Trouble Getting Started with Spring Security

**beamerblvd** · Nov 3rd, 2009, 06:10 PM

I have an application I've been developing under Spring Framework 3.0.0-RC1. So far, it's been going rather well. I got everything working well using an annotation-based (@MVC) config.

Now I'm trying to implement Spring Security into my application to make it secure.

My web.xml used to be this:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
         http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<servlet>
		<servlet-name>migrationapp</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>migrationapp</servlet-name>
		<url-pattern>/do/*</url-pattern>
	</servlet-mapping>
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	<jsp-config>
		<taglib>
			<taglib-uri>/spring</taglib-uri>
			<taglib-location>/WEB-INF/tld/spring-form.tld</taglib-location>
		</taglib>
	</jsp-config>
</web-app>

And I have a file "migrationapp-servlet.xml".

I updated web.xml so that it now looks like this:

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
         http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/do/*</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>INCLUDE</dispatcher>
		<dispatcher>ERROR</dispatcher>
	</filter-mapping>
	<servlet>
		<servlet-name>migrationapp</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>migrationapp</servlet-name>
		<url-pattern>/do/*</url-pattern>
	</servlet-mapping>
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	<jsp-config>
		<taglib>
			<taglib-uri>/spring</taglib-uri>
			<taglib-location>/WEB-INF/tld/spring-form.tld</taglib-location>
		</taglib>
	</jsp-config>
</web-app>

I haven't actually put any security restrictions in place yet. I've just defined the filter. Now, whenever I try to go to any page, I get this error:

Code:

java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:159)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Unknown Source)

I've never received this error before, so obviously my WebApplicationContext existed before I defined the filter. What happened? I'm sure I'm missing something obvious, but I haven't seen anything in any of the tutorials that have indicated why this isn't working...

**Marten Deinum** · Nov 4th, 2009, 02:05 AM

The DelegatingFilterProxy can only locate beans in the root application context which is loaded by the ContextLoaderListener NOT the DispatcherServlet. In general in a web app you have 2 contexts.

1 root containing the dao's, services and all the general stuff and the web one loading only the web stuff.

**beamerblvd** · Nov 4th, 2009, 09:46 AM

Thanks, Marten, but please forgive my ignorance. I'm new to Spring. I can't replace org.springframework.web.servlet.DispatherServlet with org.springframework.web.context.ContextLoaderListe ner because ContextLoaderListener is not a servlet, so with that down I don't understand what I'm supposed to do with ContextLoaderListener. None of the spring security examples contain complete web.xml files (that I've found). They only tell you what to ADD to the web.xml file, which I have done exactly as described, to no avail.

Perhaps if someone could give an example of a full web.xml file complete with the DispatcherServlet, ContextLoaderListener and the DelegatingFilterProxy, that would be very helpful.

Thanks,

Nick

**beamerblvd** · Nov 4th, 2009, 10:06 AM

After a little more looking around, I found enough examples to get this to work. In case it helps other people, here's what I have so far:

/WEB-INF/web.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.4"
         xmlns="http://java.sun.com/xml/ns/j2ee"
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
         http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
	<context-param>
		<param-name>contextConfigLocation</param-name>
		<param-value>
			/WEB-INF/migrationapp-servlet.xml
			/WEB-INF/migrationapp-security.xml
		</param-value>
	</context-param>
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
	</filter>
	<filter-mapping>
		<filter-name>springSecurityFilterChain</filter-name>
		<url-pattern>/do/*</url-pattern>
		<dispatcher>FORWARD</dispatcher>
		<dispatcher>REQUEST</dispatcher>
		<dispatcher>INCLUDE</dispatcher>
		<dispatcher>ERROR</dispatcher>
	</filter-mapping>
	<listener>
		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	<listener>
		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
	</listener>
	<servlet>
		<servlet-name>migrationapp</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>
	<servlet-mapping>
		<servlet-name>migrationapp</servlet-name>
		<url-pattern>/do/*</url-pattern>
	</servlet-mapping>
	<welcome-file-list>
		<welcome-file>index.jsp</welcome-file>
	</welcome-file-list>
	<jsp-config>
		<taglib>
			<taglib-uri>/spring</taglib-uri>
			<taglib-location>/WEB-INF/tld/spring-form.tld</taglib-location>
		</taglib>
	</jsp-config>
</web-app>

