java - Problems with Spring MVC 4 REST security -
i having real difficulty adding security rest api , wondering if can here. have set of model, controller , dao classes in order add, edit , delete customers through api. using latest version of spring mvc 4. want have basic authentication select number of users can that.
i added following class start with:
@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter { @autowired public void configureglobal(authenticationmanagerbuilder auth) throws exception { auth.inmemoryauthentication().withuser("user").password("password").roles("user"); } protected void configure(httpsecurity http) throws exception { http.authorizerequests().anyrequest().authenticated().and().formlogin().and().httpbasic(); http.csrf().disable(); } }
as can notice disable csrf after error messages coming during testing. added following class in order initialise securityconfig
.
public class messagesecuritywebapplicationinitializer extends abstractsecuritywebapplicationinitializer { public messagesecuritywebapplicationinitializer() { super(securityconfig.class); } }
i added of course in pom.xml (since not using web.xml) relevant dependencies. build project using maven , copy , paste .war file in tomcat7 webapps folder. when .war file loaded error message:
cannot initialize context because there root application context present - check whether have multiple contextloader* definitions in web.xml!
i have class below initialise application. haven't got implementation of abstractannotationconfigdispatcherservletinitializer
in order add securityconfig
.
@configuration @componentscan @enableautoconfiguration public class testapplication extends springbootservletinitializer { public static void main(string[] args) { springapplication.run(testapplication.class, args); } @override protected springapplicationbuilder configure(springapplicationbuilder application) { return application.sources(testapplication.class); } }
what going wrong here? searched entire web trying figure out how add basic authentication api bearing in mind configuration java based rather web.xml one. haven't found 1 article can solve problem experiencing. ideas?
edit:
still having issues spring security. removed messagesecuritywebapplicationinitializer
, when try access /customers (a list of customers) login form. when enter username , password following exception:
javax.servlet.servletexception: filter execution threw exception @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:267) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:208) @ org.springframework.web.filter.characterencodingfilter.dofilterinternal(characterencodingfilter.java:88) @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:241) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:208) @ org.springframework.boot.context.web.errorpagefilter.dofilter(errorpagefilter.java:108) @ org.springframework.boot.context.web.errorpagefilter.access$000(errorpagefilter.java:59) @ org.springframework.boot.context.web.errorpagefilter$1.dofilterinternal(errorpagefilter.java:88) @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) @ org.springframework.boot.context.web.errorpagefilter.dofilter(errorpagefilter.java:101) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:241) @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:208) @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:220) @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:122) @ org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java:504) @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:170) @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:103) @ org.apache.catalina.valves.accesslogvalve.invoke(accesslogvalve.java:950) @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:116) @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:421) @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1074) @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:611) @ org.apache.tomcat.util.net.jioendpoint$socketprocessor.run(jioendpoint.java:316) @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1145) @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:615) @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61) @ java.lang.thread.run(thread.java:744) caused by: java.lang.abstractmethoderror: null @ javax.servlet.http.httpservletrequestwrapper.changesessionid(httpservletrequestwrapper.java:249) @ javax.servlet.http.httpservletrequestwrapper.changesessionid(httpservletrequestwrapper.java:249) @ sun.reflect.nativemethodaccessorimpl.invoke0(native method) @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:57) @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43) @ java.lang.reflect.method.invoke(method.java:606) @ org.springframework.util.reflectionutils.invokemethod(reflectionutils.java:202) @ org.springframework.util.reflectionutils.invokemethod(reflectionutils.java:187) @ org.springframework.security.web.authentication.session.changesessionidauthenticationstrategy.applysessionfixation(changesessionidauthenticationstrategy.java:48) @ org.springframework.security.web.authentication.session.abstractsessionfixationprotectionstrategy.onauthentication(abstractsessionfixationprotectionstrategy.java:82) @ org.springframework.security.web.authentication.session.changesessionidauthenticationstrategy.onauthentication(changesessionidauthenticationstrategy.java:32) @ org.springframework.security.web.authentication.session.compositesessionauthenticationstrategy.onauthentication(compositesessionauthenticationstrategy.java:83) @ org.springframework.security.web.authentication.abstractauthenticationprocessingfilter.dofilter(abstractauthenticationprocessingfilter.java:216) @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342) @ org.springframework.security.web.authentication.logout.logoutfilter.dofilter(logoutfilter.java:110) @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342) @ org.springframework.security.web.header.headerwriterfilter.dofilterinternal(headerwriterfilter.java:57) @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342) @ org.springframework.security.web.context.securitycontextpersistencefilter.dofilter(securitycontextpersistencefilter.java:87) @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342) @ org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter.dofilterinternal(webasyncmanagerintegrationfilter.java:50) @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107) @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342) @ org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:192) @ org.springframework.security.web.filterchainproxy.dofilter(filterchainproxy.java:160) @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:241)
the error message stating root applicationcontext has been created. if did using java configuration created subclass of abstractannotationconfigdispatcherservletinitializer
. changes should be:
public class messagesecuritywebapplicationinitializer extends abstractsecuritywebapplicationinitializer { public messagesecuritywebapplicationinitializer() { // remove super(securityconfig.class); } }
then update existing subclass of abstractannotationconfigdispatcherservletinitializer
.
public class messagewebapplicationinitializer extends abstractannotationconfigdispatcherservletinitializer { @override protected class<?>[] getrootconfigclasses() { return new class[] { securityconfig.class }; } // ... other overrides ... }
you can find complete example in hello spring mvc security java config
Comments
Post a Comment