Spring Security with Java EE

Asked

Viewed 1,221 times

12

Hello, I am developing a Maven Enterprise Application EAR project and am currently implementing the authorization part using Spring Security with Annotation instead of xml.

Structure of the Project:

Estrutura

Filing cabinet AppConfig.java

package br.com.seguranca.config;  

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.jdbc.datasource.DriverManagerDataSource;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;

@Configuration
@ComponentScan({ "br.com.seguranca.*" })
@Import({ SecurityConfig.class })
public class AppConfig {

    @Bean(name = "dataSource")
    public DriverManagerDataSource dataSource() {
        DriverManagerDataSource driverManagerDataSource = new DriverManagerDataSource();
        driverManagerDataSource.setDriverClassName("com.mysql.jdbc.Driver");
        driverManagerDataSource.setUrl("jdbc:mysql://localhost:3306/test");
        driverManagerDataSource.setUsername("root");
        driverManagerDataSource.setPassword("root");
        return driverManagerDataSource;
    }

    @Bean
    public InternalResourceViewResolver viewResolver() {
        InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
        viewResolver.setViewClass(JstlView.class);
        viewResolver.setPrefix("/");
        viewResolver.setSuffix(".xhtml");
        return viewResolver;
    }

}

Filing cabinet SecurityConfig.java:

package br.com.seguranca.config;

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    DataSource dataSource;

    @Autowired
    public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {

      auth.jdbcAuthentication().dataSource(dataSource)
        .usersByUsernameQuery(
            "select username,password, enabled from users where username=?")
        .authoritiesByUsernameQuery(
            "select username, role from user_roles where username=?");
    }   

    @Override
    protected void configure(HttpSecurity http) throws Exception {

      http.authorizeRequests()
        .antMatchers("/**").access("hasRole('ROLE_ADMIN')")
        .and()
                .formLogin()
                .loginPage("/login.xhtml")
                .loginProcessingUrl("/login")
                .defaultSuccessUrl("/index.xhtml")

          .usernameParameter("username").passwordParameter("password")
        .and()
          .logout().logoutSuccessUrl("/login?logout")
        .and()
          .exceptionHandling().accessDeniedPage("/403")
        .and()
          .csrf();
    }
}

Filing cabinet SecurityWebApplicationInitializer.java:

package br.com.seguranca.config;

import org.springframework.security.web.context.*;

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

    public SecurityWebApplicationInitializer() {
        super(SecurityConfig.class);
    }

}

The question is: What is the right way to create the class LoginManagedBean.java in the controller package?

This is the right way to implement Spring Security in a project like this?

I kept this form and implemented the following class:

package br.com.cemil.portalautomacao.controllers;

import br.com.cemil.portalautomacao.model.Usuario;
import java.io.Serializable;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.SessionScoped;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;

@ManagedBean
@SessionScoped
public class UsuarioController implements Serializable {

    private Usuario usuario;

    public UsuarioController() {
        usuario = new Usuario();
        SecurityContext context = SecurityContextHolder.getContext();
        if (context instanceof SecurityContext){
            Authentication authentication = context.getAuthentication();
            if (authentication instanceof Authentication){
                usuario.setUsername(((User)authentication.getPrincipal()).getUsername());
            }
        }
    }

    public Usuario getUsuario() {
        return usuario;
    }

    public void setUsuario(Usuario usuario) {
        this.usuario = usuario;
    }

}

The Login screen looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:h="http://java.sun.com/jsf/html"
      xmlns:p="http://primefaces.org/ui">
    <h:head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <title>Teste!</title>
        <link type="text/css" rel="stylesheet" href="dot-luv/skin.css"/>
    </h:head>
    <h:body style="background-image:url('http://pwes.rocklin.k12.ca.us/j0439526.jpg');background-position: 50% 0%;background-repeat: no-repeat">
        <p:dialog header="Login" visible="true" closable="false" draggable="false" resizable="false" width="420">
            <center>
                <h:outputText value="Usuário ou senha incorretos!" rendered="#{param.erro}" style="color: darkred"/>
            </center>
            <form action="j_spring_security_check" method="post">
                <h:panelGrid columns="2" cellpadding="5">
                    <h:outputLabel for="j_username" value="Username: *" /> 
                    <h:inputText id="j_username" required="true"/>
                    <h:outputLabel for="j_password" value="Password: * " />
                    <h:inputSecret id="j_password" required="true"/>
                    <h:commandButton value="Login"/>
                </h:panelGrid>
            </form>
        </p:dialog>
    </h:body>
</html>

This example is generating the following log:

