I am getting this problem. Spring security 3.1.3.RELEASEE. This is a simple Spring form based login security. I am getting an exception No bean named 'springSecurityFilterChain' is defined whenever the server is getting started.
WEB.XML -
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml,
/WEB-INF/spring/appServlet/login-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
LOGIN--SECURITY.XML -
<security:http auto-config="true">
<security:intercept-url pattern="/welcome*" access="ROLE_USER" />
<security:form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="mkyong" password="123456" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
I do not get any warnings either. Can somebody please have a look ?
The DelegatingFilterProxy only has access to the, so called, root application context. Which is the file loaded by the ContextLoaderListener.
So instead of letting the DispatcherServlet load the /WEB-INF/spring/appServlet/login-security.xml move it to the configuration of the ContextLoaderListener.
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/appServlet/login-security.xml</param-value>
</context-param>
Related
I've tried the example provided by official reference Spring Session. After login via http://localhost:8080/login it seems session data is still stored in memory, and no redis interactions(observed through redis-cli monitor command). Only JSESSIONID stored in cookies
Settings below:
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring.xml:
<context:annotation-config/>
<beans:bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<beans:bean class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:hostName="192.168.1.230"
p:port="6379"
/>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="root" password="123456" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true">
<security:intercept-url pattern="/ping" access="hasRole('ROLE_ADMIN')"/>
<security:form-login default-target-url="/ping"/>
<security:csrf disabled="true"/>
</security:http>
<mvc:annotation-driven/>
<context:component-scan base-package="io.hbprotoss.demo.controller"/>
You need to declare the session repository filter, like this:
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Since you are using spring security make sure that session repository filter is declared before security filter (and any other filter(s) that might want to access the session otherwise you might end up with two session one provided by the servlet container and one by spring session.
More details can be found here
https://docs.spring.io/spring-session/docs/current/reference/html5/#xml-servlet-container-initialization
Trying to link a css stylesheet to one of my jsp files, but I seem to be missing something because the stylesheet is never found.
mvc-config.xml:
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" />
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
</beans>
my link tag in jsp file
<link rel="stylesheet" type="text/css" href="http://localhost/testing/resources/css/common.css">
web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/datasource.xml,
/WEB-INF/spring-security.xml,
/WEB-INF/mvc-config.xml
</param-value>
</context-param>
<!-- Spring Security Filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
My folder structure is webapp/resources/css
What am I missing?
When I try to access the css file directly through the browser, it just redirects me to my jsp file.
I noticed you are including a security configuration file in your web.xml. Make sure you disable security for your assets / resources:
<http pattern="/resources/**" security="none" />
I am new with spring. I am trying to use Spring Security to have authentication using MySQL, I get this error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
By judging from similar questions I think the security config file is not loaded.
my config file is in src/main/resources/spring-security.xml and I include it in awt.project.init.WebAppConfig:
#Configuration
#EnableWebMvc
#EnableTransactionManagement
#ComponentScan("awt.project")
#ImportResource("classpath:spring-security.xml")
public class WebAppConfig {
....
}
Here is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- Serves static resource content from .jar files such as spring-faces.jar -->
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.springframework.js.resource.ResourceServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<!-- Map all /resources requests to the Resource Servlet for handling -->
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<!-- Java-based Spring container definition -->
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<!-- Location of Java #Configuration classes that configure the components that makeup this application -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
awt.project.init
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Secures the application -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I tried to also include the spring-security.xml in contexConfiguration as classpath:spring-security.xml but still I get the same problem.
Here is the spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/sec/moderation.html" access="ROLE_MODERATOR" />
<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
<form-login login-page="/user-login.html"
default-target-url="/success-login.html" authentication-failure-url="/error-login.html" />
<logout logout-success-url="/index.html" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>
I might be wrong, but if you use AnnotationConfigWebApplicationContext and specify only a package name in contextConfigLocation, Spring will scan that package only for classes with a stereotype annotation (#Component, #Controller, #Service, etc), so your WebAppConfig is basically ignored. Try giving the fully qualified name of WebAppConfig as contextConfigLocation.
I am new to Spring Security and trying to figure out the exact flow of Spring-Security module,
Please suggest the right flow.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>OnlineTestProject</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security/applicationContext-security.xml
/WEB-INF/db/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>jsp/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
applicationContext-security.xml
<http use-expressions="true">
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
<intercept-url pattern="/jsp/login.jsp" access="permitAll" />
<logout logout-url="/j_spring_security_logout"
invalidate-session="true" />
<remember-me />
<session-management invalid-session-url="/jsp/login.jsp?loggedout=true">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<anonymous enabled='false'/>
</http>
What I know is, when the request comes for the application it will go in welcome-file-list for opening the jsp/login.jsp in my case, so it will directly open jsp/login.jsp page, but as we keep security, so it will go inside applicationContext-security.xml and check whether jsp/login.jsp needs to be filter or not and so on....then where does
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
will come in picture, also as per I know is it should go to "/jsp/login.jsp" page for login and if the credentials succes then it should go to /jsp/index.jsp, but it is opening /jsp/index.jsp page first....
can some one please guide me the correct flow.
thanks
i am developing on two different machines with almost the same specs (Win 7, eclipse juno, tomcat 7) and the source checked out from github.
But on my laptop i have a different url behaviour than on my workstation.
Entering
http://localhost:8080/jeiwomisa/auth/login.xhtml
works on my laptop but not my workstation.
On my workstation i have to use:
http://localhost:8080/jeiwomisa/faces/auth/login.xhtml
The difference is the "/faces/" part. This is the same for all links.
I dont understand that as i think i have the same configuration on both machines.
I am not sure which configuration exactly is needed for this problem, so i just post my web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/app/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- pretty faces -->
<filter>
<filter-name>Pretty Filter</filter-name>
<filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Pretty Filter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<context-param>
<param-name>com.ocpsoft.pretty.BASE_PACKAGES</param-name>
<param-value>de.sveri.jeiwomisa.managed</param-value>
</context-param>
<!-- Project Stage Level -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<!-- JSF Servlet is defined to container -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
And this is my security-app-context.xml where the login.xhtml is defined:
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/test/**" access="permitAll" />
<intercept-url pattern="/tasks/**" access="isAuthenticated()" />
<!-- <intercept-url pattern="/**" access="denyAll" /> -->
<form-login login-page="/auth/login.xhtml" />
</http>
<context:annotation-config />
<b:bean id="userRepositoryImpl" class="de.sveri.jeiwomisa.model.UserRepositoryImpl"
autowire="byType">
</b:bean>
<b:bean id="passwordEncoder"
class="org.springframework.security.crypto.password.StandardPasswordEncoder">
</b:bean>
<authentication-manager>
<authentication-provider user-service-ref="userRepositoryImpl">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
If you need to you can find the complete code at: github code
Best Regards,
Sven
you should add servlet mapping for both applications. try to add following code to youe web.xml file.
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
Strange. Try clearing your browser cache? Your configuration certainly appears correct.