My project fully conects to the database to load all data but Spring Security throws me the following exception
10:58:08 WARN [JDBCExceptionReporter] SQL Error: 0, SQLState: null
10:58:08 ERROR [JDBCExceptionReporter] com.mchange.v2.c3p0.ComboPooledDataSource [ java.beans.IntrospectionException: java.lang.reflect.InvocationTargetException [numThreadsAwaitingCheckoutDefaultUser] ] has been closed()
here are is my spring security configuration class
<http auto-config="true" use-expressions="false" authentication-manager-ref="authManager" access-decision-manager-ref="accessDecisionManager"
access-denied-page="/unauthorized">
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<form-login
login-processing-url="/j_login"
authentication-failure-url="/login?erro=usuarioIncorreto"
always-use-default-target="false"
login-page="/login"
default-target-url="/" />
<logout invalidate-session="true"
logout-success-url="/login"
logout-url="/j_logout"
delete-cookies="JSESSIONID" />
<session-management invalid-session-url="/login?erro=novaSessao"
session-fixation-protection="newSession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" />
</session-management>
</http>
<authentication-manager >
<authentication-provider user-service-ref="securityServiceTrack">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased">
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
-->
And here is my web.xml:
<display-name>Track Go Web</display-name>
<!-- ******************************************************* -->
<!-- Configuração do Spring -->
<!-- ******************************************************* -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/spring/applicationContext.xml
/WEB-INF/config/spring/applicationContext-persistence.xml
/WEB-INF/config/spring/applicationContext-security.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<!-- OpenEntityManagerInViewFilter -->
<filter>
<filter-name>OpenEntityManagerInViewFilter</filter-name>
<filter-class>
org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ******************************************************* -->
<!-- Configuração do SiteMesh -->
<!-- ******************************************************* -->
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>org.sitemesh.config.ConfigurableSiteMeshFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- ******************************************************* -->
<!-- Configuração do VRaptor3 -->
<!-- ******************************************************* -->
<context-param>
<param-name>br.com.caelum.vraptor.encoding</param-name>
<param-value>UTF-8</param-value>
</context-param>
<!-- Define Messages Bundle -->
-->
javax.servlet.jsp.jstl.fmt.localizationContext</param-name>-->
messages</param-value>-->
-->
javax.servlet.jsp.jstl.fmt.locale
pt_BR
-->
vraptor.jasperMaker</param-name>-->
/WEB-INF/reports</param-value>-->
-->
<filter>
<filter-name>vraptor</filter-name>
<filter-class>br.com.caelum.vraptor.VRaptor</filter-class>
</filter>
<filter-mapping>
<filter-name>vraptor</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
Here is my persintence configuration file
<!-- ********************************************* -->
<!-- DataSource condfig-->
<!-- ********************************************* -->
<context:property-placeholder location="classpath:configuracoes.properties" />
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource" destroy-method="close">
<property name="driverClass" value="${trackgoweb.jdbc.driverclass}" />
<property name="jdbcUrl" value="${trackgoweb.jdbc.url}" />
<property name="user" value="${trackgoweb.jdbc.username}" />
<property name="password" value="${trackgoweb.jdbc.password}" />
<property name="maxPoolSize" value="10" />
<property name="maxStatements" value="0" />
<property name="minPoolSize" value="3" />
<property name="checkoutTimeout" value="30000" />
</bean>
<!-- Configuraçãoes relativas a acesso a dados -->
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="dataSource" ref="dataSource"/>
<property name="jpaDialect">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect"></bean>
</property>
<property name="jpaVendorAdapter">
<bean
class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="showSql" value="true" />
<property name="databasePlatform" value="org.hibernate.dialect.PostgreSQLDialect" />
</bean>
</property>
<property name="jpaProperties">
<props>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.query.substitutions">true 'S',false 'N',yes 'S',no 'N'</prop>
<prop key="hibernate.query.jpaql_strict_compliance">true</prop>
<prop key="hibernate.hbm2ddl.auto">update</prop>
</props>
</property>
</bean>
<!-- Transaction Manager exclusivo para JPA -->
<bean id="transactionManager"
class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory"/>
<property name="jpaDialect">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaDialect"></bean>
</property>
</bean>
I solved the issue by removing the session closure on distroy on the datasource bean
<context:property-placeholder location="classpath:configuracoes.properties" />
<bean id="dataSource" class="com.mchange.v2.c3p0.ComboPooledDataSource">
<property name="driverClass" value="${trackgoweb.jdbc.driverclass}" />
<property name="jdbcUrl" value="${trackgoweb.jdbc.url}" />
<property name="user" value="${trackgoweb.jdbc.username}" />
<property name="password" value="${trackgoweb.jdbc.password}" />
<property name="maxPoolSize" value="10" />
<property name="maxStatements" value="0" />
<property name="minPoolSize" value="3" />
<property name="checkoutTimeout" value="30000" />
</bean>
Related
I am implementing OAuth2 with spring, getting access_token but when i call Rest API along with access_token it gives 404: Not Found error.