Severe:   Exception during lifecycle processing
java.lang.Exception: java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityConfig': Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: javax.sql.DataSource br.com.cemil.portalautomacao.config.SecurityConfig.dataSource; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [javax.sql.DataSource] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}
    at com.sun.enterprise.web.WebApplication.start(WebApplication.java:168)
    at org.glassfish.internal.data.EngineRef.start(EngineRef.java:122)
    at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:291)
    at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:352)
    at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:497)
    at com.sun.enterprise.v3.server.ApplicationLifecycle.deploy(ApplicationLifecycle.java:219)
    at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:491)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:527)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:523)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.Subject.doAs(Subject.java:360)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$2.execute(CommandRunnerImpl.java:522)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:546)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1423)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl.access$1500(CommandRunnerImpl.java:108)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1762)
    at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1674)
    at com.sun.enterprise.v3.admin.AdminAdapter.doCommand(AdminAdapter.java:534)
    at com.sun.enterprise.v3.admin.AdminAdapter.onMissingResource(AdminAdapter.java:224)
    at org.glassfish.grizzly.http.server.StaticHttpHandler.service(StaticHttpHandler.java:297)
    at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:246)
    at org.glassfish.grizzly.http.server.HttpHandler.runService(HttpHandler.java:191)
    at org.glassfish.grizzly.http.server.HttpHandler.doHandle(HttpHandler.java:168)
    at org.glassfish.grizzly.http.server.HttpServerFilter.handleRead(HttpServerFilter.java:189)
    at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:288)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:206)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:136)
    at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:114)
    at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:77)
    at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:838)
    at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:113)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:115)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
    at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:135)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:564)
    at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:544)
    at java.lang.Thread.run(Thread.java:744)

EDITION: including files pom.xml

pom.xml aggregator:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <groupId>br.com.cemil</groupId>
    <artifactId>seguranca</artifactId>
    <version>1.0</version>
    <packaging>pom</packaging>
    <name>seguranca</name>
    <modules>
        <module>seguranca-ear</module>
        <module>seguranca-web</module>
        <module>seguranca-ejb</module>
    </modules>
</project>

pom.xml of the EJB project:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <artifactId>seguranca</artifactId>
        <groupId>br.com.cemil</groupId>
        <version>1.0</version>
    </parent>

    <groupId>br.com.cemil</groupId>
    <artifactId>seguranca-ejb</artifactId>
    <version>1.0</version>
    <packaging>ejb</packaging>

    <name>seguranca-ejb</name>

    <properties>
        <endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
       <!-- Implementacao do Bean Validation -->
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-validator</artifactId>
            <version>5.2.0.Beta1</version>
            <scope>compile</scope>
        </dependency>

        <!-- Núcleo do Hibernate -->
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-core</artifactId>
            <version>4.3.8.Final</version>
            <scope>compile</scope>
        </dependency>

        <!-- Implementação de EntityManager da JPA -->
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-entitymanager</artifactId>
            <version>4.3.8.Final</version>
            <scope>compile</scope>
        </dependency>

        <!-- Driver JDBC do MySQL -->
        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
            <version>5.1.25</version>
            <scope>compile</scope>
        </dependency>

        <!-- Commons Logging (abstrai a implementação de logging) -->
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.1.3</version>
            <scope>compile</scope>
        </dependency>

        <!-- Commons Lang (utilidades) -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.1</version>
            <scope>compile</scope>
        </dependency>

        <!-- Usamos para formatar números em templates -->
        <dependency>
            <groupId>velocity-tools</groupId>
            <artifactId>velocity-tools-generic</artifactId>
            <version>1.1</version>
            <scope>compile</scope>
        </dependency>

        <!-- Spring Security (autenticação e autorização) -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>4.0.0.RELEASE</version>
        </dependency> 
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.0.0.RELEASE</version>
        </dependency> 
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.0.0.RELEASE</version>
        </dependency>

        <!-- API de Servlet -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.0.1</version>
            <scope>provided</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring</artifactId>
            <version>2.0.8</version>
            <type>jar</type>
        </dependency>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.1</version>
                <configuration>
                    <source>1.7</source>
                    <target>1.7</target>
                    <compilerArguments>
                        <endorseddirs>${endorsed.dir}</endorseddirs>
                    </compilerArguments>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-ejb-plugin</artifactId>
                <version>2.3</version>
                <configuration>
                    <ejbVersion>3.1</ejbVersion>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-dependency-plugin</artifactId>
                <version>2.6</version>
                <executions>
                    <execution>
                        <phase>validate</phase>
                        <goals>
                            <goal>copy</goal>
                        </goals>
                        <configuration>
                            <outputDirectory>${endorsed.dir}</outputDirectory>
                            <silent>true</silent>
                            <artifactItems>
                                <artifactItem>
                                    <groupId>javax</groupId>
                                    <artifactId>javaee-endorsed-api</artifactId>
                                    <version>7.0</version>
                                    <type>jar</type>
                                </artifactItem>
                            </artifactItems>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

