SpringSecurity Problem

NoXiD · 12. Feb 2012

Hallo!
Ich würde gerne diverse Webanwendungen per SpringSecurity sichern. Hab mir nun schon einige Tutorials angesehen, jedoch hab ich anscheinend noch irgendwo eine Verständnisschwierigkeit.. Hier mal mein derzeitiger Code:

web.xml
[XML]<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>HSP_JSF</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml,
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
</web-app>[/XML]

applicationContext.xml
[XML]<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns

="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
Index of /schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
Index of /schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">

<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource"
p:driverClassName="com.mysql.jdbc.Driver"
p:url="jdbc:mysql://localhost:3306/test"
p:username="test"
p

assword="test"
/>
</beans>[/XML]

applicationContext-security.xml
[XML]<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
Index of /schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">

<http>
<http-basic />
<form-login login-page='/login.xhtml'
default-target-url='/login.xhtml'
always-use-default-target='true'
/>
<logout />
<intercept-url pattern="/secured/*" access="ROLE_USER" />
<intercept-url pattern="/secured/sealed/*" access="ROLE_ADMIN" />
</http>

<authentication-manager>
<authentication-provider>

<jdbc-user-service data-source-ref="dataSource" authorities-by-username-query="select username,authority from users where username=?"/>
</authentication-provider>
</authentication-manager>
</beans:beans>[/XML]

Zur Erklärung: In meiner DB unter der Table User gibt es ein Feld, welches AUTHORITY heißt, dieses beinhaltet entwerde ROLE_USER oder ROLE_ADMIN. Je nachdem ob user oder admin, soll der Zugriff auf /secured bzw. /secured/sealed gewährleistet werden. Leider bekomm ich gleich beim deployen folgenden Fehler:

Code:

11:04:03,486 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) Starting deployment of "HSP_SEC.war"
11:04:04,631 WARN  [org.jboss.as.server.deployment.service-loader] (MSC service thread 1-2) Encountered invalid class name "com.sun.faces.vendor.Tomcat6InjectionProvider:org.apache.catalina.util.DefaultAnnotationProcessor" for service type "com.sun.faces.spi.injectionprovider"
11:04:04,632 WARN  [org.jboss.as.server.deployment.service-loader] (MSC service thread 1-2) Encountered invalid class name "com.sun.faces.vendor.Jetty6InjectionProvider:org.mortbay.jetty.plus.annotation.InjectionCollection" for service type "com.sun.faces.spi.injectionprovider"
11:04:04,635 INFO  [org.jboss.as.jpa] (MSC service thread 1-1) added javax.persistence.api dependency to HSP_SEC.war
11:04:04,778 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC00001: Failed to start service jboss.deployment.unit."HSP_SEC.war".INSTALL: org.jboss.msc.service.StartException in service jboss.deployment.unit."HSP_SEC.war".INSTALL: Failed to process phase INSTALL of deployment "HSP_SEC.war"
	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:121) [jboss-as-server-7.0.2.Final.jar:7.0.2.Final]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1824) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
	at org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1759) [jboss-msc-1.0.1.GA.jar:1.0.1.GA]
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) [:1.6.0_27]
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) [:1.6.0_27]
	at java.lang.Thread.run(Thread.java:662) [:1.6.0_27]
Caused by: java.lang.RuntimeException: Failed to load class org.springframework.web.filter.DelegatingFilterProxy
	at org.jboss.as.ee.component.deployers.EEClassConfigurationProcessor$1.compute(EEClassConfigurationProcessor.java:141)
	at org.jboss.as.ee.component.deployers.EEClassConfigurationProcessor$1.compute(EEClassConfigurationProcessor.java:122)
	at org.jboss.as.ee.component.LazyValue.get(LazyValue.java:40)
	at org.jboss.as.ee.component.EEApplicationDescription.getClassConfiguration(EEApplicationDescription.java:183)
	at org.jboss.as.ee.component.ComponentDescription.createConfiguration(ComponentDescription.java:153)
	at org.jboss.as.ee.component.deployers.EEModuleConfigurationProcessor.deploy(EEModuleConfigurationProcessor.java:70)
	at org.jboss.as.server.deployment.DeploymentUnitPhaseService.start(DeploymentUnitPhaseService.java:115) [jboss-as-server-7.0.2.Final.jar:7.0.2.Final]
	... 5 more
Caused by: java.lang.ClassNotFoundException: org.springframework.web.filter.DelegatingFilterProxy from [Module "deployment.HSP_SEC.war:main" from Service Module Loader]
	at org.jboss.modules.ModuleClassLoader.findClass(ModuleClassLoader.java:191)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:361)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClassChecked(ConcurrentClassLoader.java:333)
	at org.jboss.modules.ConcurrentClassLoader.performLoadClass(ConcurrentClassLoader.java:310)
	at org.jboss.modules.ConcurrentClassLoader.loadClass(ConcurrentClassLoader.java:103)
	at java.lang.Class.forName0(Native Method) [:1.6.0_27]
	at java.lang.Class.forName(Class.java:247) [:1.6.0_27]
	at org.jboss.as.ee.component.deployers.EEClassConfigurationProcessor$1.compute(EEClassConfigurationProcessor.java:139)
	... 11 more

