I am somewhat new to spring security and I am trying to migrate an existing application from security 2.0.4 to 3.1 and I am getting the following error message:
org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'org.springframework.security.authentication.dao.DaoAuthenticationProvider#0': Initialization of bean failed;
nested exception is org.springframework.beans.ConversionNotSupportedException:
Failed to convert property value of type org.springframework.security.authentication.dao.DaoAuthenticationProvider'
to required type 'org.springframework.security.core.userdetails.UserDetailsService' for property 'userDetailsService';
nested exception is java.lang.IllegalStateException: Cannot convert value of type [org.springframework.security.authentication.dao.DaoAuthenticationProvider]
to required type [org.springframework.security.core.userdetails.UserDetailsService]
for property 'userDetailsService': no matching editors or conversion strategy found
I feel like I am missing something obvious but I can't for the life of me see it.
This is my applicationContextSecurity.xml file
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd">
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="employeeServiceFacade"/>
<beans:property name="passwordEncoder" ref="passwordEncoderDecoder"/>
<beans:property name="hideUserNotFoundExceptions" value="false" />
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="daoAuthenticationProvider"/>
</authentication-manager>
<global-method-security secured-annotations="disabled"/>
<beans:bean id="customAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login.action"/>
</beans:bean>
<beans:bean id="customAuthenticationProcessingFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="authenticationFailureHandler" ref="failureHandler" />
<beans:property name="authenticationSuccessHandler" ref="successHandler" />
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="allowSessionCreation" value="true" />
<beans:property name="sessionAuthenticationStrategy" ref="sas"/>
</beans:bean>
<beans:bean id="successHandler" class="com.es.tms.web.security.RoleBasedTargetUrlResolver" >
<beans:property name="defaultTargetUrl" value="/timesheet/searchTimeEntries.action" /> <!-- which is the default value -->
<beans:property name="roleNameToUrlMap">
<util:map>
<beans:entry key="ROLE_ASSISTANT" value="/billing/viewBillings.action"/>
<beans:entry key="ROLE_BILLING" value="/expenses/viewToAPApproveExpenses.action"/>
<beans:entry key="ROLE_PAYROLL" value="/payroll/viewPayroll.action"/>
<beans:entry key="ROLE_OFFICEASSISTANTEXPENSES" value="/expenses/searchExpenseEntries.action"/>
<beans:entry key="ROLE_ADMIN_LEVEL1" value="/administration/searchEmployees.action"/>
<beans:entry key="ROLE_ADMIN" value="/administration/searchEmployees.action"/>
<beans:entry key="ROLE_ADMIN_ASSISTANT" value="/administration/searchEmployees.action"/>
<beans:entry key="ROLE_ACCOUNT_MANAGER" value="/administration/searchEmployees.action"/>
<beans:entry key="ROLE_HR" value="/administration/searchEmployees.action"/>
<beans:entry key="ROLE_RECRUITER_MANAGER" value="/administration/searchEmployees.action"/>
</util:map>
</beans:property>
<beans:constructor-arg ref="defaultTargetUrlResolver" />
</beans:bean>
<beans:bean id="defaultTargetUrlResolver" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" />
<beans:bean id="failureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" >
<beans:property name="defaultFailureUrl" value="/login.action?login_error=true" />
</beans:bean>
<beans:bean id="sas" class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
<beans:property name="migrateSessionAttributes" value="true" />
</beans:bean>
<!-- Non Secured patterns -->
<http security="none" pattern="/images/**" />
<http security="none" pattern="/styles/**" />
<http security="none" pattern="/scripts/**" />
<http security="none" pattern="/common/**" />
<http auto-config="false" entry-point-ref="customAuthenticationEntryPoint" access-denied-page="/forbidden.jsp">
<custom-filter position="FORM_LOGIN_FILTER" ref="customAuthenticationProcessingFilter" />
<!-- SECURITY URLs -->
<intercept-url pattern="/login.action*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/index.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/error*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<logout logout-success-url="/login.action"/>
<anonymous username="Guest" granted-authority="ROLE_ANONYMOUS"/>
