java - Problems with Spring MVC 4 REST security -


i having real difficulty adding security rest api , wondering if can here. have set of model, controller , dao classes in order add, edit , delete customers through api. using latest version of spring mvc 4. want have basic authentication select number of users can that.

i added following class start with:

@configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter {      @autowired     public void configureglobal(authenticationmanagerbuilder auth) throws exception {         auth.inmemoryauthentication().withuser("user").password("password").roles("user");     }          protected void configure(httpsecurity http) throws exception {         http.authorizerequests().anyrequest().authenticated().and().formlogin().and().httpbasic();         http.csrf().disable();     } } 

as can notice disable csrf after error messages coming during testing. added following class in order initialise securityconfig.

public class messagesecuritywebapplicationinitializer extends abstractsecuritywebapplicationinitializer {      public messagesecuritywebapplicationinitializer() {         super(securityconfig.class);     } } 

i added of course in pom.xml (since not using web.xml) relevant dependencies. build project using maven , copy , paste .war file in tomcat7 webapps folder. when .war file loaded error message:

cannot initialize context because there root application context present - check whether have multiple contextloader* definitions in web.xml! 

i have class below initialise application. haven't got implementation of abstractannotationconfigdispatcherservletinitializer in order add securityconfig.

@configuration @componentscan @enableautoconfiguration public class testapplication extends springbootservletinitializer {      public static void main(string[] args) {         springapplication.run(testapplication.class, args);     }      @override     protected springapplicationbuilder configure(springapplicationbuilder application) {         return application.sources(testapplication.class);     } } 

what going wrong here? searched entire web trying figure out how add basic authentication api bearing in mind configuration java based rather web.xml one. haven't found 1 article can solve problem experiencing. ideas?

edit:

still having issues spring security. removed messagesecuritywebapplicationinitializer , when try access /customers (a list of customers) login form. when enter username , password following exception:

javax.servlet.servletexception: filter execution threw exception     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:267)     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:208)     @ org.springframework.web.filter.characterencodingfilter.dofilterinternal(characterencodingfilter.java:88)     @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:241)     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:208)     @ org.springframework.boot.context.web.errorpagefilter.dofilter(errorpagefilter.java:108)     @ org.springframework.boot.context.web.errorpagefilter.access$000(errorpagefilter.java:59)     @ org.springframework.boot.context.web.errorpagefilter$1.dofilterinternal(errorpagefilter.java:88)     @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)     @ org.springframework.boot.context.web.errorpagefilter.dofilter(errorpagefilter.java:101)     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:241)     @ org.apache.catalina.core.applicationfilterchain.dofilter(applicationfilterchain.java:208)     @ org.apache.catalina.core.standardwrappervalve.invoke(standardwrappervalve.java:220)     @ org.apache.catalina.core.standardcontextvalve.invoke(standardcontextvalve.java:122)     @ org.apache.catalina.authenticator.authenticatorbase.invoke(authenticatorbase.java:504)     @ org.apache.catalina.core.standardhostvalve.invoke(standardhostvalve.java:170)     @ org.apache.catalina.valves.errorreportvalve.invoke(errorreportvalve.java:103)     @ org.apache.catalina.valves.accesslogvalve.invoke(accesslogvalve.java:950)     @ org.apache.catalina.core.standardenginevalve.invoke(standardenginevalve.java:116)     @ org.apache.catalina.connector.coyoteadapter.service(coyoteadapter.java:421)     @ org.apache.coyote.http11.abstracthttp11processor.process(abstracthttp11processor.java:1074)     @ org.apache.coyote.abstractprotocol$abstractconnectionhandler.process(abstractprotocol.java:611)     @ org.apache.tomcat.util.net.jioendpoint$socketprocessor.run(jioendpoint.java:316)     @ java.util.concurrent.threadpoolexecutor.runworker(threadpoolexecutor.java:1145)     @ java.util.concurrent.threadpoolexecutor$worker.run(threadpoolexecutor.java:615)     @ org.apache.tomcat.util.threads.taskthread$wrappingrunnable.run(taskthread.java:61)     @ java.lang.thread.run(thread.java:744) caused by: java.lang.abstractmethoderror: null     @ javax.servlet.http.httpservletrequestwrapper.changesessionid(httpservletrequestwrapper.java:249)     @ javax.servlet.http.httpservletrequestwrapper.changesessionid(httpservletrequestwrapper.java:249)     @ sun.reflect.nativemethodaccessorimpl.invoke0(native method)     @ sun.reflect.nativemethodaccessorimpl.invoke(nativemethodaccessorimpl.java:57)     @ sun.reflect.delegatingmethodaccessorimpl.invoke(delegatingmethodaccessorimpl.java:43)     @ java.lang.reflect.method.invoke(method.java:606)     @ org.springframework.util.reflectionutils.invokemethod(reflectionutils.java:202)     @ org.springframework.util.reflectionutils.invokemethod(reflectionutils.java:187)     @ org.springframework.security.web.authentication.session.changesessionidauthenticationstrategy.applysessionfixation(changesessionidauthenticationstrategy.java:48)     @ org.springframework.security.web.authentication.session.abstractsessionfixationprotectionstrategy.onauthentication(abstractsessionfixationprotectionstrategy.java:82)     @ org.springframework.security.web.authentication.session.changesessionidauthenticationstrategy.onauthentication(changesessionidauthenticationstrategy.java:32)     @ org.springframework.security.web.authentication.session.compositesessionauthenticationstrategy.onauthentication(compositesessionauthenticationstrategy.java:83)     @ org.springframework.security.web.authentication.abstractauthenticationprocessingfilter.dofilter(abstractauthenticationprocessingfilter.java:216)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)     @ org.springframework.security.web.authentication.logout.logoutfilter.dofilter(logoutfilter.java:110)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)     @ org.springframework.security.web.header.headerwriterfilter.dofilterinternal(headerwriterfilter.java:57)     @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)     @ org.springframework.security.web.context.securitycontextpersistencefilter.dofilter(securitycontextpersistencefilter.java:87)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)     @ org.springframework.security.web.context.request.async.webasyncmanagerintegrationfilter.dofilterinternal(webasyncmanagerintegrationfilter.java:50)     @ org.springframework.web.filter.onceperrequestfilter.dofilter(onceperrequestfilter.java:107)     @ org.springframework.security.web.filterchainproxy$virtualfilterchain.dofilter(filterchainproxy.java:342)     @ org.springframework.security.web.filterchainproxy.dofilterinternal(filterchainproxy.java:192)     @ org.springframework.security.web.filterchainproxy.dofilter(filterchainproxy.java:160)     @ org.apache.catalina.core.applicationfilterchain.internaldofilter(applicationfilterchain.java:241) 

the error message stating root applicationcontext has been created. if did using java configuration created subclass of abstractannotationconfigdispatcherservletinitializer. changes should be:

public class messagesecuritywebapplicationinitializer extends abstractsecuritywebapplicationinitializer {      public messagesecuritywebapplicationinitializer() {         // remove super(securityconfig.class);     } } 

then update existing subclass of abstractannotationconfigdispatcherservletinitializer.

public class messagewebapplicationinitializer extends         abstractannotationconfigdispatcherservletinitializer {      @override     protected class<?>[] getrootconfigclasses() {         return new class[] { securityconfig.class };     }      // ... other overrides ... } 

you can find complete example in hello spring mvc security java config


Comments

Popular posts from this blog

css - SVG using textPath a symbol not rendering in Firefox -

Java 8 + Maven Javadoc plugin: Error fetching URL -

datatable - Matlab struct computations -