mvitz · 12. Feb 2012

Welche JARs befinden sich denn unter WEB-INF/lib? Es scheint als würde eine Spring/Spring Security JAR fehlen.

NoXiD · 12. Feb 2012

Hallo!
Für SpringSecurity hab ich folgende eingefügt:
spring-security-config-3.1.0.RC3.jar
spring-security-core-3.1.0.RC3.jar
spring-security-crypto-3.1.0.RC3.jar
spring-security-taglibs-3.1.0.RC3.jar
spring-security-web-3.1.0.RC3.jar

Alle offiziell, da ich aber nicht genau wusste was verlangt wird hab ich mal alle eingebunden (lieber zu viel als zu wenig

)...

mvitz · 12. Feb 2012

Folgendes minimales Beispiel funktioniert bei mir ohne Probleme auf einem Tomcat:

WEB-INF/web.xml
[XML]<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">


<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>


<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

</web-app>[/XML]

WEB-INF/applicationContext.xml
[XML]<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
Index of /schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
Index of /schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">


<sec:http use-expressions="true">
<sec:form-login />
<sec:logout />
<sec:intercept-url pattern="/secure.jsp" access="hasRole('ROLE_ADMIN')" />
<sec:intercept-url pattern="/**" access="permitAll" />
</sec:http>


<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="admin" password="admin" authorities="ROLE_ADMIN" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>

</beans>[/XML]

In WEB-INF/lib befinden sich folgende JARs:

aopalliance-1.0.jar
commons-logging-1.1.1.jar
spring-aop-3.0.6.RELEASE.jar
spring-asm-3.0.6.RELEASE.jar
spring-beans-3.0.6.RELEASE.jar
spring-context-3.0.6.RELEASE.jar
spring-core-3.0.6.RELEASE.jar
spring-expression-3.0.6.RELEASE.jar
spring-jdbc-3.0.6.RELEASE.jar
spring-security-acl-3.1.0.RELEASE.jar
spring-security-config-3.1.0.RELEASE.jar
spring-security-core-3.1.0.RELEASE.jar
spring-security-crypto-3.1.0.RELEASE.jar
spring-security-taglibs-3.1.0.RELEASE.jar
spring-security-web-3.1.0.RELEASE.jar
spring-tx-3.0.6.RELEASE.jar
spring-web-3.0.6.RELEASE.jar