Web.xml file
<?xml version="1.0" encoding="ISO-8859-1"?>
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
Restful Web Application
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring-context.xml</param-value>
<param-value>classpath:spring-security-oauth2.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.dpdocter.webservices;com.dpdocter.beans</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Dispatcher Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-secuirty-oauth2.xml file
<?xml version="1.0" encoding="UTF-8" ?>
<http pattern="/oauth/token" create-session="stateless"
authentication-manager-ref="clientAuthenticationManager" xmlns="">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request
parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter"
after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<http pattern="/api/**" create-session="stateless"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager" xmlns="">
<anonymous enabled="false" />
<intercept-url pattern="/api/**" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>
<bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="test" />
</bean>
<bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="test/client" />
<property name="typeName" value="Basic" />
</bean>
<bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
<bean class="org.springframework.security.access.vote.RoleVoter" />
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</list>
</constructor-arg>
</bean>
<authentication-manager id="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>
<!-- This is simple authentication manager, with a hardcoded user/password
combination. We can replace this with a user defined service to get few users
credentials from DB -->
<authentication-manager alias="authenticationManager"
xmlns="http://www.springframework.org/schema/security">
<authentication-provider>
<user-service>
<user name="java" password="java" authorities="ROLE_APP" />
</user-service>
</authentication-provider>
</authentication-manager>
<bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<constructor-arg ref="clientDetails" />
</bean>
<!-- This defined token store, we have used inmemory tokenstore for now
but this can be changed to a user defined one -->
<bean id="tokenStore"
class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" />
<!-- This is where we defined token based configurations, token validity
and other things -->
<bean id="tokenServices"
class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<property name="tokenStore" ref="tokenStore" />
<property name="supportRefreshToken" value="true" />
<property name="accessTokenValiditySeconds" value="12000000" />
<property name="clientDetailsService" ref="clientDetails" />
</bean>
<bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
<property name="tokenServices" ref="tokenServices" />
</bean>
<oauth:authorization-server
client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code />
<oauth:implicit />
<oauth:refresh-token />
<oauth:client-credentials />
<oauth:password />
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter"
resource-id="test" token-services-ref="tokenServices" />
<oauth:client-details-service id="clientDetails">
<!-- client -->
<oauth:client client-id="restapp"
authorized-grant-types="authorization_code,client_credentials"
authorities="ROLE_APP" scope="read,write,trust" secret="secret" />
<oauth:client client-id="restapp"
authorized-grant-types="authorization_code,password,refresh_token,implicit"
secret="restapp" scope="read,write,trust" authorities="ROLE_APP" />
</oauth:client-details-service>
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<mvc:annotation-driven />
<mvc:default-servlet-handler />
Here **/api/**** is path for my REST API.
Getting Token :
http://localhost:8080/myapp/oauth/token?grant_type=password&client_id=restapp&client_secret=restapp&username=java&password=java
Response : {"access_token":"21e165a4-0df9-4452-9e1e-491025b6cf9b","token_type":"bearer","refresh_token":"e5afd74f-5e28-4879-b066-e672fade2ec3","expires_in":11999999,"scope":"read trust write"}
But when calling API
http://localhost:8080/myapp/api/getList?access_token=21e165a4-0df9-4452-9e1e-491025b6cf9b
Gives 404 Not found error
I know this is all over SO but i'm still unable to figure it out.
I ran into this exception (could not initialize proxy - no Session) when jackson tries to json-size my classes, googled it, found the famous OpenEntityManagerInViewFilter solution, added it but nothing happens.
