Spring application is not being secured - spring

***Hi, I am trying to secure my Spring MVC application. The problem is myurl/myapp /viewAllPersons.do is not being secured.
Thanks in advance for your help.*
here is my config
Here is my web.xml
---------------------
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- we've already configured Spring-MVC for you - nothing to do here! -->
<servlet>
<servlet-name>Dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
</web-app>
Here is my Dispatcher-servlet.xml
----------------------------
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<!-- Message bundle -->
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basename" value="messages"/>
</bean>
<import resource="/application.xml"/>
<import resource="/spring-security.xml"/>
<bean class="org.springframework.web.servlet.view.ResourceBundleViewResolver">
<property name="basename" value="views"/>
<property name="order" value="1"/>
</bean>
<bean class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/"/>
<property name="suffix" value=".jsp"/>
<property name="order" value="2"/>
</bean>
<context:component-scan base-package="com.bookme.control"/>
<mvc:annotation-driven/>
</beans>
Here is my spring-security.xml
-------------------------
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config='true' use-expressions="true">
<intercept-url pattern="/index.jsp" access="permitAll" />
<intercept-url pattern="/secure/extreme/**" access="hasRole('administrator')" />
<intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/viewAllPersons" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/viewCalendar" access="hasAnyRole('administrator','staff')" />
<intercept-url pattern="/**" access="denyAll" />
<form-login />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="sanju" password="sanju" authorities="staff, user" />
<user name="admin" password="admin" authorities="administrator" />
<user name="peter" password="opal" authorities="user" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>


Adding the following solved the problem
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>

Related

Configuring DelegatingFilterProxy using spring security

I am trying custom filter with oauth authentication using spring security DelegatingFilterProxy below is my configuration
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
servlet-context.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<!-- <mvc:resources mapping="/" location="/index.html" /> -->
<mvc:resources mapping="/js/**" location="/assets/js/" />
<mvc:resources mapping="/css/**" location="/assets/css/" />
<mvc:resources mapping="/templates/**" location="/assets/templates/" />
<mvc:resources mapping="/lib/**" location="/assets/lib/" />
<mvc:resources mapping="/lib/css/**" location="/assets/lib/css/" />
<mvc:resources mapping="/lib/js/**" location="/assets/lib/js/" />
<mvc:resources mapping="/lib/fonts/**" location="/assets/lib/fonts/" />
<mvc:resources mapping="/img/**" location="/assets/img/" />
<mvc:annotation-driven />
<mvc:default-servlet-handler />
<sec:http pattern="/template/**" security="none"></sec:http>
<sec:http pattern="/css/**" security="none"></sec:http>
<sec:http pattern="/js/**" security="none"></sec:http>
<sec:http pattern="/lib/**" security="none"></sec:http>
<sec:http pattern="/lib/css/**" security="none"></sec:http>
<sec:http pattern="/lib/js/**" security="none"></sec:http>
<sec:http pattern="/lib/fonts/**" security="none"></sec:http>
<sec:http pattern="/img/**" security="none"></sec:http>
<sec:http entry-point-ref="oAuth2AuthenticationEntryPoint">
<sec:anonymous enabled="false"></sec:anonymous>
<sec:custom-filter ref="oAuth2Filter" after="SECURITY_CONTEXT_FILTER"></sec:custom-filter>
<sec:intercept-url pattern="/**" access="ROLE_USER"></sec:intercept-url>
</sec:http>
<sec:authentication-manager alias="upmAuthenticationManager"></sec:authentication-manager>
<!-- Configure to plugin JSON as request and response in method handler -->
<bean
class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
<property name="messageConverters">
<list>
<ref bean="jsonMessageConverter" />
</list>
</property>
</bean>
<bean id="oAuth2AuthenticationEntryPoint" class="com.upm.oAuth.OAuthAuthenticationEntryPoint">
<constructor-arg value="/index.html"></constructor-arg>
</bean>
<bean id="oAuthEnd" name="oAuthEnd" class="com.upm.oAuth.OAuthEndServlet">
<property name="oAuth2Filter" ref="oAuth2Filter" />
</bean>
<bean id="oAuth2Filter" class="com.upm.oAuth.OAuth2Filter">
<property name="clientID" value="xxx" />
<property name="clientSecret" value="xxx" />
<property name="serviceURL" value="https://" />
</bean>
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location">
<value>classpath:database.properties</value>
</property>
</bean>
<!-- Configure bean to convert JSON to POJO and vice versa -->
<bean id="jsonMessageConverter"
class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
</bean>
The application got deployed successfully and when trying to access the below URL. I am getting the Exception
http://localhost:8082/contex-path/index.html or
http://localhost:8082/contex-path
Exception
INFO: Starting ProtocolHandler ["http-bio-8082"]
Exception in thread "http-bio-8082-exec-1" java.lang.StackOverflowError
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:246)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
Could anyone please help me on the issue?

