Geek Answers Handbook

How to implement Spring Security 4 with XML and Java configuration

I am trying to implement Spring-Security 4 in my Spring MVC web application and leisure application. I added 2 classes to enable Spring Security in java config. I still want to keep my web.xml and not modify the whole project to use java config. As soon as I do this, I get the following error:

29-May-2015 08:47:12.826 SEVERE [localhost-startStop-1]  
org.apache.catalina.core.StandardContext.filterStart Exception starting   
filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean   
named 'springSecurityFilterChain' is defined
at org.springframework.beans.factory.support.DefaultListableBeanFactory.
getBeanDefinition(DefaultListableBeanFactory.java:687)

As you can see, it says that springSecurityFilterChain cannot be recognized. This, of course, should be enabled by @EnableWebSecurity, as you see below:

Classes used for Spring Security:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
  auth.inMemoryAuthentication().withUser("abc").password("123456").roles("USER");
  auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
  auth.inMemoryAuthentication().withUser("dba").password("123456").roles("DBA");
}

@Override
protected void configure(HttpSecurity http) throws Exception {

  http.authorizeRequests()
    .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
    .antMatchers("/dba/**").access("hasRole('ROLE_ADMIN') or hasRole('ROLE_DBA')")
    .and().formLogin();

    }
}

public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {
   //do nothing
}

It's strange if I add springSecurityFilterChain to my web.xml, at runtime it complains and says that there is a duplicate of springSecurityFilterChain. I noticed that they end up doing this in the Java configuration:

public class MvcWebApplicationInitializer extends
    AbstractAnnotationConfigDispatcherServletInitializer {

@Override
protected Class<?>[] getRootConfigClasses() {
    return new Class[] { SecurityConfig.class };
}

SecurityConfig Java MvcWebApp. , .

, SpringSecurityFilterChain? SecurityConfig web.xml ?

, :

public class SecurityWebApplicationInitializer
  extends AbstractSecurityWebApplicationInitializer {

}

Spring :

Spring Security ApplicationContext. , Spring MVC, SecurityWebApplicationInitializer.

, SecurityConfig bean? bean, dicoverable @Configuration?

SecurityConfig XML Java?

+4
2

, Spring Security Java Config, SecurityConfig SecurityWebApplicationInitializer, , . , , Spring mvc - XML. , com.mkyong.web.config SecurityConfig. - .

Web.xml

<context-param>
          <param-name>contextClass</param-name>
          <param-value>
              org.springframework.web.context.support.AnnotationConfigWebApplicationContext
          </param-value>
      </context-param>
      <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>com.mkyong.web.config</param-value>
      </context-param>

   <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>
+1

ArunM XML Java. Spring MVC - web.xml default-servlet.xml PLUS java config, Spring .

@Configuration
@Import({ SecurityConfig.class})
@ImportResource( {"classpath:web-context.xml",
   "classpath:service-context.xml","classpath:data-context.xml"})
public class AppConfig {
   public AppConfig() {
      super();
   }
}

@Import Spring SecurityConfig.

contextConfigLocation : @ImportResource.

SecurityConfig contextConfigLocation, AppConfig, , .

+1

More articles:


All Articles