Announcement Announcement Module
Collapse
No announcement yet.
Configuration problem: You must use a 3.0 schema with Spring Security 3.0 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Configuration problem: You must use a 3.0 schema with Spring Security 3.0

    I'm trying to migrate a project from Spring 3.0 to Spring 3.1, including moving Spring-security up to newer version. I've created a pom.xml for Maven to manage the dependencies, which it appears to be doing.

    When I deploy my build I get the error in the subject " Configuration problem: You must use a 3.0 schema with Spring Security 3.0" and the application cannot start. As I read that, the XML namespace is incorrect for some feature I'm using.

    My current namespace for security:
    http://www.springframework.org/schema/security http://www.springframework.org/schem...curity-3.1.xsd

    Is that right for the new Spring-security libraries?

    After a bit of digging it turns out I'm getting some 3.0 jars being deployed with my application, which makes me wonder if that is the root cause of the error I'm seeing (assuming the xsd declaration is correct)....
    Code:
    -rw-r--r-- 1 tomcat tomcat   78088 Jul  3 15:46 spring-security-acl-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat   81678 Jul 13 17:36 spring-security-acl-3.1.1.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat    7354 Jul  3 15:46 spring-security-aspects-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat    6522 Jul 19 02:00 spring-security-aspects-3.1.1.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat  185716 Jul  3 15:46 spring-security-config-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat  206484 Jul 17 13:04 spring-security-config-3.1.1.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat  311038 Jul  3 15:46 spring-security-core-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat  346990 Jul 13 17:36 spring-security-core-3.1.1.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat   17466 Jul  3 15:46 spring-security-openid-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat   19895 Jul 19 02:00 spring-security-openid-3.1.1.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat   18883 Jul  3 15:46 spring-security-taglibs-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat   20739 Jul 13 17:36 spring-security-taglibs-3.1.1.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat  242833 Jul  3 15:46 spring-security-web-3.0.5.RELEASE.jar
    -rw-r--r-- 1 tomcat tomcat  255466 Jul 13 17:36 spring-security-web-3.1.1.RELEASE.jar
    I've checked through my pom.xml and I am only referencing Spring 3.1.x libraries in there, so I figure the others (3.0.x.jars) are being pulled in as sub dependencies. Sure enough the Eclipse Maven tool to view dependancy tree shows some Spring/spring-security jars depend on 3.0 jars, but my (limited) understanding of Maven tells me that they should be ignored in favour of those closer to the root of the pom file.

    I have defined all these jars at the root of the dependency tree.

    So the question is, am I barking up the wrong tree? Is it possible these 3.0 jars could cause the error I'm seeing when I try to use the 3.1 security schema?

    If that could be the cause, how do I stop it happening?

    I've included my security-context below for review in case I've missed something - which is quite likely as I'm pretty new to the whole Spring thing!

    Code:
    <beans:beans xmlns="http://www.springframework.org/schema/security"
      xmlns:beans="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      xmlns:context="http://www.springframework.org/schema/context"
      xmlns:p="http://www.springframework.org/schema/p"
      xsi:schemaLocation="
      	http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
    	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
    	http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
               
    <!-- enable @Secured java annotation 
    	<global-method-security  pre-post-annotations="enabled" />
    -->
    <!--
    these 2 entries are here because of trying to sort different error I get when I set xsd to 3.0.3 as per this error. But I want to work with 3.1
    	<beans:bean id="expressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler" />
    	<beans:bean id="expressionHandler" class="org.springframework.security.web.access.expression.WebSecurityExpressionHandler" />	
    -->	
    	
        
    <!-- for Spring-security >= 3.1 -->
        <http pattern="/public/**" security="none"/>
        <http pattern="/login" security="none"/>
        <http pattern="/loggedOut" security="none"/>
        <http pattern="/include/css/**" security="none"/>
        <http pattern="/include/img/**" security="none"/>
    	<http use-expressions="true" auto-config="true" create-session="ifRequired" access-denied-page="/accessDenied" >
        	<form-login login-page="/login" authentication-failure-url="/authfailed" default-target-url="/reports/summaries" />
        	<logout invalidate-session="true" logout-success-url="/loggedOut" />
        	<!-- 
        	<session-management invalid-session-url="/invalidSession.htm" />
        	--> 
        	<anonymous/>
    
