Announcement Announcement Module
No announcement yet.
Spring 3.1 WebApplicationInitializer and spring security Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring 3.1 WebApplicationInitializer and spring security


    Are there examples or other references on how to configure the new WebApplicationInitializer introduced in Spring 3.1 and Spring Security? We are writing a greenfield application and would like to be as bleeding edge as possible

    What I have below is functional with our new beans:
    public class Initializer implements WebApplicationInitializer {
    	public void onStartup(ServletContext sc) {
    		// Create the 'root' Spring application context
    		AnnotationConfigWebApplicationContext root = new AnnotationConfigWebApplicationContext();
    		// Manages the life cycle of the root application context
    		sc.addListener(new ContextLoaderListener(root));
    		// spring security
    		DelegatingFilterProxy delegatingFilterProxy = new DelegatingFilterProxy("springSecurityFilterChain");
    		FilterRegistration fr = sc.addFilter("springSecurityFilterChain", delegatingFilterProxy);
    		fr.addMappingForUrlPatterns(EnumSet.of(DispatcherType.REQUEST, DispatcherType.FORWARD), true, "/**");
    		ServletRegistration.Dynamic dispatcher = sc.addServlet("mvcServlet", new DispatcherServlet(new GenericWebApplicationContext()));
    		Set<String> mappingConflicts = dispatcher.addMapping("/mvc/*");
    		if (!mappingConflicts.isEmpty()) {
    			throw new IllegalStateException("'mvcServlet' could not be mapped to '/' due "
    					+ "to an existing mapping. This is a known issue under Tomcat versions "
    					+ "<= 7.0.14; see");
    The tomcat 7.0 startup log is complaining that the filter is not found.
    DEBUG: org.springframework.web.filter.HiddenHttpMethodFilter - Filter 'hiddenHttpMethodFilter' configured successfully
    DEBUG: org.springframework.web.filter.DelegatingFilterProxy - Initializing filter 'springSecurityFilterChain'
    Sep 15, 2011 7:00:52 AM org.apache.catalina.core.StandardContext filterStart
    SEVERE: Exception starting filter springSecurityFilterChain
    org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined

  • #2
    The filter name is wrong.
    sc.addFilter("securityFilter", new DelegatingFilterProxy("springSecurityFilterChain") )


    • #3
      read the javadoc for the setConfigLocation (or setConfigLocations) for AnnotationConfigWebApplicationContext.

      It does not do what you think it does.

      You need a XmlWebApplicationContext to pass it a xml file. However, the XWAC does not have context.scan(...). I've tried various ways of having two WACs, and non of them successfully worked. So for now, I'm using the XWAC and keeping the component scan and the annotation settings in the xml. Later on, when I have a @Configuration entity, I can do the @ImportResource and throw away the XWAC and use an ACWAC instead. But that's for another time.

      Incidentally, several of the blogs out there pushing the WebApplicationInitializer has the same problem. I wonder if they even bothered to run their programs before publishing it to a blog. Probably not. Sigh.