type>
</dependency>

Related

Accessing OSGI service from Spring

I would like to access OSGI service from Spring bean without DM. Currently I have 2 bundles bundle A is just exposing service, and bundle B is a web application with JSF and Spring Security. The following is the project structure:
-webapp
|
-OSGI-INF/blueprint/blueprint.xml
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0">
<bean id="sampleBean" class="com.test.bundleb.bean.SampleBean" init-method="create" activation="eager">
<property name="bundleAService" ref="bundleAService"></property>
</bean>
<reference id="bundleAService" interface="com.test.bundlea.service.BundleAService"/>
</blueprint>
|
-WEB-INF/faces-config.xml
<faces-config
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd"
version="2.1">
<application>
<message-bundle>messages</message-bundle>=
<el-resolver>com.test.bundleb.listener.OsgiELResolver</el-resolver>
<el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>
</faces-config>
Note that for accessing osgi beans from jsf bean, the following solution taken as-is and it is working.
Injecting blueprint OSGi service into JSF/PrimeFaces bean
|
-WEB-INF/web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="3.0">
<description>Test Web Application</description>
<context-param>
<param-name>facelets.VIEW_MAPPINGS</param-name>
<param-value>*.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<!-- FIXME This should not be required, but Jetty does not pick up the
listener from a TLD at the moment. -->
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener
</listener-class>
</listener>
<!-- For Spring Security. -->
<listener>
<listener-class>com.bundleb.listener.ServiceLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
|
-WEB-INF/spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/secured" access="ROLE_USER"/>
<intercept-url pattern="/scripts" access="isAuthenticated()"/>
<form-login login-page="/login.xhtml" default-target-url="/secured/welcome.xhtml"
authentication-failure-url="/login.xhtml?status=error"/>
<logout logout-success-url="/login.xhtml?status=logout"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abc" password="ABC" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I can access OSGI service from JSF bean, the spring context can also be initialized and the security works fine. However, I couldn't access OSGI service from Spring bean. Is there a way to access it from spring bean without using Spring DM?

Spring Webservices using Apache CXF is not getting deployed in the client server (weblogic)

