Hi everyone,

I am seeing a Tomcat startup error having to do with the OAuth 2 XSD not being found:


Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
org.springframework.beans.factory.parsing.BeanDefi nitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/sche
ma/security/oauth2]
Offending resource: class path resource [my-security-oauth.xml]

at org.springframework.beans.factory.parsing.FailFast ProblemReporter.error(FailFastProblemReporter.java :68)
at org.springframework.beans.factory.parsing.ReaderCo ntext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderCo ntext.error(ReaderContext.java:80)
(snip)


My XML configuration is almost a copy from the sparklr2 sample application:


<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">


I think the culprit might be that http://www.springframework.org/schema/security/oauth2 leads to a 404 (page not found). Is this true?

Since Spring Security OAuth is still in RC, and that the XSD schema/location may change, is there a way I can disable this beans schema validation via Spring bean configuration?

Thank you in advance!

Hi guys,

Never mind. I figured it out. The pom.xml is supposed to point to:


<artifactId>spring-security-oauth2</artifactId>

... not the "spring-security-oauth".

Hi everybody, I have been having the same error, and I have looked at other similar posts, and as far as I can tell, everything is correct (meaning the solutions posted on the other posts, I have done). So, in case anyone out there it's willing to help, these are the details:

The exception while launching the server:


INFO: Initializing Spring root WebApplicationContext
2013-02-13 11:45:01,351 [localhost-startStop-1] ERROR org.springframework.web.context.ContextLoader - Context initialization failed
org.springframework.beans.factory.parsing.BeanDefi nitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security/oauth2]
Offending resource: file [/Users/joantune/springsource/vfabric-tc-server-developer-2.7.2.RELEASE/base-instance/wtpwebapps/TrackwayServer/WEB-INF/classes/META-INF/spring/applicationContext-security.xml]

at org.springframework.beans.factory.parsing.FailFast ProblemReporter.error(FailFastProblemReporter.java :68)
at org.springframework.beans.factory.parsing.ReaderCo ntext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderCo ntext.error(ReaderContext.java:80)
at org.springframework.beans.factory.xml.BeanDefiniti onParserDelegate.error(BeanDefinitionParserDelegat e.java:316)
at
[...]

Feb 13, 2013 11:45:01 AM org.apache.catalina.core.StandardContext listenerStart
SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
org.springframework.beans.factory.parsing.BeanDefi nitionParsingException: Configuration problem: Unable to locate Spring NamespaceHandler for XML schema namespace [http://www.springframework.org/schema/security/oauth2]
Offending resource: file [/Users/joantune/springsource/vfabric-tc-server-developer-2.7.2.RELEASE/base-instance/wtpwebapps/TrackwayServer/WEB-INF/classes/META-INF/spring/applicationContext-security.xml]

at org.springframework.beans.factory.parsing.FailFast ProblemReporter.error(FailFastProblemReporter.java :68)
at org.springframework.beans.factory.parsing.ReaderCo ntext.error(ReaderContext.java:85)
at org.springframework.beans.factory.parsing.ReaderCo ntext.error(ReaderContext.java:80)
at org.springframework.beans.factory.xml.BeanDefiniti onParserDelegate.error(BeanDefinitionParserDelegat e.java:316)
at org.springframework.beans.factory.xml.BeanDefiniti onParserDelegate.parseCustomElement(BeanDefinition ParserDelegate.java:1416)
at org.springframework.beans.factory.xml.BeanDefiniti onParserDelegate.parseCustomElement(BeanDefinition ParserDelegate.java:1409)
at org.springframework.beans.factory.xml.DefaultBeanD efinitionDocumentReader.parseBeanDefinitions(Defau ltBeanDefinitionDocumentReader.java:184)
at org.springframework.beans.factory.xml.DefaultBeanD efinitionDocumentReader.doRegisterBeanDefinitions( DefaultBeanDefinitionDocumentReader.java:140)

[...]