Here is my web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>Propspace API</display-name>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- <context-param> -->
<!-- <param-name>log4jConfigLocation</param-name> -->
<!-- <param-value>WEB-INF/log4j.properties</param-value> -->
<!-- </context-param> -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security.xml
/WEB-INF/spring-servlet.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>openEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
<init-param>
<param-name>entityManagerFactoryBeanName</param-name>
<param-value>entityManagerFactoryRead</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>openEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>HttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>HttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- <listener> -->
<!-- <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class> -->
<!-- </listener> -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
</web-app>
And here is my servlet config:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oxm="http://www.springframework.org/schema/oxm" xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:lang="http://www.springframework.org/schema/lang" xmlns:jpa="http://www.springframework.org/schema/data/jpa"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util" xmlns:javaee="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:ehcache="http://ehcache-spring-annotations.googlecode.com/svn/schema/ehcache-spring"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/oxm http://www.springframework.org/schema/oxm/spring-oxm-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/data/jpa
http://www.springframework.org/schema/data/jpa/spring-jpa.xsd
http://www.springframework.org/schema/data/repository
http://www.springframework.org/schema/data/repository/spring-repository-1.5.xsd
http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://ehcache-spring-annotations.googlecode.com/svn/schema/ehcache-spring
http://ehcache-spring-annotations.googlecode.com/svn/schema/ehcache-spring/ehcache-spring-1.1.xsd">
<!-- <import resource="mongodb-context.xml" /> -->
<context:component-scan
base-package="com.propspace.api.mongo, com.propspace.api.controller, com.propspace.api.core.service, com.propspace.api.repository, com.propspace.api.helper">
<!-- <context:include-filter type="aspectj" -->
<!-- expression="com.propspace.api.mongo" /> -->
</context:component-scan>
<!-- Persistence config -->
<!-- Read related beans -->
<bean id="permissionsAspect" class="com.propspace.api.aspect.PermissionsAspect" />
<bean id="entityManagerFactoryRead"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<!-- <property name="persistenceXmlLocation" value="classpath:config/persistence-demo.xml"
/> -->
<property name="persistenceUnitName" value="read" />
<property name="dataSource" ref="dataSourceRead" />
<property name="packagesToScan" value="com.propspace.api.*" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="showSql" value="false" />
<property name="databasePlatform" value="org.hibernate.dialect.MySQLDialect" />
</bean>
</property>
</bean>
<bean id="dataSourceRead" class="com.jolbox.bonecp.BoneCPDataSource">
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="${JPA.read.jdbc.url}" />
<property name="username" value="${JPA.read.jdbc.user}" />
<property name="password" value="${JPA.read.jdbc.password}" />
<property name="partitionCount" value="5" />
<property name="maxConnectionsPerPartition" value="5" />
<property name="minConnectionsPerPartition" value="1" />
<property name="poolName" value="null" />
</bean>
<!-- Write related beans -->
<bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<!-- <property name="persistenceXmlLocation" value="classpath*:META-INF/persistence.xml"
/> -->
<property name="persistenceUnitName" value="write" />
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="com.propspace.api.*" />
<property name="jpaVendorAdapter">
<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<property name="database" value="MYSQL" />
<property name="showSql" value="false" />
</bean>
</property>
<!-- <property name="jpaProperties"> <props> <prop key="hibernate.hbm2ddl.auto">create-drop</prop>
</props> </property> -->
</bean>
<!-- Configure the data source bean -->
<bean id="dataSource" class="com.jolbox.bonecp.BoneCPDataSource">
<property name="driverClass" value="com.mysql.jdbc.Driver" />
<property name="jdbcUrl" value="${JPA.write.jdbc.url}" />
<property name="username" value="${JPA.write.jdbc.user}" />
<property name="password" value="${JPA.write.jdbc.password}" />
<property name="partitionCount" value="5" />
<property name="maxConnectionsPerPartition" value="5" />
<property name="minConnectionsPerPartition" value="1" />
<property name="poolName" value="null" />
</bean>
<!-- Sets up our transaction manager. -->
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="dataSource" ref="dataSource" />
<!-- <property name="sessionFactory" ref="sessionFactory" /> -->
<property name="entityManagerFactory" ref="entityManagerFactory" />
</bean>
<!-- End of write related beans -->
<bean id="jpaDialect" class="org.springframework.orm.jpa.vendor.HibernateJpaDialect" />
<bean
class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor">
<property name="defaultPersistenceUnitName" value="entityManagerFactory" />
</bean>
<bean id="sessionFactory" factory-bean="entityManagerFactory"
factory-method="getSessionFactory" />
<!-- <bean -->
<!-- class="org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor"
/> -->
<jpa:repositories base-package="com.propspace.api.repository" />
<!-- Defines our transaction manager for Transactional annotations. -->
<tx:annotation-driven transaction-manager="transactionManager" />
<!-- end of persistence config -->
<mvc:annotation-driven />
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/*" />
<bean name="openEntityManagerInViewInterceptor"
