Announcement Announcement Module
Collapse
No announcement yet.
Attribute 'users-by-username-query' is not allowed to appear Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Attribute 'users-by-username-query' is not allowed to appear

    Hi,

    I am trying to migrate from acegi to spring security and get this error (and cannot figure it out) ...

    Code:
    Context initialization failed
    org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: 
    Line 175 in XML document from ServletContext resource [/WEB-INF/applicationContext.xml] is invalid;
     nested exception is org.xml.sax.SAXParseException: cvc-complex-type.3.2.2: 
    Attribute 'users-by-username-query' is not allowed to appear in element 'sec:jdbc-user-service
    '.
    my application context looks like this:
    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans 
                   http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                   http://www.springframework.org/schema/security
                   http://www.springframework.org/schema/security/spring-security-2.0.xsd">
    <sec:http auto-config="true">
        <sec:intercept-url pattern="/login.html*" filters="none"/>
        <sec:intercept-url pattern="/**" access="ROLE_SUPER_USER" />
        <sec:form-login login-page='/login.html' />
    </sec:http>
    
    <sec:authentication-provider user-service-ref="userService" />
    
    <sec:jdbc-user-service id="userService" data-source-ref="dataSource" users-by-username-query="any query here" />
    same problem if I use:
    Code:
    <sec:global-method-security secured-annotations="enabled" />
    in my configuration ...

    Thanks a lot + cu :-)

  • #2
    You aren't using an up-to-date schema. Use the spring-security-2.0.2.xsd URL.

    Comment


    • #3
      Thx so far, but... know I run into the next wildcard error with the http element!?
      Code:
      Caused by: org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: 
      The matching wildcard is strict, but no declaration can be found for element 'sec:http'.
      are there any dependencies concerning the libraries?
      I am using Spring 2.5 (not 2.5.5) and Tomcat...

      :-)

      PS: I've tried xsd 2.0.1 and 2.0.2

      Comment


      • #4
        This is a basic XML file parsing error - make sure you have the URLs correct. Try using one of the sample files as a starting point.

        Comment


        • #5
          I used the wrong version of spring security ;-)

          Now it seems to work ... (still testing).

          THX

          Comment


          • #6
            I ran into another problem ...

            Spring security is absolutely ignoring the

            users-by-username-query
            authorities-by-username-query

            attributes.

            I always get bad credentials exceptions or sql grammer exceptions which mainly tells me the users or/and authorities table does not exist.

            If I use the standard tables or create a view from my database scheme which fits the users and authorities tables everything works fine and I get authorized, but I am not able to use my own SQL statements here...!

            I am using the security scheme xsd in version 2.0.2 and spring security 2.0.3.

            applicationContext-security.xml:
            Code:
            <beans xmlns="http://www.springframework.org/schema/beans"
               xmlns:sec="http://www.springframework.org/schema/security"
               xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
               xsi:schemaLocation="http://www.springframework.org/schema/beans 
                           http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
                           http://www.springframework.org/schema/security
                           http://www.springframework.org/schema/security/spring-security-2.0.2.xsd">
                            
            
              <sec:http auto-config="true" access-denied-page="/error403.html">
                <sec:intercept-url pattern="/login.html*" filters="none"/>
                <sec:intercept-url pattern="/**" access="ROLE_SUPER_USER" requires-channel="any"/>
                <sec:form-login login-page='/login.html' authentication-failure-url="/login.html?login_error=1" />
                <sec:port-mappings>
                  <sec:port-mapping http="8080" https="9443"/>
                </sec:port-mappings>
              </sec:http>
              
              
              <sec:authentication-provider user-service-ref="userService" />
              
              <sec:jdbc-user-service id="userService" data-source-ref="securityDataSource"
                users-by-username-query="SELECT Login AS 'username', Password AS 'password', Enabled AS 'enabled' FROM User WHERE Login = ?" 
                authorities-by-username-query="SELECT u.Login as 'username', ua.Authority as 'authority' FROM Authority ua, User u WHERE ua.id = u.authority_id AND Login = ?"
              />
              
              <bean id="securityDataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
                <property name="driverClassName" value="${db.driverClass}" />
                <property name="url" value="${db.jdbcUrl}" />
                <property name="username" value="${db.user}" />
                <property name="password" value="${db.password}" />
              </bean>
            SPRING_SECURITY_LAST_EXCEPTION
            Code:
            org.springframework.security.AuthenticationServiceException: PreparedStatementCallback; bad SQL grammar [SELECT username,password,enabled FROM users WHERE username = ?]; nested exception is com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: Table 'command2.users' doesn't exist; 
            nested exception is org.springframework.jdbc.BadSqlGrammarException: PreparedStatementCallback; bad SQL grammar [SELECT username,password,enabled FROM users WHERE username = ?]; nested exception is com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: Table 'command2.users' doesn't exist
            Am I missing any details, using the wrong attributes or versions?

            Greetings,..


