Discussoes de Programacao e Tecnologia

Migrando Spring Security da versão 3.0.5.RELEASE para 3.1.2.RELEASE [RESOLVIDO]

1 resposta
spinow
spinow

Boa noite!
Migrei meu projeto da versão 3.0.5.RELEASE para a 3.1.2.RELEASE do Spring/ Spring Security e estou tendo alguns problemas na configuração do mesmo.
Primeiro, o SS pedia para eu fazer um upgrade nos schema locations de 3.0.xsd para 3.1.xsd.
Feito isso, comecei a ter problemas com o atributo “filters” no config:

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: The use of "filters='none'" is no longer supported. Please define a separate <http> element for the pattern you want to exclude and use the attribute "security='none'".
Offending resource: ServletContext resource [/WEB-INF/spring-security.xml]
	at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
	at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
	at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72)
	at org.springframework.security.config.http.HttpConfigurationBuilder.<init>(HttpConfigurationBuilder.java:127)
	at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.createFilterChain(HttpSecurityBeanDefinitionParser.java:135)
	at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:99)
	at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:90)
	at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1419)
	at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1409)
	at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:184)
	at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:140)
	at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:111)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
	at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
	at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
	at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
	at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
	at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
	at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
	at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

Retirando esses atributos de minha configuração, que antes era assim:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
           http://www.springframework.org/schema/context         
		   http://www.springframework.org/schema/context/spring-context-3.1.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd
		   http://www.springframework.org/schema/tx        
		   http://www.springframework.org/schema/tx/spring-tx.xsd">

	<global-method-security pre-post-annotations="enabled" />

	<http use-expressions="true" >
		<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
		<custom-filter ref="authenticationFilter" before="FORM_LOGIN_FILTER" />
 		<intercept-url pattern="/logout.jsf" access="permitAll" filters="none" />
		<intercept-url pattern="/login.jsf*" access="permitAll" filters="none" />
		<intercept-url pattern="/redefinir_senha.jsf" access="isAuthenticated()" filters="none" />
		<intercept-url pattern="/image/**" access="permitAll" filters="none" />		
		<intercept-url pattern="/**/*.pdf" access="permitAll" filters="none" />
		<intercept-url pattern="/js/**" access="permitAll" filters="none" />
		<intercept-url pattern="/javax.faces.resource/**" access="permitAll" filters="none" />
		<intercept-url pattern="/style/**" access="permitAll" filters="none" />
		<intercept-url pattern="/**/*.html" access="permitAll" filters="none" />
		<intercept-url pattern="/**" access="isAuthenticated()" />
		<access-denied-handler error-page="/login.jsf?error=true"/>
		<form-login login-page="/login.jsf" 
		            login-processing-url="/j_spring_security_check"		            
					authentication-failure-url="/login.jsf?error=true"
					default-target-url="/atendimento/agendamentos.jsf" 
					authentication-success-handler-ref="sgsPasswordResetSuccessHandler" />
					
		<logout invalidate-session="true" 
		        logout-url="/j_spring_security_logout"
                logout-success-url="/login.jsf" />
	</http>

 	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="sgsUserDetailsService">
			<password-encoder hash="md5" />
			<!-- <password-encoder ref="sgsPasswordEncoder" /> -->
		</authentication-provider>
	</authentication-manager>
	
	<beans:bean id="sgsPasswordResetSuccessHandler"
		class="br.com._3fconsultoria.sgs.architecture.security.SgsPasswordResetSuccessHandler">
	</beans:bean>
	
	<beans:bean id="authenticationFilter"
        class="br.com._3fconsultoria.sgs.architecture.security.SgsUsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
    	<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
        <beans:property name="authenticationFailureHandler">
	        <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
	            <beans:property name="defaultFailureUrl" value="/login.jsf?error=true" />
	        </beans:bean>
    	</beans:property>
    	<beans:property name="authenticationSuccessHandler" ref="sgsPasswordResetSuccessHandler" />
    </beans:bean>
	
