Announcement Announcement Module
Collapse
No announcement yet.
Error setting form-login Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Error setting form-login

    Hi, I've just got the book I order (Packt's Spring Security 3) and can't wai to test what I'm learning.

    I did the basic example the book ilustrate on chapter 2, but now I want to customize my login page. Even though it looks simple (just create a login.jsp page and configure it using <form-login>) it keeps sending a really weird error:

    Code:
    Jul 14, 2011 3:59:55 PM org.springframework.web.context.ContextLoader initWebApplicationContext
    SEVERE: Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalStateException: MessageSource not initialized - call 'refresh' before accessing messages via the context: Root WebApplicationContext: startup date [Thu Jul 14 15:59:54 BRT 2011]; root of context hierarchy
    I really don't know what it is about, but here's the applicationContext-security.xml I'm using:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    	xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans 
    						http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                            http://www.springframework.org/schema/security 
                            http://www.springframework.org/schema/security/spring-security-3.1.xsd">
    	<debug />
    	<http auto-config="true">
    		<form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=invalido"/>
    		<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
    		<intercept-url pattern="/*" access="ROLE_USER" />
    	</http>
    	<authentication-manager>
    		<authentication-provider>
    			<user-service>
    				<user name="admin" password="admin" authorities="ROLE_USER,ROLE_ADMIN" />
    				<user name="teste" password="teste" authorities="ROLE_USER" />
    			</user-service>
    		</authentication-provider>
    	</authentication-manager>
    </beans:beans>
    Thanks anyway.

  • #2
    I have never seen this error before and I doubt if it has anything to do with setting a custom login page. Are you saying that it works if you don't?

    I would use one of the sample applications as a starting point to make sure you don't have some odd classpath issue going on. Also, make sure you have debug logging enabled in your app.

    Comment


    • #3
      Hi Luke

      Originally posted by Luke Taylor View Post
      I have never seen this error before and I doubt if it has anything to do with setting a custom login page. Are you saying that it works if you don't?
      It works just fine when I take the <form-login> line!

      Originally posted by Luke Taylor View Post
      I would use one of the sample applications as a starting point to make sure you don't have some odd classpath issue going on. Also, make sure you have debug logging enabled in your app.
      I'm not sure if it has something to do with spring versions, but here are the jars I'm using:

      commons-codec-1.4.jar
      commons-logging-1.1.1.jar
      spring-aop-3.0.5.RELEASE.jar
      spring-asm-3.0.5.RELEASE.jar
      spring-beans-3.0.5.RELEASE.jar
      spring-context-3.0.5.RELEASE.jar
      spring-context-support-3.0.5.RELEASE.jar
      spring-core-3.0.5.RELEASE.jar
      spring-expression-3.0.5.RELEASE.jar
      spring-security-config-3.1.0.RC2.jar
      spring-security-core-3.1.0.RC2.jar
      spring-security-taglibs-3.1.0.RC2.jar
      spring-security-web-3.1.0.RC2.jar
      spring-web-3.0.5.RELEASE.jar

      Thanks.

      Comment


      • #4
        Have you enabled debugging and looked at the logs? What do the logs say? If that doesn't help try posting the logs with the code tags (i.e. # button).

        Comment


        • #5
          @liviass

          Hi, I have the same error, Do your have resolved?

          Regards.

          CDS

          Comment


          • #6
            I know the reason, but I don't know how to fix

            @Luke Taylor.
            Hi. I found the reason for this error (probably, this is either configuration issue, or more realistically springframework/spring security issue).
            Here is the stack trace (only the cause classes are included):
            ...
            at org.springframework.context.support.AbstractApplic ationContext.getMessageSource(AbstractApplicationC ontext.java:1224)
            at org.springframework.context.support.AbstractApplic ationContext.getMessage(AbstractApplicationContext .java:1206)
            at org.springframework.context.support.MessageSourceA ccessor.getMessage(MessageSourceAccessor.java:83)
            at org.springframework.security.access.vote.Affirmati veBased.decide(AffirmativeBased.java:83)
            at org.springframework.security.config.http.DefaultFi lterChainValidator.checkLoginPageIsntProtected(DefaultFilterChainValidator.java:170)
            at org.springframework.security.config.http.DefaultFi lterChainValidator.validate(DefaultFilterChainValidator.java:35)
            at org.springframework.security.web.FilterChainProxy. afterPropertiesSet(FilterChainProxy.java:148)
            ...
            The reason for this is the following:
            1. /signin URL is protected, so DefaultFilterChainValidator.checkLoginPageIsntProt ected() is failed, and
            2. AffirmativeBased.decide() tries to throw the exception:
            ...
            if (deny > 0) {
            throw new AccessDeniedException(messages.getMessage("Abstrac tAccessDecisionManager.accessDenied",
            "Access is denied"));
            }
            ...
            3. Here message is extracted, and SpringSecurityMessageSource class is used for this purpose:
            public class SpringSecurityMessageSource extends ResourceBundleMessageSource {


            public SpringSecurityMessageSource() {
            setBasename("org.springframework.security.messages ");
            }

            public static MessageSourceAccessor getAccessor() {
            return new MessageSourceAccessor(new SpringSecurityMessageSource());
            }
            }
            And actually if AbstractAccessDecisionManager didn't implement MessageSourceAware everything should work, because (see the attached screenshot), by unknown reason XmlWebApplicationContext is trying to rewrite the valid initialized MessageSourceAccessor (again see the screenshot) (yes, XmlWebApplicationContext implements MessageSource actually), but this behavior is weird (or do I miss something?).
            4. And, of course, after this initialization messageSource is null, and the required message can't be retrieved.

            This specific issue can be fixed by providing access (permitAll) to /signin (what really must be done), but this is not case, the case is how to fix this, that in the case of the error I could see the detailed message, and org.springframework.security.message would be used and not overridden.

            And final notes, <debug/> is used, just if you are interested, and use spring security 3.1.0.RELEASE together with spring framework 3.1.0.RELEASE.
            Here is link on the stackoverlow (screenshot is more viewable there http://stackoverflow.com/questions/8...fore-accessing)
            Attachment
            Thank you.
            Attached Files
            Last edited by Aliaksandr; Dec 29th, 2011, 02:03 PM.

            Comment


            • #7
              Probably this is because of the <debug/> usage too. See https://jira.springsource.org/browse/SEC-1885.
              Last edited by Aliaksandr; Jan 5th, 2012, 10:59 AM.

              Comment


              • #8
                Thanks for the POST, you saved me from a lot of investigation.

                Comment

                Working...
                X