LazyInitializationException: could not initialize proxy - no Session in Spring and Hibernate

I'm getting this error: "org.hibernate.LazyInitializationException: could not initialize proxy - no Session" in my webapp. I use Spring and Hibernate, and I execute the queries with "sessionFactory.getCurrentSession()".
I read a lot about this problem, so I tried with the answers that I found, but it doesn't work.
I'm currently using "OpenSessionInViewFilter" and "OpenSessionInViewInterceptor".
I attach my configuration files.
Thank you in advance.
Stack trace
org.hibernate.LazyInitializationException: could not initialize proxy - no Session
at org.hibernate.proxy.AbstractLazyInitializer.initialize(AbstractLazyInitializer.java:149)
at org.hibernate.proxy.AbstractLazyInitializer.getImplementation(AbstractLazyInitializer.java:195)
at org.hibernate.proxy.pojo.javassist.JavassistLazyInitializer.invoke(JavassistLazyInitializer.java:185)
at involve.gbi.persistence.entities.Actividad_$$_javassist_33.getDireccion(Actividad_$$_javassist_33.java)
at involve.gbi.cro.business.data.model.HibernateCRODCM.addActividadesToWc(HibernateCRODCM.java:676)
at involve.gbi.cro.business.data.model.HibernateCRODCM.generateWorkingCalendars(HibernateCRODCM.java:370)
at involve.gbi.cro.business.algorithm.CROVisitsAlgorithmPeriodByPeriodDayByDay.setIntervaloOptimizacionActivo(CROVisitsAlgorithmPeriodByPeriodDayByDay.java:126)
at involve.gbi.cro.business.algorithm.CROVisitsAlgorithmPeriodByPeriodDayByDay.run(CROVisitsAlgorithmPeriodByPeriodDayByDay.java:738)
applicationContext.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:task="http://www.springframework.org/schema/task" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.2.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.2.xsd ">
<context:annotation-config />
<context:component-scan base-package="example.gbi" />
<!-- <context:property-placeholder location="classpath:appConfig.properties,classpath:jdbc.properties"
system-properties-mode="OVERRIDE" ignore-unresolvable="true" /> -->
<!-- <import resource="spring-ws-config.xml"/> -->
<import resource="database-config.xml" />
<import resource="application-security.xml"/>
</beans>
application-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<http auto-config="false" use-expressions="true" disable-url-rewriting="true" create-session="ifRequired">
<intercept-url pattern="/admin**" access="hasRole('Administrator')" />
<intercept-url pattern="/admin/j_spring_security_check" access="permitAll"/>
<intercept-url pattern="/admin/login.jsp" access="permitAll" />
<intercept-url pattern="/admin/logout.jsp" access="permitAll" />
<intercept-url pattern="/admin/accessdenied.jsp" access="permitAll" />
<form-login login-page="/admin/login.jsp" login-processing-url="/admin/j_spring_security_check" default-target-url="/admin/api/welcome" authentication-failure-url="/admin/accessdenied.jsp" />
<logout logout-success-url="/admin/logout.jsp" />
</http>
<authentication-manager erase-credentials="false">
<authentication-provider user-service-ref="myUserDetailsService" />
</authentication-manager>
<beans:bean name="myUserDetailsService" class="security.UserDetailService" />
</beans:beans>
database-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- <context:property-placeholder location="classpath:persistence-mysql.properties" /> -->
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="configLocation">
<value>
classpath:hibernate.cfg.xml
</value>
</property>
</bean>
<bean id="txManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="txManager" />
<!-- The transaction advice - setting attributes for transactions -->
<tx:advice id="txAdvice" transaction-manager="txManager">
<tx:attributes>
<tx:method name="get*" read-only="true" />
<tx:method name="find*" read-only="true" />
<tx:method name="add*" propagation="REQUIRED" />
<tx:method name="update*" propagation="REQUIRED" isolation="SERIALIZABLE" />
<tx:method name="remove*" propagation="REQUIRED" isolation="SERIALIZABLE" />
<tx:method name="*" />
</tx:attributes>
</tx:advice>
<!-- Establish the AOP transaction cross cutting concern and define which classes/methods are transactional -->