/WEB-INF/migrationapp-servlet.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-2.5.xsd
       http://www.springframework.org/schema/tx
       http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	<context:component-scan base-package="my.package"/>
	<context:annotation-config/>
	<tx:annotation-driven/>
	<bean id="validator" class="org.springmodules.validation.bean.BeanValidator">
		<property name="configurationLoader">
			<bean class="org.springmodules.validation.bean.conf.loader.annotation.AnnotationBeanValidationConfigurationLoader"/>
		</property>
	</bean>
	<bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter">
		<property name="webBindingInitializer">
			<bean class="org.springframework.web.bind.support.ConfigurableWebBindingInitializer">
				<property name="validator" ref="validator"/>
			</bean>
		</property>
	</bean>
	<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
		<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
		<property name="prefix" value="/WEB-INF/views/"/>
		<property name="suffix" value=".jsp"/>
	</bean>
	<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
		<property name="maxUploadSize" value="26214400"/><!-- 25 megabytes -->
		<property name="maxInMemorySize" value="1048576"/><!-- 1 megabytes -->
		<property name="defaultEncoding" value="UTF-8"/>
	</bean>
	<bean id="dataSource" class="org.apache.commons.dbcp.BasicDataSource">
		<qualifier value="main"/>
		<property name="driverClassName" value="com.microsoft.sqlserver.jdbc.SQLServerDriver"/>
		<property name="url" value="jdbc:sqlserver://hostname:1433;databasename=migrationApp"/>
		<property name="username" value="migrationApp"/>
		<property name="password" value="password"/>
	</bean>
</beans>

/WEB-INF/migrationapp-security.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-2.5.xsd
       http://www.springframework.org/schema/tx
       http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.0.xsd">
	<bean id="authenticationManager" class="my.package.account.AuthenticationProvider"/>
	<bean id="loggerListener" class="org.springframework.security.access.event.LoggerListener"/>
	<security:global-method-security jsr250-annotations="enabled" pre-post-annotations="enabled"/>
	<security:http auto-config="true" access-denied-page="/WEB-INF/views/login/denied.jsp">
		<security:form-login login-page="/do/login"
		                     login-processing-url="/j_spring_security_check"
		                     authentication-failure-url="/do/login/failed"
		                     default-target-url="/"/>
		<security:logout logout-url="/do/logout"
		                 logout-success-url="/do/login"
		                 invalidate-session="true"/>
		<security:anonymous username="visitor"
		                    granted-authority="ROLE_ANONYMOUS"/>
		<security:session-management>
			<security:concurrency-control max-sessions="15"/>
		</security:session-management>
	</security:http>
	<security:authentication-manager>
		<security:authentication-provider ref="authenticationManager"/>
	</security:authentication-manager>
</beans>

With this, I can still get to all of my pages without getting an exception, but I haven't actually added security to any of my pages yet, so we'll see how that goes. Thanks for the hint that got me going, Marten!

Nick

**beamerblvd** · Nov 4th, 2009, 10:18 AM

So, as I said above, with the provided configurations I'm able to still get to all of my pages. I can bring up and submit forms, adding accounts to the database, etc. All of my pages work exactly like they did (including the proper autowired dependency injection, etc.) before I added the security configurations to my application's XML files.

Now, I go to add @RolesAllowed("ROLE_ADMINISTRATOR") to one of my files like so:

Original code:

Code:

	@RequestMapping(method=RequestMethod.GET)
	public String getForm(Map<String, Object> model)
	{

New code:

Code:

	@RequestMapping(method=RequestMethod.GET)
	@RolesAllowed("ROLE_ADMINISTRATOR")
	public String getForm(Map<String, Object> model)
	{

Now, my application won't even deploy. I get the exception below instead. That's the only change I'm making to the class CodeConversionFileController. I know it's the only change (and there weren't any other accidental changes) because if I remove that one line everything goes back to working.

