springSecurityFilterChain does not work in other Appserver

[thejavafreak]

Dear all,

I've tried inserting:

Code:

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

But it only works in Tomcat and Jetty. I've tried it in JBoss and Geronimo but it doesn't work.

Here are the stacktrace:

Code:

2008-04-02 12:56:32,595 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/ivrweb]] Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:378)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1012)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:227)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:168)
	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:892)
	at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:163)
	at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:123)
	at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:179)
	at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:275)
...

Is there any way for me to call the springSecurityFilterChain bean to avoid these error? Or what class/bean implementation does springSecurityFilterChain refer to?

Thanks in advance

[Luke Taylor]

That's strange, because it is just a bean alias for the FilterChainProxy which is created in the application context. There isn't anything non-Spring going on there.

[Luke Taylor]

I just tried the latest tutorial sample application (from RC1) in JBoss 4.2.2-GA and it appears to work fine.

[neila29]

I am getting the same error in Tomcat 6 with spring-security 2 RC1. The spring-security-samples-contacts-2.0.0-RC1 war works. I am not sure what I am missing in my configuration to stop this from working. My web.xml is as follows

Code:

	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>

	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/*</url-pattern>
	</filter-mapping>

The following is my spring-security config.

Code:

	<security:http auto-config="true">
		<!-- restrict URLs based on role -->
		<security:intercept-url pattern="/login*" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/logoutSuccess*" access="ROLE_ANONYMOUS" />
		<security:intercept-url pattern="/logout*" access="ROLE_USER" />
		
		<!-- override default login and logout pages -->
		<security:form-login login-page="/login" authentication-failure-url="/login?login_error=1" />
		<security:logout logout-url="/logout" logout-success-url="/logoutSuccess" />
		
	</security:http>
	
	
	<security:authentication-provider user-service-ref="userDetailsService">
		<security:password-encoder ref="passwordEncoder">
			<security:salt-source user-property="salt"/>
		</security:password-encoder>
	</security:authentication-provider>

The following appears in my log but does not for the spring-security-samples-contacts-2.0.0-RC1 app.

Code:

2008-04-09 12:51:55,760 DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Initializing filter 'springSecurityFilterChain'

The only real difference that I can see from the sample app is the authentication-provider. Any ideas what could be causing this? Any help would be appreciated.

[neila29]

I have this working now. The issue appeared to be due to the user-service-ref definition being in a separate configuration file from the main security configuration.

[oravecz]

Is this a bug that the security configuration must have the bean that implements UserDetailsService defined it its file? Isn't a configuration file that is also on the classpath and loaded by the WebApplicationContext sufficient? Kinda kills pluggability by discovery otherwise.