<remember-me/>
</http>
<authentication-manager>
<authentication-provider user-service-ref="employeeServiceFacade">
<password-encoder ref="passwordEncoderDecoder"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="passwordEncoderDecoder" class="com.es.tms.util.CustomPasswordEncoder"/>
<beans:bean id="employeeServiceFacade" class="com.es.tms.service.security.EmployeeServiceFacade">
<beans:property name="coreService" ref="coreService"/>
<beans:property name="hireStatusCodes" value="O:SOP's have not been completed#P:Survey has not been completed" />
</beans:bean>
</beans:beans>
Also this is my web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="stanplus" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>TMS</display-name>
<!-- Define the basename for a resource bundle for I18N -->
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>app_resources</param-value>
</context-param>
<!-- Fallback locale if no bundles found for browser's preferred locale -->
<!-- Force a single locale using param-name 'javax.servlet.jsp.jstl.fmt.locale' -->
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.fallbackLocale</param-name>
<param-value>en</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContextMail.xml
/WEB-INF/applicationContextDao.xml
/WEB-INF/applicationContextService.xml
/WEB-INF/applicationContextWeb.xml
/WEB-INF/applicationContextReports.xml
/WEB-INF/applicationContextQuartz.xml
/WEB-INF/applicationContextSecurity.xml
</param-value>
</context-param>
<!-- Filters -->
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.module.sitemesh.filter.PageFilter</filter-class>
</filter>
<filter>
<filter-name>struts-cleanup</filter-name>
<filter-class>org.apache.struts2.dispatcher.ActionContextCleanUp</filter-class>
</filter>
<filter>
<filter-name>struts</filter-name>
<filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
</filter>
<filter>
<filter-name>lazyLoadingFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>lazyLoadingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>struts-cleanup</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>struts</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<!-- Listeners -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>net.sf.navigator.menu.MenuContextListener</listener-class>
</listener>
<!-- Servlets -->
<servlet>
<servlet-name>jspSupportServlet</servlet-name>
<servlet-class>org.apache.struts2.views.JspSupportServlet</servlet-class>
<load-on-startup>5</load-on-startup>
</servlet>
<!-- Welcome file lists -->
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/error.jsp</location>
</error-page>
</web-app>
Any help would be much appreciated.
Thanks,
Steve
Update:
Ok I looked at this example and I did see that I had my authentication manager incorrect. So I fixed that but now I can't' seem to get by this error:
org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'daoAuthenticationProvider'
defined in ServletContext resource [/WEB-INF/applicationContextSecurity.xml]:
Cannot resolve reference to bean 'employeeServiceFacade' while setting bean property 'userDetailsService';
nested exception is org.springframework.beans.factory.BeanCreationException:
Error creating bean with name 'employeeServiceFacade'
defined in ServletContext resource [/WEB-INF/applicationContextSecurity.xml]:
Initialization of bean failed; nested exception is
org.springframework.beans.factory.BeanInitializationException:
Property 'coreService' is required for bean 'employeeServiceFacade'
I have not changed my coreServie in this upgrade but it almost looks like it has not been initialized? Any thoughts?
My coreService is set in the applicationContextService.xml file.
I have an applicationContextService.xml file that contains this bean. When I walk through it at startup in debug I see that the service is initialized, but for some reason still thinks it is not set. I took the #Required annotation off of the coreService in the EmployeeServiceFacade class and now it seems to be working. Don't understand why but I can at least run my app now. Thanks for the responses it at least got me looking in the right direction.
Related
First of all, thanks in advance!
I'm working with Spring-Batch-Admin 1.3.1 and my processes work correctly, but now we have the goal of applying security so that only authorized people can access the processes.
The security settings are working perfectly in other applications and go against a CAS.