class="org.springframework.orm.jpa.support.OpenEntityManagerInViewInterceptor">
<property name="entityManagerFactory">
<ref bean="entityManagerFactoryRead"></ref>
</property>
</bean>
</mvc:interceptor>
</mvc:interceptors>
<bean id="jacksonMessageConverter"
class="org.springframework.http.converter.json.MappingJacksonHttpMessageConverter">
</bean>
<bean
class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
<property name="messageConverters">
<list>
<ref bean="jacksonMessageConverter" />
</list>
</property>
<property name="requireSession" value="false" />
</bean>
<context:property-placeholder location="classpath:application.properties" />
<!-- <context:annotation-config /> -->
<bean
class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" />
<!-- Most controllers will use the ControllerClassNameHandlerMapping above,
but for the index controller we are using ParameterizableViewController,
so we must define an explicit mapping for it. -->
<bean id="urlMapping"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
<property name="mappings">
<props>
<prop key="index.htm">indexController</prop>
</props>
</property>
</bean>
<bean
class="org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter"></bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/pages/" />
<property name="suffix" value=".jsp" />
</bean>
<!-- The index controller. -->
<bean name="indexController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController">
<property name="viewName" value="index" />
</bean>
<aop:aspectj-autoproxy />
<bean id="permissions" class="com.propspace.api.aspect.PermissionsAspect" />
<!-- Customized type conversion of error Messages - Message Bundle -->
<bean
class="org.springframework.context.support.ReloadableResourceBundleMessageSource"
id="messageSource">
<property name="basename" value="WEB-INF/i18n/application" />
</bean>
<!-- Cache -->
<!-- <cache:annotation-driven /> -->
<!-- Ehcache annotation config -->
<ehcache:annotation-driven cache-manager="ehCacheManager" />
<!-- <ehcache:config cache-manager="ehCacheManager"> <ehcache:evict-expired-elements
interval="60" /> </ehcache:config> -->
<bean id="ehCacheManager"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation">
<value>/WEB-INF/ehcache.xml</value>
</property>
<property name="shared">
<value>true</value>
</property>
</bean>
</beans>
And finally here is the full trace:
org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.propspace.api.core.domain.Contacts.landlordListings, could not initialize proxy - no Session
at org.hibernate.collection.internal.AbstractPersistentCollection.throwLazyInitializationException(AbstractPersistentCollection.java:566)
at org.hibernate.collection.internal.AbstractPersistentCollection.withTemporarySessionIfNeeded(AbstractPersistentCollection.java:186)
at org.hibernate.collection.internal.AbstractPersistentCollection.initialize(AbstractPersistentCollection.java:545)
at org.hibernate.collection.internal.AbstractPersistentCollection.read(AbstractPersistentCollection.java:124)
at org.hibernate.collection.internal.PersistentBag.toString(PersistentBag.java:500)
at java.lang.String.valueOf(String.java:2854)
at java.lang.StringBuilder.append(StringBuilder.java:128)
at com.propspace.api.helper.BaseDomainSerializer.serializeMapObjects(BaseDomainSerializer.java:196)
at com.propspace.api.helper.BaseDomainSerializer.passToSerialize(BaseDomainSerializer.java:175)
at com.propspace.api.helper.BaseDomainSerializer.serialize(BaseDomainSerializer.java:268)
at com.propspace.api.helper.BaseDomainSerializer.serialize(BaseDomainSerializer.java:31)
at org.codehaus.jackson.map.ser.ContainerSerializers$IndexedListSerializer.serializeContents(ContainerSerializers.java:273)
at org.codehaus.jackson.map.ser.ContainerSerializers$IndexedListSerializer.serializeContents(ContainerSerializers.java:229)
at org.codehaus.jackson.map.ser.ContainerSerializers$AsArraySerializer.serialize(ContainerSerializers.java:130)
at org.codehaus.jackson.map.ser.StdSerializerProvider._serializeValue(StdSerializerProvider.java:587)
at org.codehaus.jackson.map.ser.StdSerializerProvider.serializeValue(StdSerializerProvider.java:245)
at org.codehaus.jackson.map.ObjectMapper.writeValue(ObjectMapper.java:1145)
at org.springframework.http.converter.json.MappingJacksonHttpMessageConverter.writeInternal(MappingJacksonHttpMessageConverter.java:203)
at org.springframework.http.converter.AbstractHttpMessageConverter.write(AbstractHttpMessageConverter.java:179)
at org.springframework.web.servlet.mvc.method.annotation.AbstractMessageConverterMethodProcessor.writeWithMessageConverters(AbstractMessageConverterMethodProcessor.java:148)
at org.springframework.web.servlet.mvc.method.annotation.HttpEntityMethodProcessor.handleReturnValue(HttpEntityMethodProcessor.java:121)
at org.springframework.web.method.support.HandlerMethodReturnValueHandlerComposite.handleReturnValue(HandlerMethodReturnValueHandlerComposite.java:69)
at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:122)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:745)
at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:686)
at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:925)
at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:953)
at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:844)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:829)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:728)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter.doFilter(OAuth2AuthenticationProcessingFilter.java:131)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1024)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
This question already has an answer here:
Closed 11 years ago.
Possible Duplicate:
Spring Security - Once logged in , browser do not asking for login details again
When i am logged in from one browser.i remain in same session even if i paste that url in the diffrent browser or even different machine
this means same session is shared across browser or machines.
