I am trying to configure Spring Security in my simple application. Here is my configuration file, security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http>
<form-login login-page="/login/" authentication-failure-url="/fail/" />
<logout logout-success-url="/" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService' />
</authentication-manager>
<b:bean id="myUserDetailsService" class="my.package.security.MyUserDataService" />
</beans:beans>
I got following errors with deploying:
The prefix "beans" for element "beans:beans" is not bound.
How can I fix this problem?
You're missing up the beans and b prefixes. You've declared the b prefix, and then used the beans one. You need to pick one and stick with it. For example, replace
xmlns:b="http://www.springframework.org/schema/beans"
with
xmlns:beans="http://www.springframework.org/schema/beans"
and then
<b:bean...
with
<beans:bean...
You're declaring the namespace as b: and using it everywhere except the enclosing beans tag, in which you're using beans:beans instead of b:beans.
Related
I‘m start to use spring security to protect my project, but I have a problem with the namespace configuration. Here is my applicationContext-security.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http>
<intercept-url pattern="/**/query/**" access="none" />
</http>
<http>
<intercept-url pattern="/**/edit/**" access="ROLE_USER" />
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="bobspassword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
These code are copied from the reference of spring security. However, the IDE gives following errors:
1, Element authentication-manager doesn't have required attribute alias.
2, Element authentication-provider is not allowed here.
3, Cannot resolve symbol user-service.
4, Cannot resolve symbol user.
What should I do? Thx!
I am developing application in spring for first time.Getting error at line no 11.Can any one solve this. I have added spring-security-config.jar.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http auto-config="true">
<intercept-url pattern="/admin**" access="ROLE_USER" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
You haven't set the schemaLocation for the security namespace. Copy the examples from the reference manual or one of the sample applications.
You've also tried to use version 2.0.4, which won't work. The csrf element is only available from 3.2 onwards.
I'd also forget about auto-config and add what you want explicitly.
I know very little or nothing about xml and I have to write a spring-security.xml file . The problem i guess has something to do with my xml not following xsd. Here is the xml.
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:s="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<s:http auto-config="true">
<s:intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:intercept-url pattern="/index.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<s:intercept-url pattern="/**" access="ROLE_USER" />
<s:intercept-url pattern="/" access="ROLE_USER" />
<s:form-login login-page="/login" default-target-url="/getemp"/>
<s:logout logout-success-url="/logout" />
</s:http>
<s:authentication-manager>
<s:authentication-provider>
<s:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
</s:authentication-provider>
</s:authentication-manager>
<s:ldap-server id="ldapServer" url="ldap://test.com:389" />
</beans>
When I try to run the web application I am getting an error.
Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.a: Invalid content was found starting with element 's:ldap-authentication-provider'. One of '{"http://www.springframework.org/schema/security":any-user-service, "http://www.springframework.org/schema/security":password-encoder}' is expected.
Here is the xsd
spring security xsd
The xsd says that <s:authentication-manager> accepts as children an authentication-provider OR an ldap-authentication-provider. So, remove the <s:authentication-provider> that is wrapping your <s:ldap-authentication-provider> and that should get you past this problem. Your final code should look like:
<s:authentication-manager>
<s:ldap-authentication-provider user-dn-pattern="uid={0},ou=people"/>
</s:authentication-manager>
Help me with the advice please.
I need to disable/enable spring security on my application by some variable in xml file.
my spring-security.xml file
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_ADMIN" />
<logout logout-success-url="/mainpage" />
<login login-success-url="/mainpage" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="hey" password="there" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
How can be this perfomed?
Thanks.
security
A request pattern can be mapped to an empty filter chain, by setting this attribute to none. No security will be applied and none of Spring Security's features will be available.
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/appendix-namespace.html#nsa-http-security
so:
<http auto-config="true" security="none">
and as usual the "none" parameter can be a springEL expression (well a subset anyways).
hope this is what you were looking for
EDIT:
forgot to mention that it's a new feature is Spring Security 3.1
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/new-3.1.html#new-3.1-highlevel
EDIT2:
For a more dynamic solution use bean profiles. http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/new-in-3.1.html#d0e1293 and http://blog.springsource.com/2011/02/11/spring-framework-3-1-m1-released/
I am trying to configure Spring Security in my simple application. Here is my configuration file, security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http>
<form-login login-page="/login/" authentication-failure-url="/fail/" />
<logout logout-success-url="/" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService' />
</authentication-manager>
<b:bean id="myUserDetailsService" class="my.package.security.MyUserDataService" />
</beans:beans>
I got following errors with deploying:
The prefix "beans" for element "beans:beans" is not bound.
How can I fix this problem?
You're missing up the beans and b prefixes. You've declared the b prefix, and then used the beans one. You need to pick one and stick with it. For example, replace
xmlns:b="http://www.springframework.org/schema/beans"
with
xmlns:beans="http://www.springframework.org/schema/beans"
and then
<b:bean...
with
<beans:bean...
You're declaring the namespace as b: and using it everywhere except the enclosing beans tag, in which you're using beans:beans instead of b:beans.