By doing the tests with spring-batch-admin-sample, I have placed the security configuration file in the path /META-INF/spring/cas-security-config.xml and it is imported from another configuration xml file to overwrite the Properties or load new ones for security. The batch-admin starts up correctly, but when I try to access the application it generates the following error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
I have read all the related posts but I can not find the solution. I have tried with overwriting the resourceService bean with /batch but when it is accessed, the others url does not find them and generates 404 error.
We want to protect everything, which redirects to CAS and then returns to the batch-manager menu.
These are my configuration files:
Property load
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<context:annotation-config />
<context:component-scan base-package="com.aneta.services" />
<!--
SOBREESCRITURA DE LAS PROPERTIES DEL MANAGER DE SPRING BATCH
-->
<bean id="placeholderProperties" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="locations">
<list>
<value>classpath:*.properties</value>
<value>classpath:properties/*.properties</value>
</list>
</property>
<property name="systemPropertiesModeName" value="SYSTEM_PROPERTIES_MODE_OVERRIDE" />
<property name="ignoreResourceNotFound" value="true" />
<property name="ignoreUnresolvablePlaceholders" value="false" />
<property name="order" value="1" />
</bean>
<import resource="classpath:META-INF/spring/cas-security-config.xml"/>
</beans>
Web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd" version="2.4">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/org/springframework/batch/admin/web/resources/webapp-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>shallowEtagHeaderFilter</filter-name>
<filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class>
</filter>
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>shallowEtagHeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Batch Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Batch Servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
</web-app>
And
cas-security-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<context:annotation-config />
<context:component-scan base-package="com.aneta.services" />
<bean id="roleVoter" class="org.springframework.security.access.vote.RoleVoter">
<property name="rolePrefix" value=""/>
</bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<constructor-arg >
<list>
<ref bean="roleVoter"/>
<bean class="org.springframework.security.web.access.expression.WebExpressionVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</list>
</constructor-arg>
</bean>
<security:http entry-point-ref="casEntryPoint" use-expressions="true" auto-config="true"
access-decision-manager-ref="accessDecisionManager">
<security:csrf disabled="false"/>
<security:custom-filter position="FIRST" ref="ajaxSessionFilter"/>
<security:custom-filter ref="requestSingleLogoutFilter" before="LOGOUT_FILTER" />
<security:custom-filter ref="singleLogoutFilter" before="CAS_FILTER" />
<security:custom-filter ref="casAuthenticationFilter" after="CAS_FILTER"/>
<security:custom-filter position="LAST" ref="loginFilter"/>
<!-- ACCESO CON RESTRICCIONES -->
<security:intercept-url pattern="/**" access="hasAnyAuthority('ADMINISTRATOR')" />
</security:http>
<bean id="casServiceProperties" class="org.springframework.security.cas.ServiceProperties"
p:service="${service.base.url}"
p:sendRenew="false" p:authenticateAllArtifacts="true" />
<bean id="casEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint"
p:serviceProperties-ref="casServiceProperties" p:loginUrl="${cas.server.base.url}/login" />
<bean id="ajaxSessionFilter" class="com.psoplaneta.services.security.filters.AjaxSessionFilter">
<property name="homePage" value="${cas.server.base.url}/login"/>
</bean>
<bean id="loginFilter" class="com.aneta.services.security.filters.LoginFilter">
<property name="errorPage" value="${service.base.url}/403"/>
<property name="loginPage" value="${cas.server.base.url}/login"/>
</bean>
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter"
p:proxyGrantingTicketStorage-ref="proxyGrantingTicketStorage"
p:proxyReceptorUrl="/login/cas/proxyreceptor"
p:serviceProperties-ref="casServiceProperties"
p:authenticationManager-ref="authenticationManager">
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed"/>
</bean>
</property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler"
p:defaultTargetUrl="/">
</bean>
</property>
<property name="proxyGrantingTicketStorage" ref="proxyGrantingTicketStorage" />
</bean>
<bean id="proxyGrantingTicketStorage" class="org.jasig.cas.client.proxy.ProxyGrantingTicketStorageImpl" />
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<!-- This filter redirects to the CAS Server to signal Single Logout should be performed -->
<bean id="requestSingleLogoutFilter"
class="org.springframework.security.web.authentication.logout.LogoutFilter"
p:filterProcessesUrl="/j_spring_cas_security_logout">
<constructor-arg value="${cas.server.base.url}/logout" />
<constructor-arg >
<bean
class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