	<beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
        <!-- <beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" />  -->
        <beans:property name="objectDefinitionSource" ref="filterSecurityMetadataSource" />
    </beans:bean>
    
	<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
		<beans:property name="decisionVoters">
			<beans:list>
				<beans:bean class="org.springframework.security.access.vote.RoleVoter" >
					<beans:property name="rolePrefix" value=""/>
				</beans:bean>
				<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
			</beans:list>
		</beans:property>
	</beans:bean>
</beans:beans>

e passou a ser assim (no trecho editado):

<http use-expressions="true" >
		<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
		<custom-filter ref="authenticationFilter" before="FORM_LOGIN_FILTER" />
 		<intercept-url pattern="/logout.jsf" access="permitAll" />
		<intercept-url pattern="/login.jsf*" access="permitAll" />
		<intercept-url pattern="/redefinir_senha.jsf" access="isAuthenticated()" />
		<intercept-url pattern="/image/**" access="permitAll" />		
		<intercept-url pattern="/**/*.pdf" access="permitAll" />
		<intercept-url pattern="/js/**" access="permitAll"  />
		<intercept-url pattern="/javax.faces.resource/**" access="permitAll" />
		<intercept-url pattern="/style/**" access="permitAll" />
		<intercept-url pattern="/**/*.html" access="permitAll" />
		<intercept-url pattern="/**" access="isAuthenticated()" />
		<access-denied-handler error-page="/login.jsf?error=true"/>
		<form-login login-page="/login.jsf" 
		            login-processing-url="/j_spring_security_check"		            
					authentication-failure-url="/login.jsf?error=true"
					default-target-url="/atendimento/agendamentos.jsf" 
					authentication-success-handler-ref="sgsPasswordResetSuccessHandler" />
					
		<logout invalidate-session="true" 
		        logout-url="/j_spring_security_logout"
                logout-success-url="/login.jsf" />
	</http>

… fazendo isso, retirando os “filters=none”, agora tenho outra exceção que não deixa minha aplicação subir:

java.lang.NoSuchFieldError: NULL
	at org.springframework.expression.TypedValue.<clinit>(TypedValue.java:32)
	at org.springframework.expression.spel.support.StandardEvaluationContext.setRootObject(StandardEvaluationContext.java:88)
	at org.springframework.expression.spel.support.StandardEvaluationContext.<init>(StandardEvaluationContext.java:74)
	at org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:124)
	at org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1299)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.evaluate(BeanDefinitionValueResolver.java:224)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:311)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:469)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

Caso algum expert em Spring Security puder ajudar, agradeço…

Obrigado!

Alura Desenvolvimento Back-End Java Sua Carreira em desenvolvimento back-end Java: dos fundamentos à arquitetura de sistemas...

1 Resposta

spinow
spinow

Resolvi deixando todas as dependencias do Spring na mesma versão, no caso a 3.1.2.RELEASE. Acontecia que a dependencia do spring-expression nao estava explicitamente declarada no .pom, fazendo com que uma versao diferente (mais antiga) fosse incluida pelo maven.
Espero que ajude…

Att,

Criado 19 de dezembro de 2012
Ultima resposta 8 de jan. de 2013
Respostas 1
Participantes 1

Topicos relacionados

Componente de forum 4 respostas Consultar CPF pelo nome na Receita Federal 5 respostas Pegadinhas que se fazem com os pobres estagiários 62 respostas [Resolvido] Como comparar Strings em C? 6 respostas Converter pixels para centímetros 9 respostas
Alura O que é Python? — um guia completo para iniciar nessa linguagem de programação Acesse agora o guia sobre Python e inicie sua jornada nessa linguagem de programação: o que é e para que serve, sua sintaxe e como iniciar nela!
Casa do Codigo Casa do Codigo — Livros de tecnologia Livros de programacao, infraestrutura e inovacao