I am working on building spring webservices for an application. I am using apache cxf for creating webservices and maven for building the war. I am using weblogic 12c to deploy the webservice in my PC. I am using "org.codehaus.jackson.jaxrs.JacksonJsonProvider" as the jsonProvider. The code gets deployed in the server running machine without any errors. But when i try to deploy the same code in the client machine that has weblogic 12.2.1 the deployment fails with the following error:
"Jersey" failed to preload on startup in Web application:
"broker-ws.war".
<[ACTIVE] ExecuteThread: '12' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1490020025257> <BEA-101216> <Servlet: "Jersey" failed to preload on startup in Web application: "broker-ws.war".
at com.sun.jersey.spi.inject.Errors.processErrorMessages(Errors.java:170)
at com.sun.jersey.spi.inject.Errors.postProcess(Errors.java:136)
at com.sun.jersey.spi.inject.Errors.processWithErrors(Errors.java:199)
at com.sun.jersey.server.impl.application.WebApplicationImpl.initiate(WebApplicationImpl.java:795)
at com.sun.jersey.server.impl.application.WebApplicationImpl.initiate(WebApplicationImpl.java:790)
at com.sun.jersey.spi.container.servlet.ServletContainer.initiate(ServletContainer.java:491)
at com.sun.jersey.spi.container.servlet.ServletContainer$InternalWebComponent.initiate(ServletContainer.java:321)
at com.sun.jersey.spi.container.servlet.WebComponent.load(WebComponent.java:605)
at com.sun.jersey.spi.container.servlet.WebComponent.init(WebComponent.java:207)
at com.sun.jersey.spi.container.servlet.ServletContainer.init(ServletContainer.java:376)
at com.sun.jersey.spi.container.servlet.ServletContainer.init(ServletContainer.java:559)
at javax.servlet.GenericServlet.init(GenericServlet.java:240)
at weblogic.jaxrs.server.portable.servlet.ServletContainer.init(ServletContainer.java:121)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:337)
at weblogic.servlet.internal.StubSecurityHelper$ServletInitAction.run(StubSecurityHelper.java:288)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
at weblogic.servlet.internal.StubSecurityHelper.initServletInstance(StubSecurityHelper.java:98)
at weblogic.servlet.internal.StubSecurityHelper.createServlet(StubSecurityHelper.java:86)
at weblogic.servlet.internal.StubLifecycleHelper.createOneInstance(StubLifecycleHelper.java:71)
at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:57)
at weblogic.servlet.internal.StubLifecycleHelper.<init>(StubLifecycleHelper.java:31)
at weblogic.servlet.internal.ServletStubImpl.initStubLifecycleHelper(ServletStubImpl.java:656)
at weblogic.servlet.internal.ServletStubImpl.prepareServlet(ServletStubImpl.java:600)
at weblogic.servlet.internal.WebAppServletContext.preloadServlet(WebAppServletContext.java:1974)
at weblogic.servlet.internal.WebAppServletContext.loadServletsOnStartup(WebAppServletContext.java:1951)
at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1841)
at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:2871)
at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1661)
at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:823)
at weblogic.application.internal.ExtensibleModuleWrapper$StartStateChange.next(ExtensibleModuleWrapper.java:360)
at weblogic.application.internal.ExtensibleModuleWrapper$StartStateChange.next(ExtensibleModuleWrapper.java:356)
at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42)
at weblogic.application.internal.ExtensibleModuleWrapper.start(ExtensibleModuleWrapper.java:138)
at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:124)
I am not explicitly referencing Jersey anywhere in my project, but i am using jax-rs which is looking for Jersey.The weblogic server in my machine had Jersey jars, but the weblogic present in the client machine did not have Jersey jars. I tried adding the following jars to my pom.xml:
<!-- https://mvnrepository.com/artifact/org.glassfish.jersey.bundles/jaxrs-ri -->
<dependency>
<groupId>org.glassfish.jersey.bundles</groupId>
<artifactId>jaxrs-ri</artifactId>
<version>2.25.1</version>
</dependency>
<dependency>
<groupId>org.glassfish.hk2</groupId>
<artifactId>hk2-api</artifactId>
<version>2.5.0-b32</version>
</dependency>
<dependency>
<groupId>org.glassfish.hk2</groupId>
<artifactId>hk2-locator</artifactId>
<version>2.5.0-b32</version>
</dependency>
<dependency>
<groupId>org.glassfish.hk2</groupId>
<artifactId>hk2-utils</artifactId>
<version>2.5.0-b32</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.glassfish.hk2/hk2-inhabitant-generator -->
<dependency>
<groupId>org.glassfish.hk2</groupId>
<artifactId>hk2-inhabitant-generator</artifactId>
<version>2.5.0-b19</version>
</dependency>
<!-- https://mvnrepository.com/artifact/javax.inject/javax.inject -->
<!-- https://mvnrepository.com/artifact/org.apache.servicemix.bundles/org.apache.servicemix.bundles.javax-inject -->
<dependency>
<groupId>org.apache.servicemix.bundles</groupId>
<artifactId>org.apache.servicemix.bundles.javax-inject</artifactId>
<version>1_2</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.glassfish.jersey.core/jersey-client -->
<dependency>
<groupId>org.glassfish.jersey.core</groupId>
<artifactId>jersey-client</artifactId>
<version>2.25.1</version>
</dependency>
<!-- https://mvnrepository.com/artifact/org.glassfish.jersey.bundles.repackaged/jersey-guava -->
<dependency>
<groupId>org.glassfish.jersey.bundles.repackaged</groupId>
<artifactId>jersey-guava</artifactId>
<version>2.25</version>
</dependency>
Yet i am unable to deploy the application without any error. I get a different error now.
java.lang.IllegalStateException: No generator was provided and there
is no default generator registered
Please find below my jax-rs configuration in the spring-config file.
<jaxrs:server id="restService" address="/rest">
<jaxrs:serviceBeans>
<ref bean="userService" />
<ref bean="billingService" />
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean='jsonProvider' />
</jaxrs:providers>
<jaxrs:inInterceptors>
<bean class="com.brokerws.interceptor.WSLoggingRequestInterceptor" />
</jaxrs:inInterceptors>
<jaxrs:outInterceptors>
<bean class="com.brokerws.interceptor.WSLoggingResponseInterceptor" />
</jaxrs:outInterceptors>
</jaxrs:server>
Please find below my web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
metadata-complete="true" version="3.0">
<display-name>SuppApp</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/app-beans.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>CXFServlet</servlet-name>
<servlet-class>org.apache.cxf.transport.servlet.CXFServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>CXFServlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>health-check</servlet-name>
<servlet-class>com.suddenlink.util.HealthCheckServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>health-check</servlet-name>
<url-pattern>/healthCheck</url-pattern>
</servlet-mapping>
<filter>
<filter-name>Logback-MDC-Filter</filter-name>
<filter-class>com.suddenlink.traceability.filter.HttpHeaderServletFilter</filter-class>
<init-param>
<param-name>application_name</param-name>
<param-value>broker-ws</param-value>
</init-param>
<init-param>
<param-name>application_type</param-name>
<param-value>ws</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>Logback-MDC-Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Can someone tell me what i am missing here.I tried various solutions given over the internet, but nothing worked for me.
Finally found the root cause for the issue. It was the spring webapp version, which was making the weblogic server look for jersey dependency. I changed the webapp version from 3.0 to 2.5 and the error is gone. Hope this helps somebody who will run into this issue as this took nearly two days to figure what was actually happening.