</constructor-arg>
</bean>
<!-- This filter handles a Single Logout Request from the CAS Server -->
<bean id="singleLogoutFilter" class="org.jasig.cas.client.session.SingleSignOutFilter"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="casAuthenticationProvider"/>
</security:authentication-manager>
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider"
p:key="casAuthProviderKey"
p:serviceProperties-ref="casServiceProperties">
<property name="authenticationUserDetailsService">
<bean class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<constructor-arg ref="userDetailService" />
</bean>
</property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator"
p:proxyGrantingTicketStorage-ref="proxyGrantingTicketStorage">
<constructor-arg index="0" value="${cas.server.base.url}" />
</bean>
</property>
</bean>
<bean id="userDetailService" class="com.aneta.services.security.userdetails.UserDetailsService"/>
</beans>
In case you are interested, I put here the solution to activate authentication with CAS SSO and I suppose it will be useful for another type of authentication.
After giving so many laps, I have seen that in the web.xml there are two dispatchers and only one was being used, ie only one configuration was loaded and the Batch servlet.
The solution is to create a single dispatcher and load all configurations into a single dispatcher. That if, the configuration files I put them out of the folders that override, ie META-INF / spring / servlet-config.xml and within this to make the security imports and if necessary add more things, as this is The right place to make imports of new configurations.
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<!-- set to blank to ensure context is only loaded once -->
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath*:/org/springframework/batch/admin/web/resources/webapp-config.xml,
classpath*:/org/springframework/batch/admin/web/resources/servlet-config.xml,
classpath*:/META-INF/spring/aneta-servlet-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>shallowEtagHeaderFilter</filter-name>
<filter-class>org.springframework.web.filter.ShallowEtagHeaderFilter</filter-class>
</filter>
<filter>
<filter-name>hiddenHttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>shallowEtagHeaderFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hiddenHttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- SPRING SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- -->
</web-app>
I hope it works for you!
Hi i am getting below default message every time instead of my custom message.
Your login attempt was not successful, try again.
Reason: Bad credentials
My web.xml is below
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml
/WEB-INF/spring/spring-security.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
My servlet-context.xml is
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<!-- <annotation-driven /> -->
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<!-- <resources mapping="/resources/**" location="/resources/" /> -->
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
<context:component-scan base-package="com.sandeep.customerrormsg" />
<bean id="messageSource" class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>classpath:mymessages</value>
</list>
</property>
</bean>
</beans>
and spring-security.xml is
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/welcome" authentication-failure-url="/loginfailed"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="sandy" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I am learning and need to configure siteminder SSO with Spring Security. I followed some blog and wrote my code as fllowing. Plz help to resolove: "No bean named 'springSecurityFilterChain' is defined" error. Here is my code:
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/conf/Security-config.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Security-config.xml
<security:http use-expressions="true" auto-config="false" entry-point-ref="http403EntryPoint">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<security:custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
</security:http>
<bean id="siteminderFilter" class="org.springframework.security.web.authentication.preauth.RequestHeaderAuthenticationFilter">
<property name="principalRequestHeader" value="SM_USER"/>
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<bean id="preauthAuthProvider" class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
<property name="preAuthenticatedUserDetailsService">
<bean id="userDetailsServiceWrapper" class="org.springframework.security.core.userdetails.UserDetailsByNameServiceWrapper">
<property name="userDetailsService" ref="customUserDetailsService"/>
</bean>
</property>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="preauthAuthProvider" />
</security:authentication-manager>
<bean id="customUserDetailsService" class="com.cno.cnofdw.security.CustomUserDetailsService"></bean>
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"></bean>
Placed Security-config.xml under WEB-INF/conf/
Even I tried importing in applicationContext.xml. but no use.