The exception:

Code:

SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'codeConversionFileController' defined in file [C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\migration\WEB-INF\classes\my\package\web\controller\CodeConversionFileController.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Cannot proxy target class because CGLIB2 is not available. Add CGLIB to the class path or specify proxy interfaces.
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:289)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:286)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:188)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:543)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:730)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:387)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:270)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:830)
	at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:719)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:516)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.aop.framework.AopConfigException: Cannot proxy target class because CGLIB2 is not available. Add CGLIB to the class path or specify proxy interfaces.
	at org.springframework.aop.framework.DefaultAopProxyFactory.createAopProxy(DefaultAopProxyFactory.java:67)
	at org.springframework.aop.framework.ProxyCreatorSupport.createAopProxy(ProxyCreatorSupport.java:104)
	at org.springframework.aop.framework.ProxyFactory.getProxy(ProxyFactory.java:112)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.createProxy(AbstractAutoProxyCreator.java:476)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.wrapIfNecessary(AbstractAutoProxyCreator.java:362)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.postProcessAfterInitialization(AbstractAutoProxyCreator.java:322)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:404)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1401)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
	... 35 more

I understand the obvious immediate answer is "Add CGLIB to the class path," like the exception says. However, I didn't have any problem with my AOP stuff before I added @RolesAllowed("ROLE_ADMINISTRATOR") to the method declaration, and I'm fairly certain @RolesAllowed("ROLE_ADMINISTRATOR") is AOP-unrelated. Additionally, I'm not sure what CGLIB is or where in the dozens of framework/security JAR files or third-party libraries I'm supposed to find it. Any insights?

Thanks,

Nick

**beamerblvd** · Nov 4th, 2009, 10:32 AM

The problem is definitely not that CGLIB is missing. My reading tells me that CGLIB is needed because my classes don't implement interfaces (they don't need to, really, because I'm using annotations for everything). However, just like I'm not implementing interfaces now that security is in my application, I wasn't implementing interfaces before I added security, either, and it worked then. So I'm fairly certain it doesn't actually need CGLIB.

However, I found and added CGLIB to my classpath, and my application still won't deploy, with a new error this time:

Code:

SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'codeConversionFileController' defined in file [C:\Program Files\Apache Software Foundation\Tomcat 6.0\webapps\migration\WEB-INF\classes\my\package\web\controller\CodeConversionFileController.class]: Initialization of bean failed; nested exception is org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class [class my.package.web.controller.CodeConversionFileController]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Superclass has no null constructors but no arguments were given
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:289)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:286)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:188)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:543)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:730)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:387)
	at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:270)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:197)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3843)
	at org.apache.catalina.core.StandardContext.start(StandardContext.java:4342)
	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
	at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:830)
	at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:719)
	at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
	at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1149)
	at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
	at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
	at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
	at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
	at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
	at org.apache.catalina.core.StandardService.start(StandardService.java:516)
	at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
	at org.apache.catalina.startup.Catalina.start(Catalina.java:578)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.lang.reflect.Method.invoke(Unknown Source)
	at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
	at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
Caused by: org.springframework.aop.framework.AopConfigException: Could not generate CGLIB subclass of class [class my.package.web.controller.CodeConversionFileController]: Common causes of this problem include using a final class or a non-visible class; nested exception is java.lang.IllegalArgumentException: Superclass has no null constructors but no arguments were given
	at org.springframework.aop.framework.Cglib2AopProxy.getProxy(Cglib2AopProxy.java:212)
	at org.springframework.aop.framework.ProxyFactory.getProxy(ProxyFactory.java:112)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.createProxy(AbstractAutoProxyCreator.java:476)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.wrapIfNecessary(AbstractAutoProxyCreator.java:362)
	at org.springframework.aop.framework.autoproxy.AbstractAutoProxyCreator.postProcessAfterInitialization(AbstractAutoProxyCreator.java:322)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyBeanPostProcessorsAfterInitialization(AbstractAutowireCapableBeanFactory.java:404)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1401)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:512)
	... 35 more
Caused by: java.lang.IllegalArgumentException: Superclass has no null constructors but no arguments were given
	at net.sf.cglib.proxy.Enhancer.emitConstructors(Enhancer.java:721)
	at net.sf.cglib.proxy.Enhancer.generateClass(Enhancer.java:499)
	at net.sf.cglib.transform.TransformingClassGenerator.generateClass(TransformingClassGenerator.java:33)
	at net.sf.cglib.core.DefaultGeneratorStrategy.generate(DefaultGeneratorStrategy.java:25)
	at net.sf.cglib.core.AbstractClassGenerator.create(AbstractClassGenerator.java:216)
	at net.sf.cglib.proxy.Enhancer.createHelper(Enhancer.java:377)
	at net.sf.cglib.proxy.Enhancer.create(Enhancer.java:285)
	at org.springframework.aop.framework.Cglib2AopProxy.getProxy(Cglib2AopProxy.java:200)
	... 42 more

