Migrando Spring Security da versão 3.0.5.RELEASE para 3.1.2.RELEASE [RESOLVIDO]

spinow · Dezembro 19, 2012, 9:54pm

Boa noite!
Migrei meu projeto da versão 3.0.5.RELEASE para a 3.1.2.RELEASE do Spring/ Spring Security e estou tendo alguns problemas na configuração do mesmo.
Primeiro, o SS pedia para eu fazer um upgrade nos schema locations de 3.0.xsd para 3.1.xsd.
Feito isso, comecei a ter problemas com o atributo “filters” no config:

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: The use of "filters='none'" is no longer supported. Please define a separate <http> element for the pattern you want to exclude and use the attribute "security='none'".
Offending resource: ServletContext resource [/WEB-INF/spring-security.xml]
	at org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:68)
	at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:85)
	at org.springframework.beans.factory.parsing.ReaderContext.error(ReaderContext.java:72)
	at org.springframework.security.config.http.HttpConfigurationBuilder.<init>(HttpConfigurationBuilder.java:127)
	at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.createFilterChain(HttpSecurityBeanDefinitionParser.java:135)
	at org.springframework.security.config.http.HttpSecurityBeanDefinitionParser.parse(HttpSecurityBeanDefinitionParser.java:99)
	at org.springframework.security.config.SecurityNamespaceHandler.parse(SecurityNamespaceHandler.java:90)
	at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1419)
	at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1409)
	at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:184)
	at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:140)
	at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:111)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:334)
	at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:302)
	at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:174)
	at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:209)
	at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:180)
	at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
	at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
	at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:131)
	at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:527)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:441)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

Retirando esses atributos de minha configuração, que antes era assim:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
	xmlns:beans="http://www.springframework.org/schema/beans"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
           http://www.springframework.org/schema/context         
		   http://www.springframework.org/schema/context/spring-context-3.1.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd
		   http://www.springframework.org/schema/tx        
		   http://www.springframework.org/schema/tx/spring-tx.xsd">

	<global-method-security pre-post-annotations="enabled" />

	<http use-expressions="true" >
		<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
		<custom-filter ref="authenticationFilter" before="FORM_LOGIN_FILTER" />
 		<intercept-url pattern="/logout.jsf" access="permitAll" filters="none" />
		<intercept-url pattern="/login.jsf*" access="permitAll" filters="none" />
		<intercept-url pattern="/redefinir_senha.jsf" access="isAuthenticated()" filters="none" />
		<intercept-url pattern="/image/**" access="permitAll" filters="none" />		
		<intercept-url pattern="/**/*.pdf" access="permitAll" filters="none" />
		<intercept-url pattern="/js/**" access="permitAll" filters="none" />
		<intercept-url pattern="/javax.faces.resource/**" access="permitAll" filters="none" />
		<intercept-url pattern="/style/**" access="permitAll" filters="none" />
		<intercept-url pattern="/**/*.html" access="permitAll" filters="none" />
		<intercept-url pattern="/**" access="isAuthenticated()" />
		<access-denied-handler error-page="/login.jsf?error=true"/>
		<form-login login-page="/login.jsf" 
		            login-processing-url="/j_spring_security_check"		            
					authentication-failure-url="/login.jsf?error=true"
					default-target-url="/atendimento/agendamentos.jsf" 
					authentication-success-handler-ref="sgsPasswordResetSuccessHandler" />
					
		<logout invalidate-session="true" 
		        logout-url="/j_spring_security_logout"
                logout-success-url="/login.jsf" />
	</http>

 	<authentication-manager alias="authenticationManager">
		<authentication-provider user-service-ref="sgsUserDetailsService">
			<password-encoder hash="md5" />
			<!-- <password-encoder ref="sgsPasswordEncoder" /> -->
		</authentication-provider>
	</authentication-manager>
	
	<beans:bean id="sgsPasswordResetSuccessHandler"
		class="br.com._3fconsultoria.sgs.architecture.security.SgsPasswordResetSuccessHandler">
	</beans:bean>
	
	<beans:bean id="authenticationFilter"
        class="br.com._3fconsultoria.sgs.architecture.security.SgsUsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
    	<beans:property name="filterProcessesUrl" value="/j_spring_security_check"/>
        <beans:property name="authenticationFailureHandler">
	        <beans:bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
	            <beans:property name="defaultFailureUrl" value="/login.jsf?error=true" />
	        </beans:bean>
    	</beans:property>
    	<beans:property name="authenticationSuccessHandler" ref="sgsPasswordResetSuccessHandler" />
    </beans:bean>
	
