Announcement Announcement Module
No announcement yet.
SS 2.0.1 filter-chain-map Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • SS 2.0.1 filter-chain-map

    I'm trying to set up Spring Security 2.0.1 for web services and also a website from the same site and port, but am having difficulty with it.

    I want to set up a webapp, so that anything with a URL starting with /services uses basic http auth, and fails with a 401, which is SOAP client friendly; and that unauthorized web page requests should be redirected to an HTML login page.

    I'm developing it with IntelliJ, using its autocompletion options, but also manually reading the XSD for the tag format.

    I'm following the documentation here
    to set up custom filter chains,

    I've modified this to use the new namespace configuration, so the section of my security.xml looks like this:

    <filter-chain-map path-type="ant">
            <filter-chain pattern="/services/**" filters="httpSessionContextIntegrationFilterWithASCFalse,basicProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor"/>
            <filter-chain pattern="/**" filters="httpSessionContextIntegrationFilterWithASCTrue,authenticationProcessingFilter,exceptionTranslationFilter,filterSecurityInterceptor"/>
    and this is the relevant section of my web.xml:
    but when I try to run it, in Jetty, I get the following stacktrace

    org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Cannot locate BeanDefinitionParser for element [filter-cha
    Offending resource: ServletContext resource [/WEB-INF/security.xml]
            at org.springframework.beans.factory.parsing.FailFastProblemReporter.fatal(
            at org.springframework.beans.factory.parsing.ReaderContext.fatal(
            at org.springframework.beans.factory.parsing.ReaderContext.fatal(
            at org.springframework.beans.factory.xml.NamespaceHandlerSupport.findParserForElement(
            at org.springframework.beans.factory.xml.NamespaceHandlerSupport.parse(
            at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(
            at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(
            at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(
            at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(
            at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(
            at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(
            at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(
            at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(
            at org.springframework.web.context.ContextLoader.createWebApplicationContext(
            at org.springframework.web.context.ContextLoader.initWebApplicationContext(
            at org.springframework.web.context.ContextLoaderListener.contextInitialized(
            at org.mortbay.jetty.handler.ContextHandler.startContext(
            at org.mortbay.jetty.servlet.Context.startContext(
            at org.mortbay.jetty.webapp.WebAppContext.startContext(
            at org.mortbay.jetty.handler.ContextHandler.doStart(
            at org.mortbay.jetty.webapp.WebAppContext.doStart(
            at org.mortbay.jetty.plugin.Jetty6PluginWebAppContext.doStart(
            at org.mortbay.component.AbstractLifeCycle.start(
            at org.mortbay.jetty.plugin.AbstractJettyRunMojo$1.filesChanged(
            at org.mortbay.util.Scanner.reportBulkChanges(
            at org.mortbay.util.Scanner.reportDifferences(
            at org.mortbay.util.Scanner.scan(
            at org.mortbay.util.Scanner$
            at java.util.TimerThread.mainLoop(
    does anyone have any idea what's causing this, or the correct way to set this up? I haven't seen any examples of this using the namespace syntax, so might it not complete yet?

  • #2
    What do you mean by "I've modified this to use the new namespace configuration"... the example in the manual is using namespace configuration already. Could you add your context file please (as an attachment, not inline) - it's difficult to work out what's happening with just small snippets of information.


    • #3
      on the manual page it is:

      <bean id="filterChainProxy" class="">
        <sec:filter-chain-map path-type="ant">
           <sec:filter-chain pattern="/webServices/**" 
           <sec:filter-chain pattern="/**" 
      using a bean declaration, rather than the <filter-chain-map> tag of SS 2's namespace.
      the stacktrace seems to indicate that it doesn't recognise this tag, yet it's in the XSD.

      I've attached my full security.xml (as .txt file - .xml upload not allowed)

      thanks for looking. sorry if I'm being stupid, I'm quite new to Spring.


      • #4
        Ah, Ok. You can't use filter-chain-map outside of a FilterChainProxy declaration. That is its sole purpose - to provide the configuration for a FilterChainProxy.

        The <http> syntax is an alternative to using FilterChainProxy. You wouldn't normally use them in the same configuration. If you want different filter chains for different URLs (as you do here), then you should use a traditional bean configuration (i.e. configure a FilterChainProxy and the filter beans that you want to use).


        • #5
          thanks for the reply.

          it's a shame I'll have to get all the filter beans instantiated, I haven't dealt with Acegi, but the amount of XML configuration looks frightening!
          Is there anywhere in the documentation with an example of the configuration of a normal set of filters? would the FilterChainProxy bean's id have to be anything in particular, or will it be automatically wired up by class?
          And would you recommend sticking with the new security namespace, or just copying a full old acegi configuration, and changing the package name throughout to

          but if the <http> tag creates a FilterChainProxy, and instantiates the filters it needs with sensible values, would these filters not be available to name - in order - in the "filters" attribute of the <intercept-url>s?

          thanks again


          • #6
            The "filters" attribute of the filter-chain element lists the filter bean names in order. For example, in what you have above:

            "httpSessionContextIntegrationFilterWithASCFalse,b asicProcessingFilter,exceptionTranslationFilter,fi lterSecurityInterceptor"

            those are the bean names. In theory you could use the interal bean names from the <http> element, but those are really an internal implementation issue and may not work in future.

            It is probably better to keep the two independent - much of the filter configuration will be different anyway (e.g. FilterSecurityInterceptor will protect different URLs).


            • #7
              Originally posted by Luke Taylor View Post
              If you want different filter chains for different URLs (as you do here), then you should use a traditional bean configuration (i.e. configure a FilterChainProxy and the filter beans that you want to use).
              I think different filterChains for different URLs is quite a common use case.
              If I have to use my old acegi FilterChainProxy I can't take advatage of the new namespace configuration ? Or am I wrong ?



              • #8
                Ok, I think I have figured it out.
                Since we hav a lot of customization it is better not to use the <security:http> configuration.


                • #9
                  Bean id not found

                  When I tried the same setup for my application. I got this error :

                  Caused by: org.springframework.beans.factory.NoSuchBeanDefini tionException: No bean named 'basicProcessingFilter' is defined

                  My config :

                  <http auto-config='true'>
                  <intercept-url pattern='/login.jsp*' filters='none' />
                  <intercept-url pattern='/**' access='ROLE_USER' />
                  <form-login login-page='/login.jsp' />

                  <beans:bean id="filterChainProxy" class=" inProxy">
                  <filter-chain-map path-type="ant">
                  <filter-chain pattern="/remote/**" filters="basicProcessingFilter" />