Geek Answers Handbook

Unable to integrate Spring Security BASIC Authentication into Jersey / JAX-RS and Tomcat

I am trying to add BASIC authentication to a RESTful web service that I created using Jersey / JAX-RS and Tomcat Apache 7.0. In the future, I want to deploy this web service to WebSphere, so I decided to use Spring Security (version 2.5.6) for my project.

My problem is this: although I believe that my various xml files are correct, and I added spring.jar to my class path. When starting the server, I get the following error.

SEVERE: Error configuring application listener of class org.springframework.web.context.ContextLoaderListener java.lang.NoClassDefFoundError: javax/servlet/ServletContextListener at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClassCond(Unknown Source) ...

etc. Every resource that I looked at claims that I have to add spring.jar to my class path that I have. I am completely new to Spring, so if any of my files are not configured correctly, tell me. Here are all the relevant XML files and settings.

security applicationContext.xml:

 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> <security:global-method-security secured-annotations="enabled"/> <security:http> <security:http-basic/> <security:intercept-url pattern="/**" access="ROLE_USER"/> </security:http> <security:authentication-manager alias="authenticationManager"/> <bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter"> <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/> <property name="authenticationManager" ref="authenticationManager"/> </bean> <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"> <!--property name="contextClass" value="org.springframework.security.context.SecurityContextImpl"/--> <property name="allowSessionCreation" value="false"/> </bean> <bean id="httpSessionContextIntegrationFilterWithASCFalse" class="org.springframework.security.context.HttpSessionContextIntegrationFilter"> <property name="allowSessionCreation" value="false"/> </bean> <bean id="authenticationEntryPoint" class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint"> <property name="realmName" value="Your realm name"/> </bean> <security:authentication-provider> <security:password-encoder hash="md5"/> <security:user-service> <security:user name="admin" password="2fa3fa1c2deff56ed33e0bf974f2e29e" authorities="ROLE_PARTNER, ROLE_USER"/> </security:user-service> </security:authentication-provider>

applicationContext.xml (I was told that it may be empty):

 <beans></beans>

web.xml:

 <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee /web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5"> <display-name>TestService</display-name> <servlet> <servlet-name>Jersey REST Service</servlet-name> <servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class> <init-param> <param-name>com.sun.jersey.config.property.packages</param-name> <param-value>TestService</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>Jersey REST Service</servlet-name> <url-pattern>/*</url-pattern> </servlet-mapping> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/security-applicationContext.xml, /WEB-INF/applicationContext.xml </param-value> </context-param> <!-- Enables Spring Security --> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> <init-param> <param-name>targetBeanName</param-name> <param-value>springSecurityFilterChain</param-value> </init-param> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>

Finally, my file structure:

My file structure

and my server startup configuration:

Run configuration

+4
source share
1 answer

This seems like a similar problem.

You might want to try different versions of Tomcat.

You have no dependencies.

Minimum spring-security dependencies should be:

 <properties> <spring.version>3.0.1.RELEASE</spring.version> </properties> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-web</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-config</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-taglibs</artifactId> <version>${spring.version}</version> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-core</artifactId> <version>${spring.version}</version> </dependency>

You don't seem to be using maven, so this site will help you find the banks you need. Just search for <artifactId> and you can download .jar for the dependency.

This HOWTO can help you with a minimal spring configuration.

+3
source

More articles:


All Articles