security.xml strange error using Spring - spring-security

I am trying to configure Spring Security in my simple application. Here is my configuration file, security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http>
<form-login login-page="/login/" authentication-failure-url="/fail/" />
<logout logout-success-url="/" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService' />
</authentication-manager>
<b:bean id="myUserDetailsService" class="my.package.security.MyUserDataService" />
</beans:beans>
I got following errors with deploying:
The prefix "beans" for element "beans:beans" is not bound.
How can I fix this problem?

You're missing up the beans and b prefixes. You've declared the b prefix, and then used the beans one. You need to pick one and stick with it. For example, replace
xmlns:b="http://www.springframework.org/schema/beans"
with
xmlns:beans="http://www.springframework.org/schema/beans"
and then
<b:bean...
with
<beans:bean...

You're declaring the namespace as b: and using it everywhere except the enclosing beans tag, in which you're using beans:beans instead of b:beans.

Related

Spring security namespace configuration: cannot put authentication-provider inside a authentication-manager

I‘m start to use spring security to protect my project, but I have a problem with the namespace configuration. Here is my applicationContext-security.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http>
<intercept-url pattern="/**/query/**" access="none" />
</http>
<http>
<intercept-url pattern="/**/edit/**" access="ROLE_USER" />
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
<user name="bob" password="bobspassword" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
These code are copied from the reference of spring security. However, the IDE gives following errors:
1, Element authentication-manager doesn't have required attribute alias.
2, Element authentication-provider is not allowed here.
3, Cannot resolve symbol user-service.
4, Cannot resolve symbol user.
What should I do? Thx!

error in spring-security.xml:The matching wildcard is strict, but no declaration can be found for element 'http'

I am developing application in spring for first time.Getting error at line no 11.Can any one solve this. I have added spring-security-config.jar.
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd
http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">
<http auto-config="true">
<intercept-url pattern="/admin**" access="ROLE_USER" />
<form-login
login-page="/login"
default-target-url="/welcome"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="mkyong" password="123456" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
You haven't set the schemaLocation for the security namespace. Copy the examples from the reference manual or one of the sample applications.
You've also tried to use version 2.0.4, which won't work. The csrf element is only available from 3.2 onwards.
I'd also forget about auto-config and add what you want explicitly.

The prefix "b" for element "b:bean" is not bound [duplicate]

I am trying to configure Spring Security in my simple application. Here is my configuration file, security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jdbc
http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http>
<form-login login-page="/login/" authentication-failure-url="/fail/" />
<logout logout-success-url="/" />
</http>
<authentication-manager>
<authentication-provider user-service-ref='myUserDetailsService' />
</authentication-manager>
<b:bean id="myUserDetailsService" class="my.package.security.MyUserDataService" />
</beans:beans>
I got following errors with deploying:
The prefix "beans" for element "beans:beans" is not bound.
How can I fix this problem?
You're missing up the beans and b prefixes. You've declared the b prefix, and then used the beans one. You need to pick one and stick with it. For example, replace
xmlns:b="http://www.springframework.org/schema/beans"
with
xmlns:beans="http://www.springframework.org/schema/beans"
and then
<b:bean...
with
<beans:bean...
You're declaring the namespace as b: and using it everywhere except the enclosing beans tag, in which you're using beans:beans instead of b:beans.

Disable Spring Security from spring-security.xml file

Help me with the advice please.
I need to disable/enable spring security on my application by some variable in xml file.
my spring-security.xml file
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_ADMIN" />
<logout logout-success-url="/mainpage" />
<login login-success-url="/mainpage" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="hey" password="there" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
How can be this perfomed?
Thanks.
security
A request pattern can be mapped to an empty filter chain, by setting this attribute to none. No security will be applied and none of Spring Security's features will be available.
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/appendix-namespace.html#nsa-http-security
so:
<http auto-config="true" security="none">
and as usual the "none" parameter can be a springEL expression (well a subset anyways).
hope this is what you were looking for
EDIT:
forgot to mention that it's a new feature is Spring Security 3.1
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/new-3.1.html#new-3.1-highlevel
EDIT2:
For a more dynamic solution use bean profiles. http://static.springsource.org/spring/docs/3.1.x/spring-framework-reference/html/new-in-3.1.html#d0e1293 and http://blog.springsource.com/2011/02/11/spring-framework-3-1-m1-released/

Spring Security 3.0- Customise basic http Authentication Dialog

Rather than reading;
A user name and password are being requested by http://localhost:8080. The site says: "Spring Security Application"
I want to change the prompt, or at least change what the "site says". Does anyone know how to do this via resources.xml?
In my Grails App Spring configuration, my current version is as follows;
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" use-expressions="true">
<http-basic/>
<intercept-url pattern="/**" access="isAuthenticated()" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
You can't change it. Your application sends to the browser only the "Spring Secuirty Application" part. Other parts of the prompt are added by you browser.
To change the "Spring Security Application" part, you can use realm attribute of the <http> element:
<http realm = "My Application" ... >

Resources