I'm trying to configure spring-security as found here and seem to have run into a limitation of my understanding of how the XML files work.
As instructed I've added spring security to applicationContext.xml as follows:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/schema/security"> That step deployed fine.
I then went to web.xml and added:
<filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> That still deployed fine.
I then tried adding
<http auto-config='true'> <intercept-url pattern="/**" access="ROLE_USER" /> </http> Which I also tried as
<security:http auto-config='true'> <intercept-url pattern="/**" access="ROLE_USER" /> </security:http> In both cases I saw an error when I tried to deploy the application:
Error occurred during deployment: Exception while deploying the app [OmegaRM] : org.xml.sax.SAXParseException; lineNumber: 53; columnNumber: 39; Deployment descriptor file WEB-INF/web.xml in archive [web]. cvc-complex-type.2.4.a: Invalid content was found starting with element 'security:http'. One of '{"http://xmlns.jcp.org/xml/ns/javaee":module-name, "http://xmlns.jcp.org/xml/ns/javaee":description, "http://xmlns.jcp.org/xml/ns/javaee":display-name, "http://xmlns.jcp.org/xml/ns/javaee":icon, "http://xmlns.jcp.org/xml/ns/javaee":distributable, "http://xmlns.jcp.org/xml/ns/javaee":context-param, "http://xmlns.jcp.org/xml/ns/javaee":filter, "http://xmlns.jcp.org/xml/ns/javaee":filter-mapping, "http://xmlns.jcp.org/xml/ns/javaee":listener, "http://xmlns.jcp.org/xml/ns/javaee":servlet, "http://xmlns.jcp.org/xml/ns/javaee":servlet-mapping, "http://xmlns.jcp.org/xml/ns/javaee":session-config, "http://xmlns.jcp.org/xml/ns/javaee":mime-mapping, "http://xmlns.jcp.org/xml/ns/javaee":welcome-file-list, "http://xmlns.jcp.org/xml/ns/javaee":error-page, "http://xmlns.jcp.org/xml/ns/javaee":jsp-config, "http://xmlns.jcp.org/xml/ns/javaee":security-constraint, "http://xmlns.jcp.org/xml/ns/javaee":login-config, "http://xmlns.jcp.org/xml/ns/javaee":security-role, "http://xmlns.jcp.org/xml/ns/javaee":env-entry, "http://xmlns.jcp.org/xml/ns/javaee":ejb-ref, "http://xmlns.jcp.org/xml/ns/javaee":ejb-local-ref, "http://xmlns.jcp.org/xml/ns/javaee":service-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-ref, "http://xmlns.jcp.org/xml/ns/javaee":resource-env-ref, "http://xmlns.jcp.org/xml/ns/javaee":message-destination-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-context-ref, "http://xmlns.jcp.org/xml/ns/javaee":persistence-unit-ref, "http://xmlns.jcp.org/xml/ns/javaee":post-construct, "http://xmlns.jcp.org/xml/ns/javaee":pre-destroy, "http://xmlns.jcp.org/xml/ns/javaee":data-source, "http://xmlns.jcp.org/xml/ns/javaee":jms-connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":jms-destination, "http://xmlns.jcp.org/xml/ns/javaee":mail-session, "http://xmlns.jcp.org/xml/ns/javaee":connection-factory, "http://xmlns.jcp.org/xml/ns/javaee":administered-object, "http://xmlns.jcp.org/xml/ns/javaee":message-destination, "http://xmlns.jcp.org/xml/ns/javaee":locale-encoding-mapping-list, "http://xmlns.jcp.org/xml/ns/javaee":deny-uncovered-http-methods, "http://xmlns.jcp.org/xml/ns/javaee":absolute-ordering}' is expected.. Please see server.log for more details. I don't understand what I'm missing from the configuration to make this error appear. I've tried adding security to the tag as follows and it made no difference:
<web-app version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> I did find this question with the same error:
Spring Security beginner's question. Build failed
The solution recommended there though was to use the security namespace which I've already tried.
So my question is whether anyone knows what I'm doing wrong here please?
If possible I'd also really appreciate a link to and/or a more general explanation of how to determine what configuration should go in what files in Spring and how it all glues together! So far I've got a few applications running but I don't feel like I properly understand just what I've done to make them work!
I've added the following JARs to the project Libraries:
