6

I am trying to implement authentication on Spring web service by referring the following link:

http://docs.spring.io/spring-ws/site/reference/html/security.html

Following is the configuration I have added:

    <bean
        class="org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping">
        <property name="interceptors">
            <list>
                <ref local="wsServerSecurityInterceptor" />
                <ref local="payloadValidatingIterceptor" />
            </list>
        </property>
    </bean>
    <bean id="wsServerSecurityInterceptor"
        class="org.springframework.ws.soap.security.xwss.XwsSecurityInterceptor">
        <property name="policyConfiguration"
            value="classpath:security/xwss/security-server-policy.xml" />
        <property name="callbackHandlers">
            <list>
                <!-- <ref bean="keyStoreHandlerServer" /> -->
                <ref bean="springSecurityHandler" />
                <ref bean="callbackHandlerServer" />
            </list>
        </property>
    </bean>
    <bean id="springSecurityHandler"
      class="org.springframework.ws.soap.security.xwss.callback.SpringPlainTextPasswordValidationCallbackHandler">
    <property name="authenticationManager" ref="authenticationManager"/>
  </bean>
  <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
      <property name="providers">  
      <list>
    <ref local="authenticationProvider" />
    </list>        
    </property>
  </bean>
  <bean id="authenticationProvider"
   class="org.springframework.security.providers.dao.DaoAuthenticationProvider">
              <property name="userDetailsService" ref="userDetailsService"/>
          </bean>  
   <bean id="userDetailsService" class="com.impl.endpoints.calc.client.JpaUserDetailsService" />

While deploying the war file on server, I get following error:

Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.ws.server.endpoint.mapping.PayloadRootAnnotationMethodEndpointMapping#0' defined in ServletContext resource [/WEB-INF/xws-spring-ws-servlet.xml]: Cannot resolve reference to bean 'wsServerSecurityInterceptor' while setting bean property 'interceptors' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'wsServerSecurityInterceptor' defined in ServletContext resource [/WEB-INF/xws-spring-ws-servlet.xml]: Cannot resolve reference to bean 'springSecurityHandler' while setting bean property 'callbackHandlers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityHandler' defined in ServletContext resource [/WEB-INF/xws-spring-ws-servlet.xml]: Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: org/springframework/security/authentication/AuthenticationManager
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:329)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:107)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
    at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:154)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1387)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1128)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:458)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:295)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:223)

org/springframework/security/authentication/AuthenticationManager is not mentioned anywhere in the configuration or the code. I wonder where exactly the given class is required and what configuration change I need to do to resolve this error.

EDIT:

POM contains following spring security jars:

        <dependency>
        <groupId>
                org.springframework.security
                </groupId>
        <artifactId>spring-security-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>2.0.4</version>
    </dependency>

    <dependency>
        <groupId>
                org.springframework.security
                </groupId>
        <artifactId>spring-security-config</artifactId>
    </dependency>

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-taglibs</artifactId>
        <version>3.1.7.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-ldap</artifactId>
        <version>3.1.7.RELEASE</version>
    </dependency>

    <dependency>
        <groupId>org.springframework.ws</groupId>
        <artifactId>spring-ws-security</artifactId>
        <version>2.2.0.RELEASE</version>
        <exclusions>
            <exclusion>
                <groupId>com.sun.xml.wsit</groupId>
                <artifactId>xws-security</artifactId>
            </exclusion>
            <exclusion>
                <groupId>com.sun.xml.wsit</groupId>
                <artifactId>wsit-rt</artifactId>
            </exclusion>
        </exclusions>
    </dependency>
Improve this question

2 Answers 2

Reset to default
9

You are mixing Spring Security 2 and Spring Security 3 in your configuration. Use the same (and the latest) version number for all the Spring Security jars. You have version 2.0.4 for the spring-security-core jar and 3.1.7.RELEASE for other ones. Use the current release version for all the jars, and make sure there aren't different versions in your WEB-INF/lib when you've built the project.

The package names also changed between 2 and 3. Use the API docs if you need to know what package a class is in.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This answer helped me notice that 'DaoAuthenticationProvider' is now at a different package, 'org.springframework.security.authentication.dao'. Tks
0

Download org.springframework.security.core.jar and add it ro your classpath.

Improve this answer

6 Comments

I already have spring security core jar in my pom. I have added the list of security jars currently present in the application.
@user3619997 Can you take a look to your war file if the jar is in WEB-INF/lib directory?
yes, spring-security-core-2.0.4.jar is present in WEB-INF/lib directory of the WAR file
@user3619997 And can you verify if the class is in the jar?
The class is present as org.springframework.security.AuthenticationManager but in my code it is searching it in org.springframework.security.authentication.AuthenticationManager.I tried to find the jar for the class in this link: findjar.com/… but could not find it.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.