</project>

pom.xml of the web project:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <artifactId>seguranca</artifactId>
        <groupId>br.com.cemil</groupId>
        <version>1.0</version>
    </parent>

    <groupId>br.com.cemil</groupId>
    <artifactId>seguranca-web</artifactId>
    <version>1.0</version>
    <packaging>war</packaging>

    <name>seguranca-web</name>

    <properties>
        <endorsed.dir>${project.build.directory}/endorsed</endorsed.dir>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    </properties>

    <dependencies>
        <!-- Implementacao do Bean Validation -->
        <dependency>
            <groupId>org.hibernate</groupId>
            <artifactId>hibernate-validator</artifactId>
            <version>5.0.1.Final</version>
            <scope>compile</scope>
        </dependency>

        <!-- PrimeFaces (biblioteca de componentes) -->
        <dependency>
            <groupId>org.primefaces</groupId>
            <artifactId>primefaces</artifactId>
            <version>5.1</version>
            <scope>compile</scope>
        </dependency>

        <!-- Mojarra (implementacao do JSF) -->
        <dependency>
            <groupId>org.glassfish</groupId>
            <artifactId>javax.faces</artifactId>
            <version>2.1.21</version>
            <scope>compile</scope>
        </dependency>

        <!-- OmniFaces (utilitarios para JSF) -->
        <dependency>
            <groupId>org.omnifaces</groupId>
            <artifactId>omnifaces</artifactId>
            <version>1.5</version>
            <scope>compile</scope>
        </dependency>

        <!-- Commons Logging (abstrai a implementação de logging) -->
        <dependency>
            <groupId>commons-logging</groupId>
            <artifactId>commons-logging</artifactId>
            <version>1.1.3</version>
            <scope>compile</scope>
        </dependency>

        <!-- Commons Lang (utilidades) -->
        <dependency>
            <groupId>org.apache.commons</groupId>
            <artifactId>commons-lang3</artifactId>
            <version>3.1</version>
            <scope>compile</scope>
        </dependency>

        <!-- Usamos para formatar números em templates -->
        <dependency>
            <groupId>velocity-tools</groupId>
            <artifactId>velocity-tools-generic</artifactId>
            <version>1.1</version>
            <scope>compile</scope>
        </dependency>

        <!-- Spring Security (autenticação e autorização) -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>3.2.0.RELEASE</version>
        </dependency> 
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>3.2.0.RELEASE</version>
        </dependency> 
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>3.2.0.RELEASE</version>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
            <artifactId>spring-web</artifactId>
            <version>3.0.5.RELEASE</version>
        </dependency>
        <!-- API de Servlet -->
        <dependency>
            <groupId>javax.servlet</groupId>
            <artifactId>javax.servlet-api</artifactId>
            <version>3.0.1</version>
            <scope>provided</scope>
        </dependency>

        <dependency>
            <groupId>${project.groupId}</groupId>
            <artifactId>seguranca-ejb</artifactId>
            <version>${project.version}</version>
        </dependency>
        <dependency>
            <groupId>br.com.cemil</groupId>
            <artifactId>seguranca-web</artifactId>
            <version>1.0</version>
            <type>war</type>
        </dependency>
        <dependency>
            <groupId>javax</groupId>
            <artifactId>javaee-web-api</artifactId>
            <version>7.0</version>
            <scope>provided</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.1</version>
                <configuration>
                    <source>1.7</source>
                    <target>1.7</target>
                    <compilerArguments>
                        <endorseddirs>${endorsed.dir}</endorseddirs>
                    </compilerArguments>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>2.3</version>
                <configuration>
                    <failOnMissingWebXml>false</failOnMissingWebXml>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-dependency-plugin</artifactId>
                <version>2.6</version>
                <executions>
                    <execution>
                        <phase>validate</phase>
                        <goals>
                            <goal>copy</goal>
                        </goals>
                        <configuration>
                            <outputDirectory>${endorsed.dir}</outputDirectory>
                            <silent>true</silent>
                            <artifactItems>
                                <artifactItem>
                                    <groupId>javax</groupId>
                                    <artifactId>javaee-endorsed-api</artifactId>
                                    <version>7.0</version>
                                    <type>jar</type>
                                </artifactItem>
                            </artifactItems>
                        </configuration>
                    </execution>
                </executions>
            </plugin>
        </plugins>
    </build>

</project>
  • 1

    only for awareness, remove the name attribute from the @Bean(name = "datasource") annotation and in the Securityconfig class make a Setter for Datasource and tell if the error at least changes.

  • I modified as you said and the error remains the same...