<aop:config>
<aop:pointcut id="serviceOperations" expression="execution(* persistence.manager.*.*(..))" />
<aop:advisor advice-ref="txAdvice" pointcut-ref="serviceOperations" />
</aop:config>
<bean id="persistenceExceptionTranslationPostProcessor"
class="org.springframework.dao.annotation.PersistenceExceptionTranslationPostProcessor" />
</beans>
hibernate.cfg.xml
<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE hibernate-configuration PUBLIC
"-//Hibernate/Hibernate Configuration DTD 3.0//EN"
"http://hibernate.sourceforge.net/hibernate-configuration-3.0.dtd" >
<hibernate-configuration>
<session-factory>
<property name="show_sql">true</property>
<property name="hibernate.connection.datasource">java:comp/env/jdbc/CRO</property>
<property name="hibernate.dialect">org.hibernate.dialect.PostgreSQLDialect</property>
<property name="hibernate.jdbc.batch_size">0</property>
<property name="hibernate.c3p0.min_size">1</property>
<property name="hibernate.c3p0.max_size">300</property>
<property name="hibernate.c3p0.acquireIncrement">5</property>
<property name="hibernate.c3p0.idle_test_period">10</property>
<property name="hibernate.c3p0.timeout">600</property>
<property name="hibernate.c3p0.validate">true</property>
<property name="hibernate.cache.region.factory_class">org.hibernate.cache.ehcache.EhCacheRegionFactory</property>
<property name="hibernate.cache.use_second_level_cache">true</property>
<property name="hibernate.cache.use_query_cache">true</property>
<property name="hibernate.generate_statistics">true</property>
<property name="configLocation">hibernate.cfg.xml"</property>
<mapping class="persistence.entities.LocationTrack"/>
··· A lot of mappings class ···
<mapping class="persistence.entities.VisitaHistorico"/>
</session-factory>
</hibernate-configuration>
mvc-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:jpa="http://www.springframework.org/schema/data/jpa"
xsi:schemaLocation="http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.2.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.2.xsd
">
<context:component-scan base-package="example.*" />
<mvc:annotation-driven>
<mvc:message-converters register-defaults="true">
<bean class="web.configuration.GsonHttpMessageConverter" >
<property name="supportedMediaTypes" value = "application/json;charset=UTF-8" />
</bean>
</mvc:message-converters>
</mvc:annotation-driven>
<mvc:interceptors>
<bean class="org.springframework.orm.hibernate4.support.OpenSessionInViewInterceptor">
<property name="sessionFactory">
<ref local="sessionFactory"/>
</property>
</bean>
</mvc:interceptors>
<import resource="applicationContext.xml"/>
<!-- Resolves views selected for rendering by #Controllers to .jsp resources
in the /WEB-INF/views directory -->
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/" />
<property name="suffix" value=".jsp" />
</bean>
<task:annotation-driven />
<mvc:resources mapping="/resources/**" location="/www/" />
</beans>
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>CROQueryServletTesting</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<filter>
<filter-name>OpenSessionInViewFilter</filter-name>
<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>OpenSessionInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>SERVLET-REST</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<async-supported>true</async-supported>
</servlet>
<servlet-mapping>
<servlet-name>SERVLET-REST</servlet-name>
<url-pattern>/admin/api/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SERVLET-REST</servlet-name>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>SERVLET-REST</servlet-name>
<url-pattern>/CROBasicQueryServlet</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:applicationContext.xml</param-value>
</context-param>
<servlet>
<description></description>
<display-name>CROLocationTrackingServlet</display-name>
<servlet-name>CROLocationTrackingServlet</servlet-name>
<servlet-class>web.CROLocationTrackingServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>CROLocationTrackingServlet</servlet-name>
<url-pattern>/CROLocationTrackingServlet</url-pattern>
</servlet-mapping>
</web-app>