    <!-- Spring Security < 3.1
    	<intercept-url pattern="/public/**" filters="none"/>
        	<intercept-url pattern="/login" filters="none"/>
        	<intercept-url pattern="/loggedOut" filters="none"/>
        	<intercept-url pattern="/include/css/**" filters="none"/>
        	<intercept-url pattern="/include/img/**" filters="none"/>
    -->
    
        	<!-- isAuthenticated() hasRole('ROLE_REPORTS') -->
        	<intercept-url pattern="/reports/**" method="GET" access="hasRole('ROLE_REPORTS')" />
        	
        	<intercept-url pattern="/super/**" method="GET" access="hasRole('ROLE_SUPER')" />
        	
        	<intercept-url pattern="/user/userCP" method="GET" access="isAuthenticated()" />
        	<intercept-url pattern="/user/userCP" method="PUT" access="isAuthenticated()" />
        	
        	<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
        	
        	<intercept-url pattern="/data/**" method="GET" access="isAuthenticated()" />
        	<intercept-url pattern="/data/**" method="DELETE" access="hasRole('ROLE_ADMIN')" />
        	<intercept-url pattern="/data/**" method="POST" access="hasRole('ROLE_ADMIN')" />
        	<intercept-url pattern="/data/**" method="PUT" access="hasRole('ROLE_ADMIN')" />
    
    		<intercept-url pattern="/include/js/pages/admin/**" access="hasRole('ROLE_ADMIN')" />
    		<intercept-url pattern="/include/js/pages/all.js" access="isAuthenticated()" />
    		<intercept-url pattern="/include/js/pages/**" access="hasRole('ROLE_REPORTS')" />
    		
        	<intercept-url pattern="/include/js/**" access="hasRole('ROLE_ANONYMOUS')" />
        	
        	<intercept-url pattern="/include/**" access="isAuthenticated()" />
      	</http>
    
        <beans:import resource="hibernate-context.xml" />
      	<context:component-scan base-package="uk.co.romar.guardian.services" />
    	
      	<beans:bean id="userService" class="uk.co.romar.guardian.services.UserServiceImpl" />
      	<beans:bean id="pwdEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder" />
      	<!-- <beans:bean id="saltSource" class="??"/>  -->
      	<authentication-manager alias="authenticationManager">
    		<authentication-provider user-service-ref="userService">  
    			<password-encoder ref="pwdEncoder" />
    		</authentication-provider>
        </authentication-manager>
    
    </beans:beans>

  • #2
    Originally posted by DaFoot View Post
    I've checked through my pom.xml and I am only referencing Spring 3.1.x libraries in there, so I figure the others (3.0.x.jars) are being pulled in as sub dependencies. Sure enough the Eclipse Maven tool to view dependancy tree shows some Spring/spring-security jars depend on 3.0 jars, but my (limited) understanding of Maven tells me that they should be ignored in favour of those closer to the root of the pom file.
    A single version for a specific groupid and artifactid should be used. See the maven documentation around dependency mediation for details on how versions are handled.

    Originally posted by DaFoot View Post
    So the question is, am I barking up the wrong tree? Is it possible these 3.0 jars could cause the error I'm seeing when I try to use the 3.1 security schema?
    You are correct the version conflicts are likely what is causing the errors. You should only have a single version of spring-security and a single version of Spring within your war. This seems more like a maven question at this point. How are you running the war? Did you do a clean before you ran it? Can you provide the entire pom?

    If that could be the cause, how do I stop it happening?
    The duplicate dependencies can happen sometimes if things get out of Synch. For example you may need to do a clean. To ensure you get consistent versions you can either explicitly list out all the dependencies or use dependency management to control this behavior. This will not impact getting duplicates in the war, but it will ensure all the dependencies match up.

    Comment


    • #3
      Thanks for replying Rob, I appreciate the help.

      Originally posted by Rob Winch View Post
      A single version for a specific groupid and artifactid should be used. See the maven documentation around dependency mediation for details on how versions are handled.
      I'll have a good read in a moment.

      Originally posted by Rob Winch View Post
      You are correct the version conflicts are likely what is causing the errors. You should only have a single version of spring-security and a single version of Spring within your war. This seems more like a maven question at this point. How are you running the war? Did you do a clean before you ran it? Can you provide the entire pom?
      Good to know I'm not going mad.