Here is my app-cofig.xml
<!-- Scans within the base package of the application for #Components to
configure as beans -->
<aop:aspectj-autoproxy proxy-target-class="true" />
<bean id="CltSearch_signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="CltSearch_clientApp" />
</bean>
<bean id="CltSearch_clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="S3" />
</bean>
<bean id="signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="clientApp" />
<property name="signonPswd" ref="signonPswd" />
</bean>
<bean id="signonPswd" class="com.csc.exceed.certificate.domain.SignonPswd">
<property name="custId" ref="custId" />
<property name="custPswd" ref="custPswd" />
</bean>
<bean id="custId" class="com.csc.exceed.certificate.domain.CustId">
</bean>
<bean id="custPswd" class="com.csc.exceed.certificate.domain.CustPswd">
</bean>
<bean id="clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="XCA" />
</bean>
<bean id="oXMapper" class="com.csc.exceed.util.OXMapper">
<property name="unmarshaller" ref="unmarshaller" />
<property name="marshaller" ref="marshaller" />
<property name="acordRequest" ref="acordRequest" />
<property name="acordResponse" ref="acordResponse" />
</bean>
<bean id="unmarshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Response_Mapping.xml" />
</bean>
<bean id="marshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Request_Mapping.xml" />
</bean>
<bean id="acordRequest" class="com.csc.exceed.certificate.domain.ACORD">
<property name="insuranceSvcRq" ref="insuranceSvcRq" />
<property name="signonRq" ref="CltSearch_signonRq" />
</bean>
<bean id="insuranceSvcRq" class="com.csc.exceed.certificate.domain.InsuranceSvcRq">
<property name="com_csc_ClientSearchRq" ref="com_csc_ClientSearchRq" />
</bean>
<bean id="com_csc_ClientSearchRq"
class="com.csc.exceed.certificate.domain.Com_csc_ClientSearchRq">
<property name="com_csc_SearchInfo" ref="com_csc_SearchInfo" />
</bean>
<bean id="com_csc_SearchInfo" class="com.csc.exceed.certificate.domain.Com_csc_SearchInfo">
<property name="com_csc_SearchCriteria" ref="com_csc_SearchCriteria" />
</bean>
<bean id="com_csc_SearchCriteria"
class="com.csc.exceed.certificate.domain.Com_csc_SearchCriteria">
<property name="com_csc_ClientSearch" ref="com_csc_ClientSearch" />
</bean>
<bean id="com_csc_ClientSearch" class="com.csc.exceed.certificate.domain.Com_csc_ClientSearch">
</bean>
<bean id="acordResponse" class="com.csc.exceed.certificate.domain.AcordResponse" />
<bean id="postXmlToUrl" class="com.csc.exceed.util.PostXmlToUrl" />
<bean id="supportData" class="com.csc.exceed.util.SupportDataUtilityImpl" />
<bean id="logging" class="com.csc.exceed.aspect.logging.LoggingAspect">
</bean>
<bean id="searchHandler" class="com.csc.exceed.certificate.web.AccountSearchHandler">
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="exceptionHandling" class="com.csc.exceed.aspect.exception.ExceptionHandling">
</bean>
<bean id="applicationProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/application.properties</value>
</property>
</bean>
<bean id="messageProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/MessageResources.properties
</value>
</property>
</bean>
<bean id="xmlReader" class="com.csc.exceed.util.Validator">
<property name="messageProperties" ref="messageProperties" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="validationXml" value="classpath:/rules/validation-rules.xml" />
<property name="oXMapper" ref="oXMapper" />
</bean>
<bean id="login" class="com.csc.exceed.certificate.domain.ACORD">
<property name="signonRq" ref="signonRq" />
</bean>
<bean id="userManagerService" class="com.csc.exceed.aspect.security.UserManagerService" />
<bean id="customAuthenticationProvider"
class="com.csc.exceed.aspect.security.CustomAuthenticationProvider">
<property name="userManagerService" ref="userManagerService"></property>
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="customAuthenticationManager"
class="com.csc.exceed.aspect.security.CustomAuthenticationManager">
<property name="authenticationProvider" ref="customAuthenticationProvider" />
<property name="oXMapper" ref="oXMapper" />
<property name="login" ref="login" />
</bean>
<cache:annotation-driven />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
<property name="cacheManager" ref="ehcache" />
</bean>
<bean id="ehcache"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:/config/ehcache.xml" />
</bean>
<bean id="checkSession" class="com.csc.exceed.util.CheckSession">
<property name="messageProperties" ref="messageProperties" />
</bean>
<security:http entry-point-ref="CMSAuthenticationEntryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customizedFormLoginFilter" />
<security:session-management
session-authentication-strategy-ref="sas" />
<security:intercept-url pattern="/certs/signin/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/certs/AccountSearch/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<bean id="sas"
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean id="CMSAuthenticationEntryPoint"
class="com.csc.exceed.aspect.accesscontrol.CMSAuthenticationEntryPoint">
<property name="loginFormUrl" value="/certs/signin" />
<property name="forceHttps" value="false" />
</bean>
<bean id="customizedFormLoginFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="customAuthenticationManager" />
<property name="filterProcessesUrl" value="/certs/j_spring_security_check" />
<property name="authenticationSuccessHandler" ref="simpleURLSuccessHandler" />
<property name="authenticationFailureHandler" ref="simpleURLFailureHandler" />
<property name="allowSessionCreation" value="true" />
<property name="sessionAuthenticationStrategy" ref="sas" />
</bean>
<bean id="simpleURLFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/certs/signin" />
<!-- <property name="allowSessionCreation" value="true" /> -->
</bean>
<bean id="simpleURLSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/certs/AccountSearch" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager">
</security:authentication-manager>
And the web.xml is
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
</param-value>
</context-param>
<error-page>
<error-code>500</error-code>
<location>/error.xhtml</location>
</error-page>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>1</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/certs/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
From your other question https://stackoverflow.com/questions/6523073/spring-login-data-presistence it seems you have realised that you need to store the login info in a session scoped rather than singleton bean.
i am trying to use request scope in the spring file,but i am not able to do so, i am getting folllowing error.we are using spring security and session management..
