Announcement Announcement Module
Collapse
No announcement yet.
ChannelProcessingFilter - securityMetadataSource on Convert to 3.0.5 Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • ChannelProcessingFilter - securityMetadataSource on Convert to 3.0.5

    I'm upgrading from Security 2.5.X to 3.0.5.

    This former definition for channelProcessingFilter no longer works (after updating the FQN and the name of the property - since filterInvocationDefinitionSource left with no forwarding address):

    Code:
    <bean id="channelProcessingFilter" class="org.springframework.security.web.access.channel.ChannelProcessingFilter">
      <property name="securityMetadataSource">
        <value>
          CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
          PATTERN_TYPE_APACHE_ANT
          /**=REQUIRES_SECURE_CHANNEL
        </value>
      </property>
      <property name="channelDecisionManager" ref="channelDecisionManager" />
    </bean>
    The error is:
    Code:
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'channelProcessingFilter' defined in ServletContext resource [/WEB-INF/config/applicationContext-security.xml]: Initialization of bean failed; nested exception is org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'java.lang.String' to required type 'org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource' for property 'securityMetadataSource'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource] for property 'securityMetadataSource': no matching editors or conversion strategy found
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:527)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
    	... 34 more
    Caused by: org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'java.lang.String' to required type 'org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource' for property 'securityMetadataSource'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource] for property 'securityMetadataSource': no matching editors or conversion strategy found
    	at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:462)
    	at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:499)
    	at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:493)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.convertForProperty(AbstractAutowireCapableBeanFactory.java:1371)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1330)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    	... 40 more
    Caused by: java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource] for property 'securityMetadataSource': no matching editors or conversion strategy found
    	at org.springframework.beans.TypeConverterDelegate.convertIfNecessary(TypeConverterDelegate.java:231)
    	at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:447)
    	... 46 more
    Understood. The simple value definition won't work.

    Based on the changes I successfully made to my definition of org.springframework.security.web.FilterChainProxy and other forum posts, I figured I could define the property as:

    Code:
    <property name="securityMetadataSource">
      <security:filter-security-metadata-source path-type="ant" id="securityDefinitionSource">
        <security:intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL" />
      </security:filter-security-metadata-source>
    </property>
    However, that resulted in:
    Code:
    Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'filterInvocationInterceptor' defined in ServletContext resource [/WEB-INF/config/applicationContext-security.xml]: Initialization of bean failed; nested exception is org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'java.lang.String' to required type 'org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource' for property 'objectDefinitionSource'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource] for property 'objectDefinitionSource': no matching editors or conversion strategy found
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:527)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:291)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:288)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:190)
    	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
    	... 34 more
    Caused by: org.springframework.beans.ConversionNotSupportedException: Failed to convert property value of type 'java.lang.String' to required type 'org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource' for property 'objectDefinitionSource'; nested exception is java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource] for property 'objectDefinitionSource': no matching editors or conversion strategy found
    	at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:462)
    	at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:499)
    	at org.springframework.beans.BeanWrapperImpl.convertForProperty(BeanWrapperImpl.java:493)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.convertForProperty(AbstractAutowireCapableBeanFactory.java:1371)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1330)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1086)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    	... 40 more
    Caused by: java.lang.IllegalStateException: Cannot convert value of type [java.lang.String] to required type [org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource] for property 'objectDefinitionSource': no matching editors or conversion strategy found
    	at org.springframework.beans.TypeConverterDelegate.convertIfNecessary(TypeConverterDelegate.java:231)
    	at org.springframework.beans.BeanWrapperImpl.convertIfNecessary(BeanWrapperImpl.java:447)
    	... 46 more
    I sort of get it ... There's Spring doesn't know how to convert the filter-security-metadata-source tag into a FilterInvocationSecurityMetadataSource.

    Can someone provide a better example or description of how to get this working?

    Thanks.

  • #2
    Sigh ... my bad.

    The property name 'objectDefinitionSource' should have been a better clue.

    I had a FilterSecurityInterceptor which used that property which also needed to be converted to a <security:filter-security-metadata-source>.

    The ChannelProcessingFilter worked as advertised with the above changes.

    Sorry for the confusion.

    Comment


    • #3
      hi, i did it with my project (with spring security3.0.5) and it works.

      <bean id="channelProcessingFilter" class="org.springframework.security.web.access.cha nnel.ChannelProcessingFilter">
      <property name="channelDecisionManager" ref="channelDecisionManager" />
      <property name="securityMetadataSource">
      <security:filter-security-metadata-source
      path-type="ant">
      <security:intercept-url pattern="/**" access="REQUIRES_SECURE_CHANNEL" />
      </security:filter-security-metadata-source>
      </property>
      </bean>

      <bean id="channelDecisionManager"
      class="org.springframework.security.web.access.cha nnel.ChannelDecisionManagerImpl">
      <property name="channelProcessors">
      <list>
      <ref bean="secureChannelProcessor" />
      <ref bean="insecureChannelProcessor" />
      </list>
      </property>
      </bean>

      <bean id="secureChannelProcessor"
      class="org.springframework.security.web.access.cha nnel.SecureChannelProcessor" />
      <bean id="insecureChannelProcessor"
      class="org.springframework.security.web.access.cha nnel.InsecureChannelProcessor" />

      and, of course you should put channelProecssingFilter to security:filter-chain element as the first one filter.

      Comment

      Working...
      X