Announcement Announcement Module
Collapse
No announcement yet.
matching wildcard is strict, but no declaration can be found for element 'sec:http Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • matching wildcard is strict, but no declaration can be found for element 'sec:http

    I am trying to get spring-security 3.0.3 running with CAS (I am new to it). I am getting the following:
    2011-12-15 10:17:23.496:INFO:/apudt:Initializing Spring root WebApplicationContext
    2011-12-15 10:17:24.324:WARN::Failed startup of context org.mortbay.jetty.plugin.Jetty6PluginWebAppContext @a998c1{/apudt,C:\Documents and Settings\me6004\workspace\apu_dt\src\main\webapp}
    org.springframework.beans.factory.xml.XmlBeanDefin itionStoreException: Line 12 in XML document from class path resource [apu-dt-security_local.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'sec:http'.

    Any thoughts? It looks like for some reason it is not finding the .xsd in the spring-security-config.jar to correctly parse my security_local. properties file. I googled the error, and Spring forums say that the cvc-complex-type error is usually because the .jar is not on the classpath. My build path in Eclipse which clearly shows the spring-security-config jar. I am stuck, so would appreciate any help (FYI, Eclipse seems able to parse the .xml file at design time just fine). Also, here is a copy of my spring-security.xml file:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans" xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:aop="http://www.springframework.org/schema/aop"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-3.0.xsd
    http://www.springframework.org/schema/security/
    http://www.springframework.org/schem...rity-3.0.3.xsd http://www.springframework.org/schema/util
    http://www.springframework.org/schem...g-util-2.0.xsd http://www.springframework.org/schema/aop
    http://www.springframework.org/schema/aop/spring-aop-2.0.xsd">

    <!-- http element encapsulates security configuration for web layer -->
    <!-- Define customized CAS bean which starts authentication process -->
    <sec:http entry-point-ref="casProcessingFilterEntryPoint">
    <!-- Secure URLs based on roles, rules applied top to bottom first match -->
    <sec:intercept-url pattern="/**"
    access="ROLE_APU_DT_IQR_view,ROLE_APU_DT_IQR_view_ update,ROLE_APU_DT_IQR_view_approve,ROLE_APU_DT_OQ R_view,ROLE_APU_DT_OQR_view_update,ROLE_APU_DT_OQR _view_approve"
    requires-channel="any"/>
    <secort-mappings>
    <secort-mapping http="8080" https="8443"/>
    </secort-mappings>
    <!-- add a special CAS filter to the security filter stack -->
    <sec:custom-filter after="CAS_FILTER" ref='casAuthenticationFilter'/>
    <!-- Invalidate http session on logout -->
    <sec:logout/>
    </sec:http>

    <!-- Must include this element, registers the AuthenticationManager which provides authentication services-->
    <sec:authentication-manager alias="authenticationManager">
    <!-- add CAS authenticationProvider implementation to manager's list -->
    <sec:authentication-provider ref='casAuthenticationProvider'/>
    </sec:authentication-manager>
    <!-- Service Layer Security, secure methods on Spring Security beans via @Secure -->
    <sec:global-method-security secured-annotations="enabled" access-decision-manager-ref="httpRequestAccessDecisionManager">
    <!-- Define any AspectJ required pointcut expressions here -->
    </sec:global-method-security>

    <!-- Monitors service URL and processes a CAS service ticket into a token-->
    <bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAut henticationFilter">
    <property name="authenticationManager" ref="authenticationManager"/>
    <!-- <property name="authenticationFailureUrl" value="/errors/authenticationErrorPg.do"/> -->
    <property name="defaultTargetUrl" value="/home.action"/>
    <!-- Redirect to originally-requested page (not defaultTargetUrl) -->
    <property name="alwaysUseDefaultTargetUrl" value="false" />
    </bean>

    <!-- Integrates with CAS to validate token and user details loading -->
    <bean id="casAuthenticationProvider" class="org.springframework.security.cas.authentica tion">
    <!-- Loads authorities for a user, once authenticated by CAS -->
    <property name="userDetailsService" ref="ifmcUserDetailsService"/>
    <property name="ticketValidator">
    <!-- CAS client library makes HTTPs request to CAS Server to validate service ticket -->
    <bean class="org.jasig.cas.client.validation.Cas20Servic eTicketValidator">
    <!-- CAS Server URL for token (ticket) validation -->
    <constructor-arg index="0" value="${security.qcas2Validate}" />
    </bean>
    </property>
    <property name="statelessTicketCache" ref="statelessTicketCache"/>
    <property name="serviceProperties" ref="serviceProperties" />
    <!-- key used within CAS to distinguish the different client apps -->
    <property name="key"><value>apudt_password_for_this_auth_pro vider_only</value></property>
    </bean>