      The war is being built by setting up an Eclipse (Juno/4.2) run configuration and firing that off. That run configuration has the following goals defined: clean war:war tomcat:redeploy.

      My pom.xml follows:
      Code:
      <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <groupId>uk.co.romar</groupId>
        <artifactId>guardian</artifactId>
        <packaging>war</packaging>
        <version>1.1</version>
        <name>guardian Maven Webapp</name>
        <url>http://maven.apache.org</url>
      	<repositories>
      		<repository>
      			<id>repository.jboss.org-public</id>	
      			<name>JBoss repository</name>
      			<url>https://repository.jboss.org/nexus/content/groups/public</url>
      		</repository>
      	</repositories>
      	<properties>
      		<spring-security.version>3.1.1.RELEASE</spring-security.version>
      		<spring.version>3.1.2.RELEASE</spring.version>	
      	</properties>
      	
        <dependencies>
      	<dependency>
      		<groupId>junit</groupId>
      		<artifactId>junit</artifactId>
      		<version>3.8.1</version>
      		<scope>test</scope>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework</groupId>
      		<artifactId>spring-beans</artifactId>
      		<version>${spring.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework</groupId>
      		<artifactId>spring-aop</artifactId>
      		<version>${spring.version}</version>
      	</dependency>
      	
      	<dependency>
      		<groupId>org.springframework</groupId>
      		<artifactId>spring-core</artifactId>
      		<version>${spring.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework</groupId>
      		<artifactId>spring-expression</artifactId>
      		<version>${spring.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework</groupId>
      		<artifactId>spring-webmvc</artifactId>
      		<version>${spring.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework</groupId>
      		<artifactId>spring-tx</artifactId>
      		<version>${spring.version}</version>
      	</dependency>
      	    <dependency>
          	<groupId>org.springframework</groupId>
          	<artifactId>spring-orm</artifactId>
          	<version>${spring.version}</version>
          </dependency>
          <dependency>
          	<groupId>org.springframework</groupId>
          	<artifactId>spring-context</artifactId>
          	<version>${spring.version}</version>
          </dependency>
          <dependency>
          	<groupId>org.springframework</groupId>
          	<artifactId>spring-context-support</artifactId>
          	<version>${spring.version}</version>
          </dependency>
      	
      	<dependency>
      		<groupId>org.springframework.security</groupId>
      		<artifactId>spring-security-core</artifactId>
      		<version>${spring-security.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework.security</groupId>
      		<artifactId>spring-security-taglibs</artifactId>
      		<version>${spring-security.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework.security</groupId>
      		<artifactId>spring-security-config</artifactId>
      		<version>${spring-security.version}</version>
      	</dependency>
      	<dependency>
      		<groupId>org.springframework.security</groupId>
      		<artifactId>spring-security-web</artifactId>
      		<version>${spring-security.version}</version>
      	</dependency>
          <dependency>
          	<groupId>org.springframework.security</groupId>
          	<artifactId>spring-security-aspects</artifactId>
          	<version>${spring-security.version}</version>
          </dependency>
          <dependency>
          	<groupId>org.springframework.security</groupId>
          	<artifactId>spring-security-openid</artifactId>
          	<version>${spring-security.version}</version>
          </dependency>
      	<dependency>
          	<groupId>org.springframework.security</groupId>
          	<artifactId>spring-security-acl</artifactId>
          	<version>${spring-security.version}</version>
          </dependency>
          
          <dependency>
          	<groupId>org.codehaus.jackson</groupId>
          	<artifactId>jackson-core-lgpl</artifactId>
          	<version>1.9.8</version>
          </dependency>
          <dependency>
          	<groupId>org.codehaus.jackson</groupId>
          	<artifactId>jackson-core-asl</artifactId>
          	<version>1.9.8</version>
          </dependency>
          <dependency>
          	<groupId>org.codehaus.jackson</groupId>
          	<artifactId>jackson-mapper-asl</artifactId>
          	<version>1.9.8</version>
          </dependency>
      
