I have a web application in which I implement spring security my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="false" access-denied-page="/accessDenied.html">
<intercept-url pattern="/admin/" access="hasRole('ADMIN_ROLE')" />
<intercept-url pattern="/users/" access="hasRole('USER_ROLE')" />
<intercept-url pattern="/**" access="permitAll" />
<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencyFilter" />
<custom-filter position="FORM_LOGIN_FILTER" ref="AuthFilter" />
<session-management
session-authentication-strategy-ref="session-management" />
<form-login login-page="/loginForm"
authentication-failure-url="/error.html" default-target-url="/welcome.html" />
<logout logout-success-url="/loggedout.html"
invalidate-session="true" />
</http>
<beans:bean id="customEncoder" class="com.rep.security.CustomPasswordEncoder"></beans:bean>
<beans:bean id="customUserService" class="com.rep.security.CustomUserDetailService"></beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="customUserService">
<password-encoder ref="customEncoder"></password-encoder>
</authentication-provider>
</authentication-manager>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry" />
<beans:property name="expiredUrl" value="/timeout.html" />
</beans:bean>
<beans:bean id="AuthFilter"
class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy"
ref="session-management" />
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="session-management"
class="org.springframework.security.web.authentication.session.ConcurrentSessionControlStrategy">
<beans:constructor-arg name="sessionRegistry"
ref="sessionRegistry" />
<beans:property name="maximumSessions" value="1" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
</beans:beans>
While running the application on jboss, I encountered this error
15:40:02,470 ERROR [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 59) Context initialization failed: org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Filter beans '<AuthFilter>' and 'Root bean: class [org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null' have the same 'order' value. When using custom filters, please make sure the positions do not conflict with default filters. Alternatively you can disable the default filters by removing the corresponding child elements from <http> and avoiding the use of <http auto-config='true'>.
Can someone tell me what the configuration of the problem is, I follow the <Spring Doc ioc] for session management
source
share