    <!-- Caching Config -->
    <!-- this bean injected into CasAuthenticationProvider; caches service tickets -->
    <bean id="statelessTicketCache" class="org.springframework.security.cas.authentica tion.EhCacheBasedTicketCache">
    <property name="cache" ref="ticketCacheBackend"/>
    </bean>

    <bean id="ticketCacheBackend" class="org.springframework.cache.ehcache.EhCacheFa ctoryBean">
    <property name="cacheManager" ref="cacheManager"/>
    <property name="cacheName" value="ticketCache"/>
    </bean>

    <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheMa nagerFactoryBean">
    <property name="configLocation">
    <!-- below file in ehcache.jar file uses default cache settings -->
    <value>classpath:/ehcache-failsafe.xml</value>
    </property>
    </bean>

    <!-- Commence authentication via CAS, redirect browser to enterprise-wide login page -->
    <bean id="casAuthenticationEntryPoint" class="org.springframework.security.cas.web.CasAut henticationEntryPoint">
    <property name="loginUrl" value="${security.loginUrl}"/>
    <property name="serviceProperties" ref="serviceProperties"/>
    </bean>

    <!-- This service monitored by CASAuthenticationFilter -->
    <!-- Callback URL for Spring security service -->
    <bean id="serviceProperties" class="org.springframework.security.cas.ServicePro perties">
    <property name="service"><value>${apudt.security.serviceLoca tion}</value></property>
    <!-- Tell CAS Server single sign-on acceptable -->
    <property name="sendRenew"><value>false</value></property>
    </bean>

    <!-- ================================================== ================= -->
    <!-- Application Specific Config -->
    <!-- ================================================== ================= -->
    <!-- Custom service for loading user details via accessing OARS -->
    <bean id="ifmcUserDetailsService" class="gov.hhs.cms.ocsq.hospital.apudt.security.If mcUserDetailsService">
    <property name="rolesLookup" ref="rolesLookupMap"/>
    <property name="system" value="QualityNet"/>
    <property name="application" value="APU_DT"/>
    <property name="realm" value="OARS"/>
    <property name="authorizationServiceUrl" value="${authservice.authorizationServiceUrl}"/>
    <property name="authenticationServiceUrl" value="${authservice.authenticationServiceUrl}"/>
    </bean>

    <bean id="basicProcessingFilterEntryPoint" class="org.springframework.security.ui.basicauth.B asicProcessingFilterEntryPoint">
    <property name="realmName"><value>Program Management</value></property>
    </bean>
    <!-- Bean to make decisions on Spring method-based security -->
    <!-- Denies access only if there is deny vote -and- no affirmative votes -->
    <bean id="httpRequestAccessDecisionManager" class="org.springframework.security.vote.Affirmati veBased">
    <property name="allowIfAllAbstainDecisions"><value>false</value></property>
    <property name="decisionVoters">
    <list>
    <ref bean="roleVoter"/>
    <ref bean="authVoter"/>
    </list>
    </property>
    </bean>

    <bean id="roleVoter" class="org.springframework.security.vote.RoleVoter " />
    <bean id="authVoter" class="org.springframework.security.vote.Authentic atedVoter" />

    <!-- Need to prefix user roles with "ROLE" to indicate role-based Spring security check -->
    <util:map id="rolesLookupMap">
    <entry key="APU_DT_IQR_view" value="ROLE_APU_DT_IQR_view"/>
    <entry key="APU_DT_IQR_view_update" value="ROLE_APU_DT_IQR_view_update"/>
    <entry key="APU_DT_IQR_view_approve" value="ROLE_APU_DT_IQR_view_approve"/>
    <entry key="APU_DT_OQR_view" value="ROLE_APU_DT_OQR_view"/>
    <entry key="APU_DT_OQR_view_update" value="ROLE_APU_DT_OQR_view_update"/>
    <entry key="APU_DT_OQR_view_approve" value="ROLE_APU_DT_OQR_view_approve"/>
    </util:map>
    </beans>
Working...
X