After changing the scope I get the following error:
Caused by: org.springframework.beans.PropertyBatchUpdateException; nested PropertyAccessExceptions (2) are:
PropertyAccessException 1: org.springframework.beans.MethodInvocationException: Property 'clientApp' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name scopedTarget.clientApp': Scope 'request' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
PropertyAccessException 2: org.springframework.beans.MethodInvocationException: Property 'signonPswd' threw exception; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'scopedTarget.signonPswd': Scope 'request' is not active for the current thread; consider defining a scoped proxy for this bean if you intend to refer to it from a singleton; nested exception is java.lang.IllegalStateException: No thread-bound request found: Are you referring to request attributes outside of an actual web request, or processing a request outside of the originally receiving thread? If you are actually operating within a web request and still receive this message, your code is probably running outside of DispatcherServlet/DispatcherPortlet: In this case, use RequestContextListener or RequestContextFilter to expose the current request.
spring config file
<!-- Scans within the base package of the application for #Components to
configure as beans -->
<!-- <aop:aspectj-autoproxy proxy-target-class="true" /> -->
<bean id="CltSearch_signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="CltSearch_clientApp" />
</bean>
<bean id="CltSearch_clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="S3" />
</bean>
<bean id="signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="clientApp" />
<property name="signonPswd" ref="signonPswd" />
</bean>
<bean id="signonPswd" class="com.csc.exceed.certificate.domain.SignonPswd" scope="request">
<aop:scoped-proxy proxy-target-class="true"/>
</bean>
<bean id="clientApp" class="com.csc.exceed.certificate.domain.ClientApp" scope="request">
<aop:scoped-proxy proxy-target-class="true"/>
<property name="name" value="XCA" />
</bean>
<bean id="oXMapper" class="com.csc.exceed.util.OXMapper">
<property name="unmarshaller" ref="unmarshaller" />
<property name="marshaller" ref="marshaller" />
<property name="acordRequest" ref="acordRequest" />
<property name="acordResponse" ref="acordResponse" />
</bean>
<bean id="unmarshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Response_Mapping.xml" />
</bean>
<bean id="marshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Request_Mapping.xml" />
</bean>
<bean id="acordRequest" class="com.csc.exceed.certificate.domain.ACORD">
<property name="insuranceSvcRq" ref="insuranceSvcRq" />
<property name="signonRq" ref="CltSearch_signonRq" />
</bean>
<bean id="insuranceSvcRq" class="com.csc.exceed.certificate.domain.InsuranceSvcRq">
<property name="com_csc_ClientSearchRq" ref="com_csc_ClientSearchRq" />
</bean>
<bean id="com_csc_ClientSearchRq"
class="com.csc.exceed.certificate.domain.Com_csc_ClientSearchRq">
<property name="com_csc_SearchInfo" ref="com_csc_SearchInfo" />
</bean>
<bean id="com_csc_SearchInfo" class="com.csc.exceed.certificate.domain.Com_csc_SearchInfo">
<property name="com_csc_SearchCriteria" ref="com_csc_SearchCriteria" />
</bean>
<bean id="com_csc_SearchCriteria"
class="com.csc.exceed.certificate.domain.Com_csc_SearchCriteria">
<property name="com_csc_ClientSearch" ref="com_csc_ClientSearch" />
</bean>
<bean id="com_csc_ClientSearch" class="com.csc.exceed.certificate.domain.Com_csc_ClientSearch">
</bean>
<bean id="acordResponse" class="com.csc.exceed.certificate.domain.AcordResponse" />
<bean id="postXmlToUrl" class="com.csc.exceed.util.PostXmlToUrl" />
<bean id="supportData" class="com.csc.exceed.util.SupportDataUtilityImpl" />
<bean id="logging" class="com.csc.exceed.aspect.logging.LoggingAspect">
</bean>
<bean id="searchHandler" class="com.csc.exceed.certificate.web.AccountSearchHandler">
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="exceptionHandling" class="com.csc.exceed.aspect.exception.ExceptionHandling">
</bean>
<bean id="applicationProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/application.properties</value>
</property>
</bean>
<bean id="messageProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/MessageResources.properties
</value>
</property>
</bean>
<bean id="xmlReader" class="com.csc.exceed.util.Validator">
<property name="messageProperties" ref="messageProperties" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="validationXml" value="classpath:/rules/validation-rules.xml" />
<property name="oXMapper" ref="oXMapper" />
</bean>
<bean id="login" class="com.csc.exceed.certificate.domain.ACORD">
<property name="signonRq" ref="signonRq" />
</bean>
<bean id="userManagerService" class="com.csc.exceed.aspect.security.UserManagerService" />
<bean id="customAuthenticationProvider"
class="com.csc.exceed.aspect.security.CustomAuthenticationProvider">
<property name="userManagerService" ref="userManagerService"></property>
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="customAuthenticationManager"
class="com.csc.exceed.aspect.security.CustomAuthenticationManager">
