There is a Spring MVC web application, I'm trying to add spring security authorization there.

Initially, my web.xml looked like this:

 <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/root-context.xml</param-value> </context-param> <!-- Creates the Spring Container shared by all Servlets and Filters --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Processes application requests --> <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>

In the com.rosteach.security package , I created the Spring Security configuration class:

SecurityConfig.java

 @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(securedEnabled = true) public class SecurityConfig extends WebSecurityConfigurerAdapter { private UserDetailsServiceIMPL userDetailsService = new UserDetailsServiceIMPL(); @Autowired public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService);//.passwordEncoder(getShaPasswordEncoder()); } /* @Bean public ShaPasswordEncoder getShaPasswordEncoder(){ return new ShaPasswordEncoder(); }*/ @Override protected void configure(HttpSecurity http) throws Exception { http.csrf().disable() .authorizeRequests() .antMatchers("/resources/**", "/**").permitAll() //.antMatchers("/").access("ADMIN") .anyRequest().permitAll() .and(); http.formLogin() .loginPage("/login") .loginProcessingUrl("/j_spring_security_check") .failureUrl("/error").defaultSuccessUrl("/") .usernameParameter("j_username") .passwordParameter("j_password") .permitAll(); http.logout() .permitAll() .logoutUrl("/logout") .logoutSuccessUrl("/") .invalidateHttpSession(true); } }

And trying to add this configuration to web.xml

 <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5"> <!-- The definition of the Root Spring Container shared by all Servlets and Filters --> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/root-context.xml</param-value> </context-param> <!-- ADD FOR SPRING SEC --> <context-param> <param-name>contextClass</param-name> <param-value> org.springframework.web.context.support.AnnotationConfigWebApplicationContext </param-value> </context-param> <context-param> <param-name>contextConfigLocation</param-name> <param-value>com.rosteach.security.SecurityConfig</param-value> </context-param> <!-- Creates the Spring Container shared by all Servlets and Filters --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Processes application requests --> <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> </init-param> <!-- ADD FOR SPRING SEC --> <init-param> <param-name>contextClass</param-name> <param-value> org.springframework.web.context.support.AnnotationConfigWebApplicationContext </param-value> </init-param> <init-param> <param-name>contextConfigLocation</param-name> <param-value>com.rosteach.security.SecurityConfig</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>

And after starting, I get an error:

WARN: org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [...] in DispatcherServlet with name 'appServlet'

How to add Spring Security configuration class to web.xml?

  • Why do you need the bootstrap application via XML if at the same time you are using the Java configuration of the spring? Choose one thing. And yes, here is the documentation for your question. - enzo
  • You do not need to add anything to web.xml. You need to add a class initializer for SecurityConfig.java. - barmaglott

0