            [EDIT]
            I am also facing another problem ... the global-method-security element is not working ...
            Code:
            SCHWERWIEGEND: Context initialization failed
            org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Cannot locate BeanDefinitionParser for element [global-method-security]
            Offending resource: ServletContext resource [/WEB-INF/applicationContext-security.xml]
                    at org.springframework.beans.factory.parsing.FailFastProblemReporter.fatal(FailFastProblemReporter.java:59)
                    at org.springframework.beans.factory.parsing.ReaderContext.fatal(ReaderContext.java:68)
                    at org.springframework.beans.factory.parsing.ReaderContext.fatal(ReaderContext.java:55)
                    at org.springframework.beans.factory.xml.NamespaceHandlerSupport.findParserForElement(NamespaceHandlerSupport.java:79)
                    at org.springframework.beans.factory.xml.NamespaceHandlerSupport.parse(NamespaceHandlerSupport.java:69)
                    at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1246)
                    at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1236)
                    at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:133)
                    at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:90)
                    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:468)
                    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:363)
                    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:313)
                    at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:290)
                    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:142)
                    at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:158)
                    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
                    at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:92)
                    at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:97)
                    at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:411)
                    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:338)
                    at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
                    at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
                    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
                    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3830)
                    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4337)
                    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
                    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
                    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
                    at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920)
                    at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883)
                    at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
                    at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
                    at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
                    at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
                    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
                    at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
                    at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
                    at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
                    at org.apache.catalina.core.StandardService.start(StandardService.java:516)
                    at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
                    at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
                    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                    at java.lang.reflect.Method.invoke(Method.java:585)
                    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
                    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
            03.09.2008 12:26:41 org.apache.catalina.core.StandardContext start
            SCHWERWIEGEND: Error listenerStart
            This seems to bee a very usual element, so the configuration should work?
            Last edited by nOiDStaRr; Sep 3rd, 2008, 07:28 AM.

            Comment


            • #7
              I'd recommend you just configure a JdbcDaoImpl bean directly. This is just what the jdbc-user-service namespace element does and it doesn't really offer any added value.

              Comment


              • #8
                It seemed to be a caching problem concerning my applicationContext file. Since I removed my whole application and deployed everything new the applicationContext runs at least every part of the current configuration... and my SQL statements work well! ... thx

                but still I cannot use the <global-method-security secured-annotations="enabled" /> due to a new error ;-)

                Code:
                org.springframework.beans.factory.BeanDefinitionStoreException: Unexpected exception parsing XML document from ServletContext resource [/WEB-INF/applicationContext-security.xml]; 
                nested exception is java.lang.NoSuchMethodError: 
                org.springframework.aop.config.AopNamespaceUtils.registerAutoProxyCreatorIfNecessary(Lorg/springframework/beans/factory/xml/ParserContext;Ljava/lang/Object;)V
                        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:385)
                        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:313)
                        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:290)
                        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:142)
                        at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:158)
                        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:124)
                        at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:92)
                        at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:97)
                        at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:411)
                        at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:338)
                        at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:251)
                        at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:190)
                        at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:45)
                        at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3830)
                        at org.apache.catalina.core.StandardContext.start(StandardContext.java:4337)
                        at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
                        at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
                        at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:525)
                        at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:920)
                        at org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:883)
                        at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:492)
                        at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
                        at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
                        at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:117)
                        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
                        at org.apache.catalina.core.StandardHost.start(StandardHost.java:719)
                        at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
                        at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
                        at org.apache.catalina.core.StandardService.start(StandardService.java:516)
                        at org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
                        at org.apache.catalina.startup.Catalina.start(Catalina.java:566)
                        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
                        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
                        at java.lang.reflect.Method.invoke(Method.java:585)
                        at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:288)
                        at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:413)
                Caused by: java.lang.NoSuchMethodError: org.springframework.aop.config.AopNamespaceUtils.registerAutoProxyCreatorIfNecessary(Lorg/springframework/beans/factory/xml/Parser
                Context;Ljava/lang/Object;)V
                        at org.springframework.security.config.GlobalMethodSecurityBeanDefinitionParser.parse(GlobalMethodSecurityBeanDefinitionParser.java:88)
                        at org.springframework.beans.factory.xml.NamespaceHandlerSupport.parse(NamespaceHandlerSupport.java:69)
                        at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1246)
                        at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1236)
                        at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:133)
                        at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:90)
                        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:468)
                        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:363)
                        ... 36 more
                03.09.2008 14:24:16 org.apache.catalina.core.StandardContext start
                ... and it drives me crazy ;-)

                Comment


                • #9
                  Well, it's a good idea to search the web with the error message before posting. Typing "registerAutoProxyCreatorIfNecessary" in a google search would come up with this

                  http://jira.springframework.org/browse/SPR-4459

                  in a couple of seconds (the first match). So you would know right away that it was because of the Spring version you were using and you wouldn't have to go crazy :-).

                  Comment


                  • #10
                    Thx and yes, I already thought about incompatible versions but I could not figure it out.
                    Furthermore I was investigating heavily with google and co ;-) but it seems that I wasn't using the right terms... :-(

                    So far thank you very much and I will try to solve my problem.

                    PS: It would be very helpful if the documentation also includes the dependecies and which features goes with what version... + update the xml-schema version in the reference ;-)
                    There are a lot of examples but if you do not start from the scratch you bail hard sometimes ;-)

                    Comment


                    • #11
                      If you start from one of the working samples that come with a distribution and use that as a starting point then you are less likely to run into dependency issues as you will already have the matching dependencies in the application. Jar dependencies are defined as part of the maven build, and even if you aren't using maven the information can be found there. Schema match the build version (or the previous highest version, in the case where there have been no changes).

                      Comment

                      Working...
                      X