Can anybody help me to resolve this problem and if possible please suggest any blog to configure spring with siteminder signle sign on?
Your missing "/" in path. It should be:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/conf/Security-config.xml
</param-value>
</context-param>
thank you all who spent time to answer my question. I have placed contextClass in my web.xml and I have commented it and got resolved.
contextClass
org.springframework.web.context.support.AnnotationConfigWebApplicationContext
We develop a web application that need different authentication, in my case this is agent and member. This is the detail:
Agent profile page is at http://my.local/spring-security-hello-world/agent/profile
Member profile page is at http://my.local/spring-security-hello-world/member/profile
Both of pages are filtered by springSecurityFilterChain
But i have some issues here. First I login at agent profile page, and successfully logged in. But then I open the member page, and I got HTTP Status 403 - Access is denied. The situation i want to achieve is both agent and member is able to logged in.
Here is my web.xml
<?xml version="1.0" encoding="UTF-8"?><web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>spring-security-hello-world</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
And this is my spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<!-- <http pattern="/agent/login" security="none" /> -->
<http pattern="/member/**">
<intercept-url pattern="/**" access="ROLE_MEMBER" />
<form-login login-page="/member_login" default-target-url="/member/profile"
authentication-failure-url="/member_loginfailed" />
<logout logout-success-url="/member_logout" />
</http>
<http auto-config="true">
<intercept-url pattern="/agent/**" access="ROLE_AGENT" />
<form-login login-page="/agent_login" default-target-url="/agent/profile"
authentication-failure-url="/agent_loginfailed" />
<logout logout-success-url="/agent_logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="agent" password="123456" authorities="ROLE_AGENT" />
</user-service>
</authentication-provider>
<authentication-provider>
<user-service>
<user name="member" password="123456" authorities="ROLE_MEMBER" />
</user-service>
</authentication-provider>
</authentication-manager>
Notes:
In my case one user must only have one role (either agent or member only)
If you do it in the same browser then your Agent with ROLE_AGENT is used to access page which is restricted to ROLE_MEMBER. You can add ROLE_MEMBER to your access="ROLE_AGENT, ROLE_MEMBER" to check it.
i'm developing login page with spring security but when I start my project automatically redirected to the login page. I've a in my web.xml with redirect to index.xhtml, why is redirect to login.xhtml?
web.xml
<web-app >
<display-name>AirTour</display-name>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<!-- SPRING -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/conf/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- SPRING SECURITY -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- JSF -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>
applicationContext.xml
<bean id="userDetailsManager" class="org.springframework.security.provisioning.JdbcUserDetailsManager">
<property name="dataSource" ref="dataSource"></property>
</bean>
<bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
<bean id="saltSource" class="org.springframework.security.authentication.dao.ReflectionSaltSource">
<property name="userPropertyToUse" value="username"/>
</bean>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider user-service-ref="userDetailsManager">
<security:password-encoder ref="passwordEncoder">
<security:salt-source ref="saltSource"/>
</security:password-encoder>
</security:authentication-provider>
</security:authentication-manager>
<security:http >
<security:intercept-url pattern="/user/*" access="ROLE_USER"/>
<security:intercept-url pattern="/comp/*" access="ROLE_COMP"/>
<security:intercept-url pattern="/admin/*" access="ROLE_ADMIN"/>
<security:intercept-url pattern="/*" access="ROLE_ANONIMOUS,ROLE_USER,ROLE_COMP,ROLE_ADMIN"/>
<security:form-login login-page="/login"/>
</security:http>
It looks like you've made a spelling mistake in your spring security config. Replace ROLE_ANONIMOUS with ROLE_ANONYMOUS:
<security:intercept-url pattern="/*" access="ROLE_ANONYMOUS,ROLE_USER,ROLE_COMP,ROLE_ADMIN"/>
Change your last intercept-url to this:
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
Also use auto-config in security:http.
<security:http auto-config="true">