I wasn't able to "autowire" inside a class that extends Spring security class (org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler).
I made it working by adding, in security-config.xml, the following code, already written inside the xml spring configuration file: <context:annotation-config />, <context:component-scan base-package="packagename...."/> and the beans that I autowired.
I have two questions:
Why have I to write twice that code (both inside the xml spring
configuration file and security-config.xml)
Is there a way to tell security-config.xml to "look" for the code
written inside the xml spring configuration file? This way I
shouldn't write the code twice.
Thank you
Try to import your security-beans.xml from your main beans.xml.
Both files should be in the same folder. the import, for example:
<import resource="spring-security.xml"/>
In your web.xml, write something like this:
<!-- to integrate Spring -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-servlet.xml</param-value>
</context-param>
2nd Approach - single beans.xml
Another approach, if you are afraid of imports, is to hold a single beans.xml that will include all beans - both the security beans as well as other beans. In this case, your web.xml will look like this:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
and your spring beans file will be spring-servlet.xml.
HTH.
Related
I am trying to use a boolean parameter from my application.properties in my spring-security configuration xml file.
I don't know why I can use not-boolean parameters, but I get an error for boolean.
How can I use boolean parameters?
Here is my application.properties:
JDBC_CONNECTION_STRING=jdbc:mysql://localhost:3306/schema?user=username&password=password
protocol=http
USE_SECURE=false
My spring-security.xml is:
< remember-me user-service-ref="internalUserDetails" data-source-ref="dataSource" key="this-is-my-key02203452416fw" use-secure-cookie="${USE_SECURE}" />
...
but I get this error:
cvc-datatype-valid.1.2.1: '${USE_SECURE}' is not a valid value for 'boolean'
I have also tried to set USE_SECURE=False but I get the same error again.
How can I use boolean parameters in the spring security configuration xml file?
Here is my web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0" >
<display-name> Name-MyApp</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<!-- Servlets -->
<servlet>
<servlet-name>MyApp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Servlets Mappings -->
<servlet-mapping>
<servlet-name>MyApp</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/servlet-context.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Filters -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>httpMethodFilter</filter-name>
<servlet-name>MyApp</servlet-name>
</filter-mapping>
<filter>
<filter-name>httpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
Looks that instead the value the key '${USE_SECURE}' is being passed. I come across similiar issue when I wanted to inistiate Boolean
<bean id="flag" class="java.lang.Boolean">
<constructor-arg value="${FLAG}"/>
</bean>
It works ok with the 'property', so i solved my case in other way. I am not sure if it is a spring bug?
The xsd schema definition of the security namespace only allows boolean values in the use-secure-cookie attribute. If you don't specify one of the allowed literals ("true" or "false"), your xml won't pass the schema validation, and won't get even parsed.
So if you use the security namespace configuration, you won't be able to use external properties to set this value. To prove my point, here is the relevant code snippet from RememberMeBeanDefinitionParser.parse():
String useSecureCookie = element.getAttribute("use-secure-cookie");
if (StringUtils.hasText(useSecureCookie)) {
services.getPropertyValues().addPropertyValue(
"useSecureCookie", Boolean.valueOf(useSecureCookie));
}
As you can see the attribute is straight away converted to boolean, so no mechanism is given any chance to further process the value.
I'm not completely sure, but chances are that this could be fixed by simply relaxing the xsd to allow any string value, and pass that value to the bean definition (services above) without converting it to boolean. Then a PropertyPlaceholderConfigurer could later resolve the given value if it happens to be a property placeholder.
If you want to give it a try, feel free to open a ticket in the Spring Security issue tracker.
I'm using annotation based configuration and so far worked without a web.xml.
Now, according to documentation, I'll need to create a web.xml file and add these fields to it:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Can I configure this too with annotations?
Because If I make a web.xml and put only this, I'll get some other errors in runtime (like missing ContextLoaderListener etc etc..).
web.xml is part of the standard web-application packaging structure. This structure allows you to deploy your packaged war file on different servers such as Tomcat and Jetty.
You can read more about web.xml here: http://en.wikipedia.org/wiki/Deployment_descriptor
You can read about the standard directory structure here (this is for Tomcat, but most web-servers follow the same/similar structure):
http://tomcat.apache.org/tomcat-6.0-doc/appdev/deployment.html#Standard_Directory_Layout
You should already have a web.xml if your application is a web-application. If not, then you should not create a web.xml but find another way of hooking in Spring Security. Please let us know how your application is currently deployed.
Here is an example of a web.xml for Spring with Spring Security:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd">
<web-app>
<!-- Spring Security Filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- The front controller of the Spring MVC Web application, responsible
for handling all application requests -->
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/web-application-config.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
For a web app you need a web.xml.
Regarding your error missing ContextLoaderListener, just add this to the web.xml
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
I use spring-jersey to expose rest services. My web.xml looks as follows:
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/rest/*</url-pattern>
</servlet-mapping>
Let say standard.
I have a lot of rest services in many packages and I need to goup them in two context, let say "base" and "advanced" services. Moreover I need to get rid of the "rest" prefix in url-pattern. So I thought about group them into two packages and then in web.xml define two jersey servlets with com.sun.jersey.config.property.packages init param:
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.example.app.rest.base</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/base/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Another Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.example.app.rest.advanced</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>Another Jersey REST Service</servlet-name>
<url-pattern>/advanced/*</url-pattern>
</servlet-mapping>
Unfortunately due to component scan set in applicationContext.xml
<context:component-scan base-package="com.example.app" />
property com.sun.jersey.config.property.packages is ignored (all rest services can be accessed under each context) and it cannot be handle like that.