	<beans:bean id="filterSecurityInterceptor"
        class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
        <beans:property name="authenticationManager" ref="authenticationManager" />
        <beans:property name="accessDecisionManager" ref="accessDecisionManager" />
        <!-- <beans:property name="securityMetadataSource" ref="filterSecurityMetadataSource" />  -->
        <beans:property name="objectDefinitionSource" ref="filterSecurityMetadataSource" />
    </beans:bean>
    
	<beans:bean id="accessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
		<beans:property name="decisionVoters">
			<beans:list>
				<beans:bean class="org.springframework.security.access.vote.RoleVoter" >
					<beans:property name="rolePrefix" value=""/>
				</beans:bean>
				<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
			</beans:list>
		</beans:property>
	</beans:bean>
</beans:beans>

e passou a ser assim (no trecho editado):

<http use-expressions="true" >
		<custom-filter ref="filterSecurityInterceptor" before="FILTER_SECURITY_INTERCEPTOR" />
		<custom-filter ref="authenticationFilter" before="FORM_LOGIN_FILTER" />
 		<intercept-url pattern="/logout.jsf" access="permitAll" />
		<intercept-url pattern="/login.jsf*" access="permitAll" />
		<intercept-url pattern="/redefinir_senha.jsf" access="isAuthenticated()" />
		<intercept-url pattern="/image/**" access="permitAll" />		
		<intercept-url pattern="/**/*.pdf" access="permitAll" />
		<intercept-url pattern="/js/**" access="permitAll"  />
		<intercept-url pattern="/javax.faces.resource/**" access="permitAll" />
		<intercept-url pattern="/style/**" access="permitAll" />
		<intercept-url pattern="/**/*.html" access="permitAll" />
		<intercept-url pattern="/**" access="isAuthenticated()" />
		<access-denied-handler error-page="/login.jsf?error=true"/>
		<form-login login-page="/login.jsf" 
		            login-processing-url="/j_spring_security_check"		            
					authentication-failure-url="/login.jsf?error=true"
					default-target-url="/atendimento/agendamentos.jsf" 
					authentication-success-handler-ref="sgsPasswordResetSuccessHandler" />
					
		<logout invalidate-session="true" 
		        logout-url="/j_spring_security_logout"
                logout-success-url="/login.jsf" />
	</http>

… fazendo isso, retirando os “filters=none”, agora tenho outra exceção que não deixa minha aplicação subir:

java.lang.NoSuchFieldError: NULL
	at org.springframework.expression.TypedValue.<clinit>(TypedValue.java:32)
	at org.springframework.expression.spel.support.StandardEvaluationContext.setRootObject(StandardEvaluationContext.java:88)
	at org.springframework.expression.spel.support.StandardEvaluationContext.<init>(StandardEvaluationContext.java:74)
	at org.springframework.context.expression.StandardBeanExpressionResolver.evaluate(StandardBeanExpressionResolver.java:124)
	at org.springframework.beans.factory.support.AbstractBeanFactory.evaluateBeanDefinitionString(AbstractBeanFactory.java:1299)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.evaluate(BeanDefinitionValueResolver.java:224)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:311)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:616)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:353)
	at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
	at org.springframework.beans.factory.support.ConstructorResolver.resolveConstructorArguments(ConstructorResolver.java:630)
	at org.springframework.beans.factory.support.ConstructorResolver.autowireConstructor(ConstructorResolver.java:148)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.autowireConstructor(AbstractAutowireCapableBeanFactory.java:1035)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:939)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:485)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:609)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:918)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:469)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:383)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4791)
	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5285)
	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
	at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
	at java.util.concurrent.FutureTask.run(FutureTask.java:138)
	at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
	at java.lang.Thread.run(Thread.java:662)

Caso algum expert em Spring Security puder ajudar, agradeço…

Obrigado!

spinow · Janeiro 8, 2013, 11:06pm

Resolvi deixando todas as dependencias do Spring na mesma versão, no caso a 3.1.2.RELEASE. Acontecia que a dependencia do spring-expression nao estava explicitamente declarada no .pom, fazendo com que uma versao diferente (mais antiga) fosse incluida pelo maven.
Espero que ajude…

Att,

system · Janeiro 5, 2016, 5:59pm

Migrando Spring Security da versão 3.0.5.RELEASE para 3.1.2.RELEASE [RESOLVIDO]

Cursos de Mobile

Cursos de Programação

Cursos de Front-end

Cursos de DevOps

Cursos de Design & UX

Cursos de Business

Cursos de Data & BI