Feb 13, 2013 11:45:01 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Error listenerStart
Feb 13, 2013 11:45:01 AM org.apache.catalina.core.StandardContext startInternal
SEVERE: Context [/TrackwayServer] startup failed due to previous errors
Feb 13, 2013 11:45:01 AM org.apache.catalina.core.ApplicationContext log
INFO: Closing Spring root WebApplicationContext
Feb 13, 2013 11:45:01 AM org.apache.catalina.core.StandardContext listenerStop
SEVERE: Exception sending context destroyed event to listener instance of class org.springframework.web.context.ContextLoaderListe ner
java.lang.IllegalStateException: BeanFactory not initialized or already closed - call 'refresh' before accessing beans [...]


My pom.xml oauth2 dependency:


<dependency>
<groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId>
<version>1.0.1.RELEASE</version>
</dependency>


My test applicationContext-security.xml - note, I havent configured it all yet, so far I just wanted the /oauth/token endpoint as specified on sparklr2 oauth2 sample spring-servlet.xml



<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<!-- Oauth2: -->

<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
<anonymous enabled="false" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
</http>

<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService" />
</authentication-manager>



<oauth:client-details-service id="clientDetails">
<oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,implicit"
authorities="ROLE_CLIENT" scope="read,write" secret="xpto" access-token-validity="60" />
<!--
<oauth:client client-id="my-trusted-client" authorized-grant-types="password,authorization_code,refresh_token,implicit"
authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" scope="read,write,trust" access-token-validity="60" secret="xpto" />
<oauth:client client-id="my-trusted-client-with-secret" authorized-grant-types="password,authorization_code,refresh_token,implicit"
secret="somesecret" authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT" />
<oauth:client client-id="my-client-with-secret" authorized-grant-types="client_credentials" authorities="ROLE_CLIENT"
scope="read" secret="secret" />
<oauth:client client-id="my-less-trusted-client" authorized-grant-types="authorization_code,implicit"
authorities="ROLE_CLIENT" />
<oauth:client client-id="my-less-trusted-autoapprove-client" authorized-grant-types="implicit"
authorities="ROLE_CLIENT" />
<oauth:client client-id="my-client-with-registered-redirect" authorized-grant-types="authorization_code,client_credentials"
authorities="ROLE_CLIENT" redirect-uri="http://anywhere?key=value" scope="read,trust" />
<oauth:client client-id="my-untrusted-client-with-registered-redirect" authorized-grant-types="authorization_code"
authorities="ROLE_CLIENT" redirect-uri="http://anywhere" scope="read" />
<oauth:client client-id="tonr" resource-ids="sparklr" authorized-grant-types="authorization_code,implicit"
authorities="ROLE_CLIENT" scope="read,write" secret="secret" />
-->
</oauth:client-details-service>

<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
<logout logout-url="/resources/j_spring_security_logout" />
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/choices/**" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/member/**" access="isAuthenticated()" />
<intercept-url pattern="/resources/**" access="permitAll" />
<intercept-url pattern="/**" access="permitAll" />
</http>


<!-- Oauth2 Beans: -->
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error .OAuth2AccessDeniedHandler" />

<beans:bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.clien t.ClientCredentialsTokenEndpointFilter">
<beans:property name="authenticationManager" ref="clientAuthenticationManager" />
</beans:bean>

<beans:bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.clien t.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetails" />
</beans:bean>

<beans:bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error .OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="trackway/client" />
<beans:property name="typeName" value="Basic" />
</beans:bean>

<!-- End of Oauth2 Beans -->

<!-- Configure Authentication mechanism -->
<authentication-manager alias="authenticationManager">
(snip)
</authentication-manager>
</beans:beans>


Eclipse does underline the classes org.springframework.security.oauth2.provider.* on the OAuth2 beans, but I do have the schema and the oauth2 dependency. And I did right clicked on the Project and clicked on 'Spring Tools' -> 'Update Maven dependencies'

So, I'm clueless, any idea?

It's solved, there were several problems with the generated .project files, that prevented me to validate the XML (because in my POM I have a resource/properties entry, besides the regular resources/ entry that I use to filter with Maven some resource files [to put there stuff as the build timestamp,etc] and this generates a .project with a resources inside a resources, that in order to work with eclipse, the top level resources has to have an exclusion of the resources/properties) . Also, I think that some spring-security-oauth2 jars were being ommitted due to conflicts with previous versions, which might have contributed to the fact that, when launching the app, there were problems while finding oauth's 2 XSD.