      
          <dependency>
          	<groupId>javax.servlet</groupId>
          	<artifactId>javax.servlet-api</artifactId>
          	<version>3.0.1</version>
          </dependency>
          <dependency>
          	<groupId>org.hibernate</groupId>
          	<artifactId>hibernate-core</artifactId>
          	<version>3.6.5.Final</version>
          </dependency>
          <dependency>
          	<groupId>org.hibernate</groupId>
          	<artifactId>hibernate-commons-annotations</artifactId>
          	<version>3.2.0.Final</version>
          </dependency>
          <dependency>
          	<groupId>org.apache.directory.studio</groupId>
          	<artifactId>org.apache.commons.lang</artifactId>
          	<version>2.6</version>
          </dependency>
          <dependency>
          	<groupId>org.codehaus.jackson</groupId>
          	<artifactId>jackson-asl</artifactId>
          	<version>0.9.5</version>
          </dependency>
          <dependency>
          	<groupId>org.hibernate</groupId>
          	<artifactId>hibernate-c3p0</artifactId>
          	<version>4.1.4.Final</version>
          </dependency>
          <dependency>
          	<groupId>org.firebirdsql.jdbc</groupId>
          	<artifactId>jaybird-jdk17</artifactId>
          	<version>2.2.0</version>
          </dependency>
          <dependency>
          	<groupId>org.slf4j</groupId>
          	<artifactId>slf4j-api</artifactId>
          	<version>1.6.6</version>
          </dependency>
          <dependency>
          	<groupId>aopalliance</groupId>
          	<artifactId>aopalliance</artifactId>
          	<version>1.0</version>
          </dependency>
          <dependency>
          	<groupId>commons-beanutils</groupId>
          	<artifactId>commons-beanutils</artifactId>
          	<version>1.8.3</version>
          </dependency>
          <dependency>
          	<groupId>commons-beanutils</groupId>
          	<artifactId>commons-beanutils-bean-collections</artifactId>
          	<version>1.8.3</version>
          </dependency>
          <dependency>
          	<groupId>commons-beanutils</groupId>
          	<artifactId>commons-beanutils-core</artifactId>
          	<version>1.8.3</version>
          </dependency>
          <dependency>
          	<groupId>commons-collections</groupId>
          	<artifactId>commons-collections</artifactId>
          	<version>20040616</version>
          </dependency>
          <dependency>
          	<groupId>javax.servlet</groupId>
          	<artifactId>jstl</artifactId>
          	<version>1.2</version>
          </dependency>
          
      
        </dependencies>
        <build>
          <finalName>guardian</finalName>
          <plugins>
      		<plugin>
      			<groupId>org.codehaus.mojo</groupId>
      			<artifactId>tomcat-maven-plugin</artifactId>
      			<configuration>
      				<url>http://localhost:8080/manager/html</url>
      				<server>localtomcat</server><!-- see ~/.m2/settings.xml -->
      				<path>/guardian</path>
      			</configuration>
      		</plugin>
      		<plugin>
      			<artifactId>maven-compiler-plugin</artifactId>
      			<configuration>
      				<source>1.7</source>
      				<target>1.7</target>
      			</configuration>
      		</plugin>
      	</plugins>
      	<sourceDirectory>src/main/java</sourceDirectory>
      	<defaultGoal>war:war</defaultGoal>
        </build>
      </project>
      Originally posted by Rob Winch View Post
      The duplicate dependencies can happen sometimes if things get out of Synch. For example you may need to do a clean. To ensure you get consistent versions you can either explicitly list out all the dependencies or use dependency management to control this behavior. This will not impact getting duplicates in the war, but it will ensure all the dependencies match up.
      I have a 'clean' in my Eclipse run configuration, but quite possible it should be something like maven:clean or project:clean etc that I don't know about.

      Comment


      • #4
        Originally posted by DaFoot View Post
        I have a 'clean' in my Eclipse run configuration, but quite possible it should be something like maven:clean or project:clean etc that I don't know about.
        My solution when Eclipse WTP gets out of synch is a bit lengthy, but it seems to do the trick. As you get more experienced you will learn when you only need to do some of the tips on here, but this is the full suite.

        Ensure you do not have errors in your worksapce
        • If you have errors in your pom.xml or anywhere else it can sometimes cause Eclipse to stop updating things. It really depends on where the error is. So ensure you have fixed all the errors

        Update the project configuration:
        • Right Click the Project
        • Select Maven ... -> Update Project
        • Ensure your project is clicked a select OK

        For good measure I typically clean the project too
        • Select the Project
        • Select Project -> Clean ..
        • Ensure the project is selected to be cleaned and select OK

        Clean your Server
        • Rick Click Your Server in the Servers View
        • Select Clean Tomcat working directory (assuming you are using Tomcat)
        • Select Clean ...
        • Select OK

        Verify everything is cleaned
        • Navigate to the deployed folder (i.e. <WORKSPACE>/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/) and verify your project was removed
        • Verify your server says Republished (it should not say Synchronized)

        Start your server and look in the deployed folder and ensure your application is synchronized.

