All geek questions in one place

Error creating bean named 'org.springframework.security.filterChains'

I just switched to Spring security 3.1 because I ran into this problem

So, I got the decision to switch to Spring security 3.1. Now I come across this new exception when starting the application.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#4' while setting bean property 'sourceList' with key [4]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.DefaultSecurityFilterChain#4': Cannot create inner bean '(inner bean)' of type [org.springframework.security.web.authentication.logout.LogoutFilter] while setting constructor argument with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#6': Cannot resolve reference to bean 'org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0' while setting constructor argument with key [1]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices#0': Cannot create inner bean '(inner bean)' while setting bean property 'userDetailsService'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#7': Initialization of bean failed; nested exception is org.springframework.beans.factory.BeanInitializationException: Property 'sessionFactory' is required for bean '(inner bean)#7'

My applicationContext is as follows

 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd" default-lazy-init="true"> <!-- Activates scanning of @Autowired --> <context:annotation-config /> <!-- Activates scanning of @Repository --> <context:component-scan base-package="com.example.dao"/> <context:component-scan base-package="com.example.dao.user"/> <context:component-scan base-package="com.example.model"/> <context:component-scan base-package="com.example.controller"/> <context:component-scan base-package="com.example.service"/> <context:component-scan base-package="com.example.service.impl"/> <bean id="sessionFactory" class="org.springframework.orm.hibernate3.LocalSessionFactoryBean"> <property name="configLocation"> <value>/WEB-INF/hibernate.cfg.xml</value> </property> </bean> <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager"> <property name="sessionFactory" ref="sessionFactory"/> </bean>

and my applicationContext-security.xml looks like

 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <security:http pattern="/images/**" security="none"/> <security:http pattern="/Stylesheets/**" security="none"/> <security:http pattern="/JavaScript/**" security="none"/> <security:http pattern="/scripts/**" security="none"/> <security:http auto-config="true"> <security:intercept-url pattern="/passwordHint*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_ADMIN,ROLE_USER"/> <security:intercept-url pattern="/signup*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="/login.htm" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="/home.htm" access="ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="/changepwd.htm" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="/pwd.htm*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN" /> <security:intercept-url pattern="/favicon.ico" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/> <security:form-login login-page="/login.htm" authentication-success-handler-ref="customHandler" authentication-failure-url="/login.htm?error=true" default-target-url="/home.htm" login-processing-url="/j_security_check" /> <security:remember-me user-service-ref="userDAO" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> </security:http> <security:http auto-config="true"> <security:intercept-url pattern="mobile/passwordHint*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_ADMIN,ROLE_USER"/> <security:intercept-url pattern="mobile/signup*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="mobile/login.htm" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="mobile/home.htm" access="ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="mobile/changepwd.htm" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN"/> <security:intercept-url pattern="mobile/pwd.htm*" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER,ROLE_ADMIN" /> <security:intercept-url pattern="mobile/favicon.ico" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="mobile/**" access="ROLE_USER,ROLE_ADMIN"/> <security:form-login login-page="/mlogin.htm" authentication-success-handler-ref="customHandler" authentication-failure-url="/mlogin.htm?error=true" default-target-url="/mhome.htm" login-processing-url="/j_spring_security_check" /> <security:remember-me user-service-ref="userDAO" key="e37f4b31-0c45-11dd-bd0b-0800200c9a66"/> </security:http> <bean id="customHandler" class="com.example.auth.AuthenticationHandler"> </bean> <security:authentication-manager> <security:authentication-provider user-service-ref="userDAO"> <!-- TODO skipped to allow password emailing instead of password change and security TODO question hell.. --> <!-- <password-encoder ref="passwordEncoder"/> --> </security:authentication-provider> </security:authentication-manager> </beans>

Is there something wrong with these configurations?

+4
source share
1 answer

Can you give a full trace of the exception stack? I don't think you can have two

 <security:http auto-config="true"/>

in the same spring-security configuration with all url-hook settings. If you need to have two separate login pages, they have an attribute in the login request or use "userAgent" and go to the controller.

0
source

Source: https://habr.com/ru/post/1400795/

More articles:


All Articles