<property name="authenticationProvider" ref="customAuthenticationProvider" />
</bean>
<cache:annotation-driven />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
<property name="cacheManager" ref="ehcache" />
</bean>
<bean id="ehcache"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:/config/ehcache.xml" />
</bean>
<bean id="checkSession" class="com.csc.exceed.util.CheckSession">
<property name="messageProperties" ref="messageProperties" />
</bean>
<security:http entry-point-ref="CMSAuthenticationEntryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customizedFormLoginFilter" />
<security:session-management
session-authentication-strategy-ref="sas" />
<security:intercept-url pattern="/certs/signin/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/certs/AccountSearch/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<bean id="CMSAuthenticationEntryPoint"
class="com.csc.exceed.aspect.accesscontrol.CMSAuthenticationEntryPoint">
<property name="loginFormUrl" value="/certs/signin" />
<property name="forceHttps" value="false" />
</bean>
<bean id="customizedFormLoginFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="customAuthenticationManager" />
<property name="filterProcessesUrl" value="/certs/j_spring_security_check" />
<property name="authenticationSuccessHandler" ref="simpleURLSuccessHandler" />
<property name="authenticationFailureHandler" ref="simpleURLFailureHandler" />
<property name="allowSessionCreation" value="true" />
<property name="sessionAuthenticationStrategy" ref="sas" />
</bean>
<bean id="sas"
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean id="simpleURLFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/certs/signin" />
<!-- <property name="allowSessionCreation" value="true" /> -->
</bean>
<bean id="simpleURLSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/certs/AccountSearch" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager">
</security:authentication-manager>
here i have used scoped proxy in two classes SignonPswd and Cleint app
webxml file
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
</param-value>
</context-param>
<error-page>
<error-code>500</error-code>
<location>/error.xhtml</location>
</error-page>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>1</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/certs/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
i have added RequestContextListener in your web.xml: but still i am getting same error
I am using Spring security 3.1 along with Spring 3.
I am facing a problem where I am logging in to the system using one browser , I am able to log into the system.And if I copy the same URL from here to other browser, there it is not asking the user to enter user credentials again. The problem is it is not showing login screen.
Here is my app-cofig.xml
<!-- Scans within the base package of the application for #Components to
configure as beans -->
<aop:aspectj-autoproxy proxy-target-class="true" />
<bean id="CltSearch_signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="CltSearch_clientApp" />
</bean>
<bean id="CltSearch_clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="S3" />
</bean>
<bean id="signonRq" class="com.csc.exceed.certificate.domain.SignonRq">
<property name="clientApp" ref="clientApp" />
<property name="signonPswd" ref="signonPswd" />
</bean>
<bean id="signonPswd" class="com.csc.exceed.certificate.domain.SignonPswd">
<property name="custId" ref="custId" />
<property name="custPswd" ref="custPswd" />
</bean>
<bean id="custId" class="com.csc.exceed.certificate.domain.CustId">
</bean>
<bean id="custPswd" class="com.csc.exceed.certificate.domain.CustPswd">
</bean>
<bean id="clientApp" class="com.csc.exceed.certificate.domain.ClientApp">
<property name="name" value="XCA" />
</bean>
<bean id="oXMapper" class="com.csc.exceed.util.OXMapper">
<property name="unmarshaller" ref="unmarshaller" />
<property name="marshaller" ref="marshaller" />
<property name="acordRequest" ref="acordRequest" />
<property name="acordResponse" ref="acordResponse" />
</bean>
<bean id="unmarshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Response_Mapping.xml" />
</bean>
<bean id="marshaller" class="org.springframework.oxm.castor.CastorMarshaller">
<property name="mappingLocation"
value="classpath:/templates/mapping/ACORD_Request_Mapping.xml" />
</bean>
<bean id="acordRequest" class="com.csc.exceed.certificate.domain.ACORD">
<property name="insuranceSvcRq" ref="insuranceSvcRq" />
<property name="signonRq" ref="CltSearch_signonRq" />
</bean>
<bean id="insuranceSvcRq" class="com.csc.exceed.certificate.domain.InsuranceSvcRq">
<property name="com_csc_ClientSearchRq" ref="com_csc_ClientSearchRq" />
</bean>
<bean id="com_csc_ClientSearchRq"
class="com.csc.exceed.certificate.domain.Com_csc_ClientSearchRq">
<property name="com_csc_SearchInfo" ref="com_csc_SearchInfo" />
</bean>
<bean id="com_csc_SearchInfo" class="com.csc.exceed.certificate.domain.Com_csc_SearchInfo">
<property name="com_csc_SearchCriteria" ref="com_csc_SearchCriteria" />
</bean>
<bean id="com_csc_SearchCriteria"
class="com.csc.exceed.certificate.domain.Com_csc_SearchCriteria">
<property name="com_csc_ClientSearch" ref="com_csc_ClientSearch" />
