Getting error while adding spring security lib - spring

I have found some solutions but they didn't worked for me. I added libraries to project but I am getting this error. I could reach security libraries from my controller classes. Any idea?
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]
Offending resource: ServletContext resource [/WEB-INF/spring-security.xml]
This my spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="test" password="123" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>

Use http://www.springframework.org/schema/security/spring-security-3.0.xsd as your namespace instead.

to avoid
"org.xml.sax.SAXParseException: schema_reference.4: Failed to read
schema document 'springframework.org/schema/security/…;, because 1)
could not find the document; 2) the document could not be read; 3) the
root element of the document is not <xsd:schema>."
change springframework.org/schema/security/spring-security-3.1.4.xsd to springframework.org/schema/security/spring-security-3.1.xsd

Related

<http> and <authentication-manager> tags are not working in spring security

My spring security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true">
<intercept-url pattern="/admin**" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="suvajit" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
i am using
org.springframework.security.config-3.0.3.RELEASE.jar
org.springframework.security.core-3.0.3.RELEASE.jar
org.springframework.security.web-3.0.2.RELEASE.jar
for spring security..
It is giving me compilation error
cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'authentication-manager
and multiple annotations found at this line:
schema_reference.4: Failed to read schema document 'http://www.springframework.org/schema/security/
spring-security-3.2.xsd', because
could not find the document;
the document could not be read;
the root element of the document is not .
cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'http'.
for authentication-manager and http tags respectively
please clarify me where i am wrong
Your jars are
org.springframework.security.config-3.0.3.RELEASE.jar
org.springframework.security.core-3.0.3.RELEASE.jar
org.springframework.security.web-3.0.2.RELEASE.jar
But your xml document references version 3.2 - make them compatible, by upgrading your jars to 3.2.3 RELEASE version.

Spring config file namespace resolve

Problem in my Spring bean configuration file. I am using Spring Tool Suite 3.4 and Spring 3.1.1 jars (MVC, jdbc, security). This is just an warning in IDE but when the application is loading into APP Server it is showing the following error
Spring Configuration File - login-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<beans:import resource='login-service.xml'/>
<security:http>
<security:intercept-url pattern='/home*' access='ROLE_USER,ROLE_ADMIN' />
<security:intercept-url pattern='/admin*' access='ROLE_ADMIN' />
<security:form-login login-page='/login.jsp' default-target-url='/home' authentication-failure-url='/login.jsp?error=true'/>
<security:logout logout-success-url='/login.jsp' />
<security:anonymous username='guest' granted-authority='ROLE_GUEST'/>
<security:remember-me/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref='myDataSource'
users-by-username-query="select username, password, 'true' as enabled from USER_DETAILS where username=?"
authorities-by-username-query="select USER_DETAILS.username , USER_AUTH.AUTHORITY as authorities from USER_DETAILS,USER_AUTH
where USER_DETAILS.username = ? AND USER_DETAILS.username=USER_AUTH.USERNAME"></security:jdbc-user-service>
</security:authentication-provider>
</security:authentication-manager>
WARNING. ERROR IN CONSOLE - org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security]
Offending resource: ServletContext resource [/WEB-INF/spring/appServlet/login-security.xml]
I think you are probably missing the spring security config dependency in your pom.
try adding this to your pom.xml
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>3.1.1.RELEASE</version>
</dependency>
Hope this helps.