	Titel	Forum	Antworten	Datum
H	JSF + SpringSecurity Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	2	25. Okt 2010
W	Spring-Beans nach Einbindung von SpringSecurity null	Frameworks - Spring, Play, Blade, Vaadin & Co	3	5. Nov 2014
	JSF - SpringSecurity zeigt Dinge an ohne es zu dürfen	Frameworks - Spring, Play, Blade, Vaadin & Co	1	4. Feb 2013
	Problem beim Mocken	Frameworks - Spring, Play, Blade, Vaadin & Co	9	28. Nov 2023
W	DI-Problem in Spring Boot	Frameworks - Spring, Play, Blade, Vaadin & Co	4	20. Aug 2022
Z	Versuch mit Rest-Api-Tester geben offenbar ein lib Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	1	19. Jan 2022
	Spring Security/Boot/Vaadin Cookie Problem bei iFrame	Frameworks - Spring, Play, Blade, Vaadin & Co	5	6. Nov 2021
D	Backtracking (Springer-Problem)	Frameworks - Spring, Play, Blade, Vaadin & Co	6	5. Mai 2020
B	Java Spring Boot - POM-Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	8	30. Jun 2019
J	Spring Boot Autowired Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	2	1. Feb 2017
E	Tomcat mit Hibernate und Spring - Problem mit Connection Pool	Frameworks - Spring, Play, Blade, Vaadin & Co	5	4. Apr 2014
M	Spring property problem	Frameworks - Spring, Play, Blade, Vaadin & Co	2	25. Sep 2012
E	Springerproblem - Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	1	8. Jun 2012
M	Problem bei Velocity und Spring Validation	Frameworks - Spring, Play, Blade, Vaadin & Co	1	21. Apr 2012
M	Problem mit Spring LTW	Frameworks - Spring, Play, Blade, Vaadin & Co	5	7. Apr 2012
B	Axis2 1.6 + Spring -> ClassLoader Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	0	27. Dez 2011
M	Problem mit spring und log4j	Frameworks - Spring, Play, Blade, Vaadin & Co	0	8. Okt 2011
M	Problem mit spring security	Frameworks - Spring, Play, Blade, Vaadin & Co	0	5. Okt 2011
B	SpringMVC-EntityManagerFactory-Hibernate-Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	1	26. Mrz 2011
M	Problem mit Hibernate und Spring	Frameworks - Spring, Play, Blade, Vaadin & Co	0	23. Mrz 2011
M	Problem mit Gilead und Spring	Frameworks - Spring, Play, Blade, Vaadin & Co	1	22. Mrz 2011
B	SpringLayout Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	3	26. Jan 2011
	Problem mit Maven, Tomcat, Spring und XML-Schema	Frameworks - Spring, Play, Blade, Vaadin & Co	0	13. Jan 2011
A	Problem mit Spring-WS und Marshalling	Frameworks - Spring, Play, Blade, Vaadin & Co	0	18. Sep 2010
H	file upload problem mit spring	Frameworks - Spring, Play, Blade, Vaadin & Co	33	11. Aug 2010
H	Spring: Problem mit CommandClass in SimpleFormController (aus Step-by-Step Tutorial)	Frameworks - Spring, Play, Blade, Vaadin & Co	1	2. Jun 2010
D	Spring: Problem beim ausführen eines JUnit Tests.	Frameworks - Spring, Play, Blade, Vaadin & Co	4	22. Apr 2010
	Problem mit Spring & Hibernate Sessions	Frameworks - Spring, Play, Blade, Vaadin & Co	2	16. Mrz 2010
	Problem mit Spring & Hibernate Sessions	Frameworks - Spring, Play, Blade, Vaadin & Co	2	15. Mrz 2010
M	Spring DM: Problem mit Tomcat als OSGI-Service	Frameworks - Spring, Play, Blade, Vaadin & Co	2	3. Mrz 2010
	Spring ACEGI Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	1	18. Feb 2010
M	JSF Navigation - Spring Security Logout Problem	Frameworks - Spring, Play, Blade, Vaadin & Co	5	16. Feb 2010

SpringSecurity Problem

NoXiD

Bekanntes Mitglied

mvitz

Top Contributor

NoXiD

Bekanntes Mitglied

mvitz

Top Contributor

Ähnliche Java Themen

Aktuelle Jobs

Neue Themen