Geek Answers Handbook

Failed to create LoginUrlAuthenticationEntryPoint instance: default constructor not found

I am trying to migrate from Spring 3.x to Spring 4.x, but Spring XML Security File cannot be loaded properly.

The XML configuration, I suppose, needs to be changed, but I could not find it on the Internet. XML configuration working with Spring 3.x does not work with 4.0.1.RELEASE.

This is my XML configuration

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
 xmlns:security="http://www.springframework.org/schema/security"
 xmlns:p="http://www.springframework.org/schema/p"
 xmlns:aop="http://www.springframework.org/schema/aop"
 xmlns:util="http://www.springframework.org/schema/util"
 xsi:schemaLocation="http://www.springframework.org/schema/beans 
   http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
   http://www.springframework.org/schema/security 
   http://www.springframework.org/schema/security/spring-security-4.0.xsd
   http://www.springframework.org/schema/aop 
   http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
   http://www.springframework.org/schema/util 
   http://www.springframework.org/schema/util/spring-util-4.0.xsd">

    <!-- This is where we configure Spring-Security  -->
    <security:http auto-config="false" use-expressions="true"  
        entry-point-ref="authenticationEntryPoint" disable-url-rewriting="true" >
    <!-- Below URL will be intercepted by spring security -->
        <security:intercept-url pattern="/access/login" access="permitAll"/>
        <security:intercept-url pattern="/analytics/**" access="hasAnyRole('ROLE_ADMIN', 'ROLE_USER')"/>
        <security:intercept-url pattern="/access/auth/**" access="hasRole('ROLE_ADMIN')"/>
        <security:intercept-url pattern="/access/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>
        <security:intercept-url pattern="/auth/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')"/>

        <!-- Logout Configuration -->
        <security:logout invalidate-session="true" logout-success-url="/access/login" logout-url="/access/logout" />

        <!-- Authentication -->
        <security:custom-filter position="FORM_LOGIN_FILTER" ref="authenticationFilter" />
        <!-- Concurrent Session -->
        <!-- <security:custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" /> -->

        <security:session-management session-authentication-strategy-ref="sas"/> <!-- invalid-session-url="/access/session-expired"  -->

    </security:http>

    <!-- Permission Evaluator Configuration -->
    <security:global-method-security pre-post-annotations="enabled">
        <security:expression-handler ref="expressionHandler"/>
    </security:global-method-security>

    <bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler">
        <property name="permissionEvaluator" ref="permissionEvaluator"/>
    </bean>

    <!-- Custom Permission Evaluator -->
    <bean id="permissionEvaluator" class="com.space.um.security.CustomPermissionEvaluator"/>

        <!-- Custom filter for username and password. The real customization is done in the customAthenticationManager -->
        <bean id="authenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter"
            p:sessionAuthenticationStrategy-ref="sas"
            p:authenticationManager-ref="authenticationManager"
            p:authenticationFailureHandler-ref="authenticationFailureHandler"
            p:authenticationSuccessHandler-ref="authenticationSuccessHandler" /> 

        <!-- Custom authentication manager. In order to authenticate, username and password must not be the same -->
        <bean id="authenticationManager" class="com.space.um.security.CustomAuthenticationManager" />

        <!-- We just actually need to set the default failure url here -->
        <bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"
            p:defaultFailureUrl="/access/login?error=true" />

        <!-- We just actually need to set the default target url here -->
        <bean id="authenticationSuccessHandler" class="com.space.um.security.AuthenticationSuccessHandler"
            p:defaultTargetUrl="/access/welcome" />

        <!-- The AuthenticationEntryPoint is responsible for redirecting the user to a particular page, like a login page,
        whenever the server sends back a response requiring authentication -->
        <!-- See Spring-Security Reference 5.4.1 for more info -->
        <bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"  
           p:loginFormUrl="/access/login"/>

        <!-- Custom Concurrency Manager -->
        <!-- <bean id="concurrencyFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter"
            p:sessionRegistry-ref="sessionRegistry"/> --> <!-- p:expiredUrl="/access/session-expired" -->

        <!-- Custom Concurrency Control Strategy -->
        <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy" p:maximumSessions="1">
            <constructor-arg name="sessionRegistry" ref="sessionRegistry" />
        </bean>

        <!-- Session Registry Implementation in use -->
        <bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

        <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
            <property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
            <property name="accessDeniedHandler" ref="accessDeniedHandler"/>
        </bean>

        <bean id="accessDeniedHandler" class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
            <property name="errorPage" value="/access/access-denied"/>
        </bean>

       <!-- AccessDecisionManager -->
        <!-- <bean id="sas" class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy" p:maximumSessions="1">
            <constructor-arg name="sessionRegistry" ref="sessionRegistry" />
        </bean> -->

        <!-- The tag below has no use but Spring Security needs it to autowire the parent property of 
        org.springframework.security.authentication.ProviderManager. Otherwise we get an error 
        A probable bug. This is still under investigation-->
        <security:authentication-manager/>
</beans>

This is an exception...

May 16, 2015 9:52:06 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot create inner bean '(inner bean)#6bd58dff' of type [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter] while setting constructor argument with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#6bd58dff': Cannot resolve reference to bean 'authenticationEntryPoint' while setting bean property 'authenticationEntryPoint'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEntryPoint' defined in ServletContext resource [/WEB-INF/space-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1477)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1222)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:736)
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757)
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480)
    at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:403)
    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:306)
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106)
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4939)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5434)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#0': Cannot create inner bean '(inner bean)#6bd58dff' of type [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter] while setting constructor argument with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#6bd58dff': Cannot resolve reference to bean 'authenticationEntryPoint' while setting bean property 'authenticationEntryPoint'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEntryPoint' defined in ServletContext resource [/WEB-INF/space-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:313)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:129)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:382)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:157)
    at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:634)
    at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:140)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1139)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1042)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
    ... 26 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#6bd58dff': Cannot resolve reference to bean 'authenticationEntryPoint' while setting bean property 'authenticationEntryPoint'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEntryPoint' defined in ServletContext resource [/WEB-INF/space-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:359)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:108)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1477)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1222)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:537)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:299)
    ... 40 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'authenticationEntryPoint' defined in ServletContext resource [/WEB-INF/space-security.xml]: Instantiation of bean failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1101)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1046)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:351)
    ... 46 more
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint]: No default constructor found; nested exception is java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:85)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateBean(AbstractAutowireCapableBeanFactory.java:1094)
    ... 54 more
Caused by: java.lang.NoSuchMethodException: org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint.<init>()
    at java.lang.Class.getConstructor0(Class.java:2892)
    at java.lang.Class.getDeclaredConstructor(Class.java:2058)
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:80)
    ... 55 more
+4
source share
1 answer

According to Porting from Spring Security 3.x to 4.x (XML Configuration)

Chapter 4.7.5. LoginUrlAuthenticationEntryPoint

The default constructor LoginUrlAuthenticationEntryPoint and the setLoginFormUrl method have been removed in favor of the constructor injection.

<b:bean class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <b:property name="loginFormUrl" value="/login"/>
</b:bean>

should be replaced by:

<b:bean class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <b:constructor-arg value="/login"/>
</b:bean>

: Spring 4 . 4 - !

+13

More articles:


All Articles