</bean>
<bean id="com_csc_ClientSearch" class="com.csc.exceed.certificate.domain.Com_csc_ClientSearch">
</bean>
<bean id="acordResponse" class="com.csc.exceed.certificate.domain.AcordResponse" />
<bean id="postXmlToUrl" class="com.csc.exceed.util.PostXmlToUrl" />
<bean id="supportData" class="com.csc.exceed.util.SupportDataUtilityImpl" />
<bean id="logging" class="com.csc.exceed.aspect.logging.LoggingAspect">
</bean>
<bean id="searchHandler" class="com.csc.exceed.certificate.web.AccountSearchHandler">
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="exceptionHandling" class="com.csc.exceed.aspect.exception.ExceptionHandling">
</bean>
<bean id="applicationProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/application.properties</value>
</property>
</bean>
<bean id="messageProperties"
class="org.springframework.beans.factory.config.PropertiesFactoryBean">
<property name="location">
<value>classpath:/config/MessageResources.properties
</value>
</property>
</bean>
<bean id="xmlReader" class="com.csc.exceed.util.Validator">
<property name="messageProperties" ref="messageProperties" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="validationXml" value="classpath:/rules/validation-rules.xml" />
<property name="oXMapper" ref="oXMapper" />
</bean>
<bean id="login" class="com.csc.exceed.certificate.domain.ACORD">
<property name="signonRq" ref="signonRq" />
</bean>
<bean id="userManagerService" class="com.csc.exceed.aspect.security.UserManagerService" />
<bean id="customAuthenticationProvider"
class="com.csc.exceed.aspect.security.CustomAuthenticationProvider">
<property name="userManagerService" ref="userManagerService"></property>
<property name="oXMapper" ref="oXMapper" />
<property name="applicationProperties" ref="applicationProperties" />
<property name="messageProperties" ref="messageProperties" />
</bean>
<bean id="customAuthenticationManager"
class="com.csc.exceed.aspect.security.CustomAuthenticationManager">
<property name="authenticationProvider" ref="customAuthenticationProvider" />
<property name="oXMapper" ref="oXMapper" />
<property name="login" ref="login" />
</bean>
<cache:annotation-driven />
<bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheCacheManager">
<property name="cacheManager" ref="ehcache" />
</bean>
<bean id="ehcache"
class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
<property name="configLocation" value="classpath:/config/ehcache.xml" />
</bean>
<bean id="checkSession" class="com.csc.exceed.util.CheckSession">
<property name="messageProperties" ref="messageProperties" />
</bean>
<security:http entry-point-ref="CMSAuthenticationEntryPoint">
<security:custom-filter position="FORM_LOGIN_FILTER"
ref="customizedFormLoginFilter" />
<security:session-management
session-authentication-strategy-ref="sas" />
<security:intercept-url pattern="/certs/signin/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/certs/AccountSearch/**"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
</security:http>
<bean id="sas"
class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy" />
<bean id="CMSAuthenticationEntryPoint"
class="com.csc.exceed.aspect.accesscontrol.CMSAuthenticationEntryPoint">
<property name="loginFormUrl" value="/certs/signin" />
<property name="forceHttps" value="false" />
</bean>
<bean id="customizedFormLoginFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<property name="authenticationManager" ref="customAuthenticationManager" />
<property name="filterProcessesUrl" value="/certs/j_spring_security_check" />
<property name="authenticationSuccessHandler" ref="simpleURLSuccessHandler" />
<property name="authenticationFailureHandler" ref="simpleURLFailureHandler" />
<property name="allowSessionCreation" value="true" />
<property name="sessionAuthenticationStrategy" ref="sas" />
</bean>
<bean id="simpleURLFailureHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/certs/signin" />
<!-- <property name="allowSessionCreation" value="true" /> -->
</bean>
<bean id="simpleURLSuccessHandler"
class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/certs/AccountSearch" />
<property name="alwaysUseDefaultTargetUrl" value="true" />
</bean>
<security:authentication-manager alias="authenticationManager">
</security:authentication-manager>
And the web.xml is
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/config/web-application-config.xml
</param-value>
</context-param>
<error-page>
<error-code>500</error-code>
<location>/error.xhtml</location>
</error-page>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_REFRESH_PERIOD</param-name>
<param-value>1</param-value>
</context-param>
<context-param>
<param-name>javax.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/certs/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
Maven dependency tree is
It's hard to guess without actually looking at your classes. But maybe your CustomAuthenticationProvider - which is singleton by default - is keeping the first logged in user object in memory instead of looking at the security context.
You didn't say, but I guess when you open the second browser, the logged in user panel (if there's any) shows the user that was logged in the first browser, right?