I am trying to implement authentication on Spring web service by referring the following link:
http://docs.spring.io/spring-ws/site/reference/html/security.html
Following is the configuration I have added:
<bean
class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
<property name="interceptors">
<list>
<ref local="wsServerSecurityInterceptor" />
<ref local="payloadValidatingIterceptor" />
</list>
</property>
</bean>
<bean id="wsServerSecurityInterceptor"
class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
<property name="policyConfiguration"
value="classpath:security/xwss/security-server-policy.xml" />
<property name="callbackHandlers">
<list>
<!-- <ref bean="keyStoreHandlerServer" /> -->
<ref bean="springSecurityHandler" />
<ref bean="callbackHandlerServer" />
</list>
</property>
</bean>
<bean id="springSecurityHandler"
class="org.springframework.ws.soap.security.xwss.callback.SpringPlainTextPasswordValidationCallbackHandler">
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="authenticationProvider" />
</list>
</property>
</bean>
<bean id="authenticationProvider"
class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
<property name="userDetailsService" ref="userDetailsService"/>
</bean>
<bean id="userDetailsService" class="com.impl.endpoints.calc.client.JpaUserDetailsService" />
While deploying the war file on server, I get following error:
Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping#0' defined in ServletContext resource [/WEB-INF/xws-spring-ws-servlet.xml]: Cannot resolve reference to bean 'wsServerSecurityInterceptor' while setting bean property 'interceptors' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsServerSecurityInterceptor' defined in ServletContext resource [/WEB-INF/xws-spring-ws-servlet.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'callbackHandlers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in ServletContext resource [/WEB-INF/xws-spring-ws-servlet.xml]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/authentication/AuthenticationManager
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:154)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1387)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1128)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)
org/springframework/security/authentication/AuthenticationManager is not mentioned anywhere in the configuration or the code. I wonder where exactly the given class is required and what configuration change I need to do to resolve this error.
EDIT:
POM contains following spring security jars:
<dependency>
<groupId>
org.springframework.security
</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>2.0.4</version>
</dependency>
<dependency>
<groupId>
org.springframework.security
</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>3.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-ldap</artifactId>
<version>3.1.7.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.ws</groupId>
<artifactId>spring-ws-security</artifactId>
<version>2.2.0.RELEASE</version>
<exclusions>
<exclusion>
<groupId>com.sun.xml.wsit</groupId>
<artifactId>xws-security</artifactId>
</exclusion>
<exclusion>
<groupId>com.sun.xml.wsit</groupId>
<artifactId>wsit-rt</artifactId>
</exclusion>
</exclusions>
</dependency>
You are mixing Spring Security 2 and Spring Security 3 in your configuration. Use the same (and the latest) version number for all the Spring Security jars. You have version 2.0.4 for the spring-security-core
jar and 3.1.7.RELEASE
for other ones. Use the current release version for all the jars, and make sure there aren't different versions in your WEB-INF/lib
when you've built the project.
The package names also changed between 2 and 3. Use the API docs if you need to know what package a class is in.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With