I am learning spring security from reference material. release 3.1.2.RELEASE. As stated in that I have configured security:http
tag like this
security-context.xml
<security:http auto-config="true"> <security:intercept-url pattern="/**" access="ROLE_USER"/> </security:http>
web.xml
<context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:*-context.xml</param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>security</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>security</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>
security-servlet.xml
<context:component-scan base-package="com.pokuri.security.mvc.controllers"/> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/> <property name="prefix" value="/WEB-INF/page/"/> <property name="suffix" value=".jsp"/> </bean>
But I am getting this exception when I start the application. If I remove security configuration my spring web application working fine. I went through the same kind of questions in stackoverflow. But no luck.
The best solution is to properly isolate beans. The DispatcherServlet is responsible for routing and handling requests so all related beans should go into its context. The ContextLoaderListener , which loads the root context, should initialize any beans the rest of your application needs: services, repositories, etc.
DelegatingFilterProxy is a class in Spring's Web module. It provides features for making HTTP calls pass through filters before reaching the actual destination. With the help of DelegatingFilterProxy, a class implementing the javax. Servlet.
Spring Security is a powerful and highly customizable authentication and access-control framework. It is the de-facto standard for securing Spring-based applications. Spring Security is a framework that focuses on providing both authentication and authorization to Java applications.
I think that the reason of your problem can be in that your xml configuration file for spring security isn't loaded when you start your web app.
To fix this you should specify all your XML config files in web.xml like that:
<context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value> </context-param>
If you have your config files in classpath (not WEB-INF folder or it's subfolders) then you can specify list of config files in such way;
... <param-value> classpath:applicationContext.xml, classpath:spitter-security.xml </param-value> ...
And also you need to add special listener that will load your config files:
<listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener>
I just added the bean definition in applicationContext.xml as Spring asked:
<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With