Vaadin 7.1 + Spring-Security Integration running in Tomcat Server

Im new on vaadin and spring security, I want to know if anyone had a complete project example of the vaadin 7.1 + spring-security integration running in a tomcat server (not in jetty).
Vaadin 7 easy integrate with Spring Security. You should configure only 2 files. First - web.xml and second one spring-security.xml (user credentials and security settings). This is small example how to use base form for authentification.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Vaadin7SpringSecurity</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- filter declaration for Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config='true'>
<intercept-url pattern="/*" access="ROLE_USER" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="password" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
For more details, how to extend spring-security.xml configuration you can use Spring resources.
You should have a look on this GitHub project. This is a Vaadin 7.1 + Spring 3.1.2.RELEASE + Spring-Vaadin integration 2.0.1 project. There is also a Jetty plugin inside, but you can run/deploy it also in tomcat without problems.
Here is a little project that integrates Vaadin and Spring Security. It's done in Scala, but obviously works in Java as well. Code is here.
For referring the above example by using the latest spring-security, I encountered the following errors and provide my soultions:
Error1
Context initialization failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: You cannot use a spring-security-2.0.xsd or spring-security-3.0.xsd or spring-security-3.1.xsd schema or spring-security-3.2.xsd schema with Spring Security 4.0. Please update your schema declarations to the 4.0 schema.
You should check your spring-* version and update the header tag of spring-security.xml.
For example: I use spring-beans-4.1.6.RELEASE and
spring-security-4.0.2.RELEASE. So I update it as:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
Error2
HTTP Status 500 - Failed to evaluate expression 'ROLE_USER'
...
Caused by: org.springframework.expression.spel.SpelEvaluationException: EL1008E:(pos 0): Property or field 'ROLE_USER' cannot be found on object of type 'org.springframework.security.web.access.expression.WebSecurityExpressionRoot' - maybe not public?
...
According to hints of this resource, you should revise intercept-url tag as following:
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
Error3
HTTP Status 403 - Expected CSRF token not found. Has your session expired?
That's because spring-security enables CSRF protection by default which conflicts with Vaadin. You should add a new tag inside http :
<csrf disabled="true" />
Here's my complete spring-security.xml for reference:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config='true'>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<csrf disabled="true" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="yourUsername" password="yourPassoword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>

Cannot find the declaration of element 'beans:beans

I am try for role based access in spring but got the following error:-
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'http'.
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:195)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:131)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:384)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:318)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:410)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3165)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1898)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:685)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:400)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2740)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:647)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:140)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:508)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:807)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:737)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:107)
And here is my spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="a" password="1" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Seems, the required library files for Spring Security aren't at right place. Are you using Maven and have maven dependency of Spring Security library files in your pom.xml file?
If it is then do a maven clean-up and have a try again. Otherwise you can place Spring security library files in the class-path directly.
Please check if application has the necessary spring security library files in the classpath (if you are using Maven, check pom.xml file). Also, check for other Spring related xml files for syntax errors (or please post them also).

Spring "alias is required"

I'm new in Spring and I'm trying to create a application using Spring Blazeds Integration (Flex + Blazeds + Spring + Java) and when I run the application I got this error:
02:51:21,852 INFO [XmlBeanDefinitionReader] Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/security-config.xml]
02:51:23,937 ERROR [ContextLoader] Context initialization failed
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: alias is required.
Offending resource: ServletContext resource [/WEB-INF/spring/security-config.xml]
The security-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:security="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<security:http>
<security:anonymous enabled="false" />
<security:form-login default-target-url="/myContext/Index.html"
login-page="/myContext/Login.html" />
<security:remember-me key="myAppKey" services-ref="rememberMeServices" />
</security:http>
<beans:bean id="rememberMeServices"
class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:property name="key" value="myAppKey" />
<beans:property name="alwaysRemember" value="true" />
</beans:bean>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="john" password="john" authorities="ROLE_USER" />
<security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
<security:user name="guest" password="guest" authorities="ROLE_GUEST" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans:beans>
I'm using spring-flex 1.5.0, spring-security 2.0.6 and Spring 3.0.
Any ideas what is the problem?
Thanks in advance,
Andre
I'm not very sure, but try to put an alias in security:authentication-manager:
<security:authentication-manager alias="authenticationManager">
Why don't you use Spring security 3?
As listed in the reference manual, Spring Flex 1.5.0 will not work with Spring Security 2. You must use Spring Security 3.
Other than this, jbbarquero is correct, assuming this is actually your problem.

Resources