It looks like you are starting a thread (the stacktrace is short, doesn't have any servlet handling code and starts with a run-method) and then manipulate objects loaded by hibernate. Since hibernate associates it's sessions to execution threads, it cannot find the session associated with the thread you started.
You should:
Not start a new thread. Or
Load the objects in the thread that manipulates them (only pass ids from one thread to another, not loaded objects). Or
Load the objects fully before passing the objects to the thread that manipulates them.

spring security mvc application noHandler found

I am new to spring MVC with security and I am getting following error whenever I access a page. Also, images, js, and CSS files do not load.
Mar 25, 2014 11:34:14 AM org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/sam/img/hagal_logo.png] in DispatcherServlet with name 'mvc-dispatcher' Mar 25, 2014 11:34
org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/sam/bootstrap/js/bootstrap.min.js] in DispatcherServlet with name 'mvc-dispatcher' Mar 25, 2014 11:34:14 AM
org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/sam/js/jquery.actual.min.js] in DispatcherServlet with name 'mvc-dispatcher' Mar 25, 2014 11:34:14 AM
org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/sam/js/jquery.min.js] in DispatcherServlet with name 'mvc-dispatcher' Mar 25, 2014 11:34:14 AM
org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/sam/js/lib/jquery-validation/jquery.validate.js] in DispatcherServlet with name 'mvc-dispatcher'
<web-app xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>Some</display-name>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml,
classpath:spring-security.xml</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and here is my dispatcher-servlet
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<context:component-scan base-package="com.quad.controller" />
<context:component-scan base-package="com.quad.dao" />
<context:component-scan base-package="com.quad.entity" />
<context:component-scan base-package="com.quad.service" />
<context:property-placeholder location="classpath:database.properties" />
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean id="transactionManager"
class="org.springframework.orm.hibernate3.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/jsp/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${database.driver}" />
<property name="url" value="${database.url}" />
<property name="username" value="${database.user}" />
<property name="password" value="${database.password}" />
</bean>
<bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.show_sql">${hibernate.show_sql}</prop>
<prop key="hibernate.hbm2ddl.auto">${hibernate.hbm2ddl.auto}</prop>
</props>
</property>
</bean>
and this is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/welcome" access="ROLE_USER" />
<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
<form-login login-page="/login.html"
default-target-url="/login-success.html"
authentication-failure-url="/login-error.html" />
<logout logout-success-url="/index.html" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>

Please add mvc namespace.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<mvc:resources mapping="/js/**" location="/js/**" /> //whatever ur path of js and images is.
<mvc:annotation-driven />