I have no final or non-visible classes. Not sure what else to try...

Nick

**Luke Taylor** · Nov 4th, 2009, 11:58 AM

When you get an exception, please search (either google or the forum) with the error message:

http://forum.springsource.org/showthread.php?t=50210

That is usually the quickest way of getting an answer.

**beamerblvd** · Nov 4th, 2009, 12:30 PM

Luke,

I assure you that I did search through Google and the forum with that error message. None of the results, including the one you showed me, helped. The problem is, my CodeConversionFileController cannot have a default, zero-parameter constructor, because it has dependencies that it needs to be injected. There are three beans, all services, that are injected when this controller is instantiated.

This has not changed since I added security. Before I added security, and without CGLIB, Spring insantiated CodeConversionFileController just fine with its three-parameter constructor. It wasn't until I added the one line of code, @RolesAllowed("ROLE_ADMINISTRATOR"), that I began getting that error. It has nothing to do with not having a default constructor. Something is tripping Spring up.

Thanks for trying to help, though.

**Marten Deinum** · Nov 4th, 2009, 12:51 PM

It has ALL to do with not having a default constructor...

Spring Security uses proxies, for your class it is needed that it creates a class proxy and hence cglib is needed. Cglib requires a class (just as hibernate) to have a default no-arg constructor.

Next to that your configuration contains a flaw, you are loading your beans twice... Remove the migrationapp-servlet.xml from the ContextLoaderListener, only your servlet should load that.

**beamerblvd** · Nov 4th, 2009, 02:48 PM

You weren't exactly right, but you did solve my problem, if that make sense. Lol.

It appears that removing migrationapp-servlet.xml from the ContextLoaderListener actually solved my problem. I'm not sure why, but for some reason loading my beans twice was triggering the original "CGLIB2 is not available" exception. When I removed that extra line from my web.xml, Spring successfully instantiated my controller using its three-parameter constructor and without having CGLIB on the classpath.

Weird. Not sure why it had that effect. But nonetheless, my problem is solved, and I don't have to change all my constructors to have no parameters and add setters, and I don't have to have the extra JAR file for CGLIB in my path. No complaints there.

With that said, my only problem now is that @RolesAllowed doesn't actually work. I've responded to a forum posting by someone else that seems to be having the new problem I'm having. Maybe you'll have an insight on this one, too? http://forum.springsource.org/showth...931#post267931

Thanks for helping me solve this one,

Nick

Thread: Trouble Getting Started with Spring Security

Thread Tools

Display

Trouble Getting Started with Spring Security

Solved My Problem

Well, I WAS having a good morning...

Tags for this Thread

Posting Permissions