Spring Security: No bean named 'springSecurityFilterChain' is defined

I just equipped a simple Spring test project with basic authentication functionality. When the server is loaded I get the well-known error
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined.
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Activate Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
servlet-context.xml contains the security related configuration:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory -->
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<sec:http auto-config='true'>
<sec:intercept-url pattern="/**" access="ROLE_USER" />
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
<sec:user name="bob" password="bobspassword" authorities="ROLE_USER" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
<context:component-scan base-package="myproject" />
</beans:beans>
What am I missing?
Additionally to M. Deinum's comment I found out that I could just add the path of my servlet-context to the contextConfigLocation:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml /WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</context-param>
This solved the problem for me.

Spring security: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored.

I am trying to configure spring security on my simple app, but I keep getting this error.
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
I have seen other similar posts, but could not figure out why I am getting this error. I don't seems to have duplicate security:http namespace configured.
Here goes my web.xml
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>sampler</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:**/sampler-context.xml
classpath:**/sampler-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>sampler</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>sampler</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring security config:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Add Authentication Manager -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" authorities="ROLE_USER" password="test"/>
</user-service>
</authentication-provider>
</authentication-manager>
<!-- This would add login screen -->
<http auto-config="true">
<intercept-url pattern="/admin/*" access="ROLE_USER"/>
</http>
Its just a simple login functionality that I wanted to provide as of now. Any help around this issue would be really appreciated.
The problem was in the regex of classpath in the context-param.
<param-value>
classpath:**/sampler-context.xml
classpath:**/sampler-security.xml
</param-value>
Changing it to
<param-value>
classpath*:sampler-context.xml
classpath*:sampler-security.xml
</param-value>
solves this problem.

Exception starting filter springSecurityFilterChain - org.springframework.beans.factory.NoSuchBeanDefinitionException

I am new with spring. I am trying to use Spring Security to have authentication using MySQL, I get this error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
By judging from similar questions I think the security config file is not loaded.
my config file is in src/main/resources/spring-security.xml and I include it in awt.project.init.WebAppConfig:
#Configuration
#EnableWebMvc
#EnableTransactionManagement
#ComponentScan("awt.project")
#ImportResource("classpath:spring-security.xml")
public class WebAppConfig {
....
}
Here is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- Serves static resource content from .jar files such as spring-faces.jar -->
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.springframework.js.resource.ResourceServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<!-- Map all /resources requests to the Resource Servlet for handling -->
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<!-- Java-based Spring container definition -->
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<!-- Location of Java #Configuration classes that configure the components that makeup this application -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
awt.project.init
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Secures the application -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I tried to also include the spring-security.xml in contexConfiguration as classpath:spring-security.xml but still I get the same problem.
Here is the spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/sec/moderation.html" access="ROLE_MODERATOR" />
<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
<form-login login-page="/user-login.html"
default-target-url="/success-login.html" authentication-failure-url="/error-login.html" />
<logout logout-success-url="/index.html" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
I might be wrong, but if you use AnnotationConfigWebApplicationContext and specify only a package name in contextConfigLocation, Spring will scan that package only for classes with a stereotype annotation (#Component, #Controller, #Service, etc), so your WebAppConfig is basically ignored. Try giving the fully qualified name of WebAppConfig as contextConfigLocation.

Resources