In addition to #Shoaib Chikate's answer, JavaConfig version :
In your app config java file please add :
#Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/js/**").addResourceLocations("/js/");
}

spring security. forward after login page

It is snippet from spring security config:
<form-login login-page="/home.jsp"
authentication-failure-url="/loginFailed" default-target-url="/index" />
<logout logout-success-url="/logOut" />
But if I enter successfull I was forward to /logOut
if click log out - go to home.jsp .
if failed login - home.jsp
What is the strange behaviour?
update
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
</welcome-file-list>
</web-app>
root-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<!-- Настраивает управление транзакциями с помощью аннотации #Transactional -->
<!-- -->
<import resource="classpath:spring/BeanConfig.xml" />
<!-- Файл с настройками Security -->
<import resource="security_config.xml" />
<!-- <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource‌​"> -->
<!-- <property name="basename" value="/WEB-INF/messages/messages" /> -->
<!-- </bean> -->
</beans>
securuty_config.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http use-expressions="true" >
<intercept-url pattern="/home.jsp" access="permitAll" />
<intercept-url pattern="/*" access="isAuthenticated()"/>
<form-login login-page="/home.jsp"
authentication-failure-url="/loginFailed" default-target-url="/index" />
<logout logout-success-url="/logOut" />
</http>
<authentication-manager>
<authentication-provider ref="provider" />
<!-- <authentication-provider> -->
<!-- <user-service> -->
<!-- <user name="name" authorities="ROLE_USER"/> -->
<!-- </user-service> -->
<!-- </authentication-provider> -->
</authentication-manager>
</beans:beans>
form authenthification fragment:
<form method="POST" action="<c:url value="/j_spring_security_check" />"

Hi #user2740224 can you try in security_config.xml something like this:
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<http use-expressions="true" >
<intercept-url pattern="/index*" access="isAuthenticated()" />
<form-login login-page="/home" default-target-url="/index" always-use-default-target="true" authentication-failure-url="/loginFailed" />
<logout logout-success-url="/home" delete-cookies="JSESSIONID" invalidate-session="true" />
...
</http>
I hope help you :)

Problem trying to use spring security with my jsp aplication

It's seems so easy to use spring security following a tutorial, but when I try to do the same with this app I can get it to work (I must admit that I haven't written ) .
/-----------------Edit-------------------/
Now with the help of some great people, I finally got the application to ask the user to authenticate himself,but now I've run into a new problem: When I try to access the application using one of the users listed below(applicationContext-security.xml), I get this message :
Here's web.xml code:
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>*.htm</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/applicationContext-security.xml</param-value>
</context-param>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>403</error-code>
<location>/sinacceso.jsp</location>
</error-page>
</web-app>
context.xml :
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/Test01"/>
dispatcher-servlet.xml:
<!DOCTYPE beans PUBLIC "-//SPRING//DTD BEAN//EN" "http://www.springframework.org/dtd/spring-beans.dtd">
<beans>
<!-- GENERALES -->
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.tiles2.TilesView" />
</bean>
<bean id="tilesConfigurer"
class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
<bean name="/index.htm" class="paginas.index"/>
<bean name="secure/villancicos.htm" class="paginas.villancicos"/>
<bean name="secure/administracion.htm" class="paginas.administracion"/>
</beans>
applicationContext-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http>
<intercept-url pattern="/index.htm" filters="none" />
<intercept-url pattern="/secure/administracion.htm" access="ROLE_SUPERVISOR" />
<intercept-url pattern="/secure/**" access="ROLE_USER" />
<form-login />
<anonymous />
<http-basic />
<logout logout-success-url="/index.htm" />
</http>
<authentication-manager alias="myAuthenticationManager">
<authentication-provider>
<password-encoder hash="md5"/>
<user-service>
<user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
<user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
<user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
<user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
This application is currently using spring 2.5 with spring-security-2.0.4 (the same version from the tutorial I've been following).

Have you tried what the error suggests and added an alias attribute to your authentication-manager? Something like:
<authentication-manager alias="myAuthenticationManager">
<authentication-provider>
...

Resources