        Comment


        • #5
          Everything cleaned and Maven updated.

          I've not attached Tomcat to Eclipse to sync applications as yet... on the list of things to do, so manually removed the unpacked app under webapps/ along with the .war.

          Removed any directories in the Tomcat work area.

          Manually deleted all jars under <project>/target/lib/.

          Build and deploy = same issue/same error message.

          Comment


          • #6
            Did your dependencies change?

            Comment


            • #7
              The spring-security-3.1.1 dependencies still show dependencies on 3.0.x jars in the hierarchy tree. They are marked as "omitted for conflict" but still find their way into the build from somewhere.

              I don't think anything has changed.

              Comment


              • #8
                I would suggest breaking it down into pieces. Using your exact pom and a dummy project I get the correct results when building the war (see below). You should check the same. Then troubleshoot it deploying to tomcat.

                Code:
                $ mvn clean war:war
                ...
                $ ls -1 target/guardian/WEB-INF/lib/$ ls -1 target/guardian/WEB-INF/lib/
                antlr-2.7.6.jar
                antlr-runtime-3.4.jar
                aopalliance-1.0.jar
                c3p0-0.9.1.jar
                commons-beanutils-1.8.3.jar
                commons-beanutils-bean-collections-1.8.3.jar
                commons-beanutils-core-1.8.3.jar
                commons-codec-1.4.jar
                commons-collections-20040616.jar
                commons-lang-2.6.jar
                commons-logging-1.1.1.jar
                connector-api-1.5.jar
                dom4j-1.6.1.jar
                guice-2.0.jar
                hibernate-c3p0-4.1.4.Final.jar
                hibernate-commons-annotations-3.2.0.Final.jar
                hibernate-core-3.6.5.Final.jar
                hibernate-jpa-2.0-api-1.0.0.Final.jar
                httpclient-4.1.1.jar
                httpcore-4.1.jar
                jackson-asl-0.9.5.jar
                jackson-core-asl-1.9.8.jar
                jackson-core-lgpl-1.9.8.jar
                jackson-mapper-asl-1.9.8.jar
                javax.servlet-api-3.0.1.jar
                jaybird-jdk17-2.2.0.jar
                jboss-logging-3.1.0.GA.jar
                jcip-annotations-1.0.jar
                jstl-1.2.jar
                jta-1.1.jar
                openid4java-nodeps-0.9.6.jar
                org.apache.commons.lang-2.6.jar
                slf4j-api-1.6.6.jar
                spring-aop-3.1.2.RELEASE.jar
                spring-asm-3.1.2.RELEASE.jar
                spring-beans-3.1.2.RELEASE.jar
                spring-context-3.1.2.RELEASE.jar
                spring-context-support-3.1.2.RELEASE.jar
                spring-core-3.1.2.RELEASE.jar
                spring-expression-3.1.2.RELEASE.jar
                spring-jdbc-3.1.2.RELEASE.jar
                spring-orm-3.1.2.RELEASE.jar
                spring-security-acl-3.1.1.RELEASE.jar
                spring-security-aspects-3.1.1.RELEASE.jar
                spring-security-config-3.1.1.RELEASE.jar
                spring-security-core-3.1.1.RELEASE.jar
                spring-security-openid-3.1.1.RELEASE.jar
                spring-security-taglibs-3.1.1.RELEASE.jar
                spring-security-web-3.1.1.RELEASE.jar
                spring-tx-3.1.2.RELEASE.jar
                spring-web-3.1.2.RELEASE.jar
                spring-webmvc-3.1.2.RELEASE.jar
                stringtemplate-3.2.1.jar

                Comment


                • #9
                  Given the result you've got there I figured it was worth a try and created a new Eclipse project, manually copied in Java source, JSPs etc and config files.

                  What do you know - it hasn't produced any of those extra jars. So I actually have no idea what was causing the issue, but it does seem to have gone away with the new project (to be replaced with a different issue - but that I'll investigate separately).

                  Many thanks for taking the time to help out Rob.

                  Comment

                  Working...
                  X