  • @Ítalogustavoaraújo got or still needs help?

  • @Brunocésar not yet succeeded, I tried to implement with JAAS but did not like the result, is generating a lot of error, I keep trying with Spring Security and I need help.

  • @Brunocésar I put the records in Dropbox, look if you can access. pom.xml

  • Yes, I can. Before testing, just a few questions: no pom.xml of seguranca-ejb, why are you including an old version (2.0.8) after declaring other dependencies of spring? No seguranca-web, why there is a dependence on himself and dependence on seguranca-ejb is not the type ejb, besides having different (and even duplicate) versions of spring stuff?

  • So this duplicity of dependencies was created by several tests that were done in the project and I forgot to clean pom.xml not giving much importance.

  • In the Securityconfig Class put Datasource this way @Autowired @Qualifier("datasource")

Show 3 more comments

2 answers

1

I’m using spring security and in my case it works super well:

https://www.mkyong.com/tutorials/spring-security-tutorials/

My suggestion is you download the tutorial project with authenticacao via database and start your structure through it... For first wheel easily, even you could compare your code

For Authentication I created a class called custom Authentication:

public class CustomAuthenticationSuccessHandler implements AuthenticationSuccessHandler {

    private static final Logger log = LoggerFactory.getLogger(PropertyUtils.class.getName());

    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {

            log.info("onAuthenticationSuccess called");

            /* Redirect on the successful authentication of the user */
            //logger.info("Hit the AuthSuccessHandler");
            Collection<? extends GrantedAuthority> authorities = authResult.getAuthorities();
            for (GrantedAuthority grantedAuthority : authorities) {
                  if (grantedAuthority.getAuthority().equals("ROLE_ADMIN")) {
                      log.info("Admin authenticated");
                      response.sendRedirect(request.getContextPath().concat("/admin"));
                      return;
                  } else if (grantedAuthority.getAuthority().equals("ROLE_AGENT")) {
                     log.info("Agent authenticated");
                     response.sendRedirect(request.getContextPath().concat("/agent"));
                     return;
                  } else{
                     log.info("403 throw");
                     response.sendRedirect(request.getContextPath().concat("/403"));
                     return;
                  }
              }
    }            
}    

In the Securityconfig class:

@Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
            .antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
            .and()
                .formLogin().loginPage("/login")
                                .successHandler(new  CustomAuthenticationSuccessHandler())
                                .failureUrl("/login?error")
                                .usernameParameter("username").passwordParameter("password")
            .and()
                .logout().logoutSuccessUrl("/login?logout")
            .and()
                .exceptionHandling().accessDeniedPage("/403")
            .and()
                .csrf().disable();


                http.authorizeRequests()
            .antMatchers("/agent/**").access("hasRole('ROLE_AGENT')")
            .and()
                .formLogin().loginPage("/login")
                                .successHandler(new  CustomAuthenticationSuccessHandler())
                                .failureUrl("/login?error")
                                .usernameParameter("username").passwordParameter("password")
            .and()
                .logout().logoutSuccessUrl("/login?logout")
            .and()
                .exceptionHandling().accessDeniedPage("/403")
            .and()
                .csrf().disable();  
    }

POM:

<properties>
        <jdk.version>1.6</jdk.version>
        <spring.version>3.2.8.RELEASE</spring.version>
        <spring.security.version>3.2.3.RELEASE</spring.security.version>
        <jstl.version>1.2</jstl.version>
        <mysql.connector.version>5.1.30</mysql.connector.version>
    </properties>

0

Note the following line:

nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException:
No qualifying bean of type [javax.sql.DataSource] found for dependency

The error occurred because you are trying to use an instance of the class javax.sql.DataSource, but the one you put in the configuration class is the org.springframework.jdbc.datasource.DriverManagerDataSource, which is an implementation of Datasource.

To fix the error just put the annotation @Qualifier("nomeDoBean") in class SecurityConfig, which will remain as follows.

@Autowired
@Qualifier("dataSource")
DataSource dataSource;
  • After the modification is generating this new error: Severe: Exception while loading the app&#xA;Severe: Undeployment failed for context /seguranca-web&#xA;Severe: Exception while loading the app : java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.apache.catalina.LifecycleException: java.lang.NoSuchMethodError: org.springframework.core.annotation.AnnotationAwareOrderComparator.sort(Ljava/util/List;)V

  • 1

    @Ítalogustavoarajo checks whether your pom.xml has two dependencies with the same . jar and with different versions. See this reply http://stackoverflow.com/questions/21788134/spring-starting-throws-an-exception

  • there are no two equal dependencies.

  • If you have someone with a cleaner tutorial using Spring Security with Java EE I am grateful...

Browser other questions tagged

You are not signed in. Login or sign up in order to post.