I am wondering how can I deal with that in other way. The only thing which I don't want to do is to set
<url-pattern>/*</url-pattern>
that catch everyting.
You can specify multiple packages. Just separate them by a comma.
<context:component-scan base-package="com.example.app,com.sun.jersey" />
You can also define two component-scan items and they should work just as well, too.
If the package differentiation won't help, use a filter.
<context:component-scan base-package="org.example">
<context:include-filter type="regex" expression=".*Repository"/>
</context:component-scan>
And then, just make a separate applicationContext for each service but use an init-param of contextConfigLocation and init-value of the location/name of that app context. So, if you make a specific app context to load for each service, the component scan filtering will load everything you need for one service and exclude the other one.
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/rest-service1.xml</param-value>
</init-paraam>
Actually, if you make a separate xml file for each, you can just go back to using the different package at that point, I believe.
here is my web.xml:
<?xml version="1.0" encoding="UTF-8"?><web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- Enables clean URLs with JSP views e.g. /welcome instead of /app/welcome -->
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/*.xml
</param-value>
</context-param>
<!-- Handles all requests into the application -->
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/*.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Maps all /app requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Why there are two instances of application context created?
When I add a scheduled method with #Scheduled it is invoked twice, because of those two application contexts.
You are loading twice times the same spring config files. Of course you have two separate application contexts. At first I would rename the servlet name for the DispatcherServerlet to "spring3mvc". The servlet definition should look like this:
<servlet>
<servlet-name>spring3Mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
If you have it in this way, you should have a spring config file "spring3Mvc-servlet.xml" in your "WEB-INF" directory. Spring will find this file automatically because of the right naming convention. In this file you should just have the beans who are important for springMVC. It could look like this:
<context:component-scan base-package="org.company.gui.controller"/>
<bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".view.jsp"/>
</bean>
This should fix your problem.
I noticed that you have
<load-on-startup>1</load-on-startup>
in the following block
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/*.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
try removing that... it worked for me
Do you have any other spring filters or jsp pages in your web.xml not shown in your code snippet?
I ask, to answer your question, because I believe this quote from Spring documentation could explain what might be happening...
"In the web MVC framework, each
DispatcherServlet has its own
WebApplicationContext, which inherits
all the beans already defined in the
root WebApplicationContext. These
inherited beans defined can be
overridden in the servlet-specific
scope, and new scope-specific beans
can be defined local to a given
servlet instance."
If you answered "yes" to my web.xml question, then my guess is that Spring instantiates a root WebApplicationContext when a spring filter is created (via ContextLoaderListener). So, this would happen BEFORE...
Then, when the DispatcherServlet is created, the "contextConfigLocation" refers to the same files (that is, the same bean names), so a new WebApplicationContext gets overridden bean names local to that servlet!
I wonder, even if you answered "no", whether this might still happen anyway. Since you set "contextConfigLocation" (used by the ContextLoaderListener) and "override" it in DispatcherServlet configuration; I assume Spring is not checking whether those configurations are using the same file set.
You can run these scenarios through a debugger and put breakpoints on WebApplicationContext methods to find out for sure.
Workaround:
To solve the problem, either:
1) make sure your 2 contextConfigLocations don't overlap in files they use
Or:
2) break out the Scheduling bean in its own xml file and make sure it's referred to by only one of the 2 contextConfigLocations
I want to add a filter to map a specific path in URL.
My server side used Spring 2.5.x, BlazeDS (servlet) with TomCat server.
So, my web.xml file is composed like that :
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-main-config.xml
</param-value>
</context-param>
<filter>
<filter-name>FacebookOAuthFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>FacebookOAuthFilter</filter-name>
<url-pattern>/fbauth</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring MVC Servlet (that will route HTTP requests to BlazeDS) -->
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-main-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
When I start my TomCat server, an exception is catched :
[BlazeDS][ERROR] [Configuration] MessageBroker failed to start: Exception: flex.messaging.config.ConfigurationException: MessageBroker already defined from MessageBrokerServlet with init parameter messageBrokerId = '_messageBroker'
at flex.messaging.MessageBroker.registerMessageBroker(MessageBroker.java:1916)
COuld you help me please ?
Thank you very much,
Anthony
I believe you are loading the incorrect configuration file here...
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-main-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
you have alreaded loaded /WEB-INF/spring-main-config.xml in the first few lines of the file
http://www.springbyexample.org/examples/simple-flex-webapp.html
This isn't really a Flex or BlazeDS issue, it's a more basic mis-configuration of Spring.
You're configured two separate Spring app-contexts, both with the same set of bean definitions (/WEB-INF/spring-main-config.xml).
The app-context defined by the <context-param> is the app-context associated with the webapp. The app-context defined by the ` is associated with the servlet.
Since you've given the same beans file to both, it'll instantiate and initialize the same set of beans twice, and the second time seems to be failing because the MessageBroker has already been defined.
You either need to break up your bean definitions into two sets, or just remove the first one, and just use the servlet context.