spring-security-web error loading context

Question

I am attempting to use Web Security Expressions however when I load the context in my unit test I get org.xml.sax.SAXParseException: The markup declarations contained or pointed to by the document type declaration must be well-formed

My context file looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:sec="http://www.springframework.org/schema/security"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
           http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

 // various beans here

 <sec:http use-expressions="true">
   <sec:intercept-url pattern="/admin*"
      access="hasRole('admin') and hasIpAddress('192.168.1.0/24')"/>
  </sec:http>

</beans>

If I don't include the <sec:http> tag I don't get the error. If I include just <sec:http/> I do get the error.

In my pom I have included:

<dependancy>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-web</artifactId>
    <version>3.0.5.RELEASE</version>
</dependancy>

Do you have any problems with http://www.springframework.org/schema/security/spring-security-3.0.xsd URL (in the environment where your test was executed)? — Maksym Demidas, Feb 05 '13 at 13:20
I get a 404 for it as well as all the other xsds I use. I assume it is getting the schemas from the jars at runtime? Not sure how to check if it can be found vs the others I use. — John B, Feb 05 '13 at 13:51
This one normally loaded via network. I do not have any problems with it (can view it in my web browser). — Maksym Demidas, Feb 05 '13 at 13:56
This seems to be a cousin to this issue: http://stackoverflow.com/questions/2161050/spring-3-0-unable-to-locate-spring-namespacehandler-for-xml-schema-namespace — John B, Feb 05 '13 at 14:28

score 1 · Accepted Answer · answered Feb 05 '13 at 14:00

1

DTD files like this one

http://www.springframework.org/schema/security/spring-security-3.0.xsd

must be available for XML parser during each parse action. Make them available and the problem will go away.

answered Feb 05 '13 at 14:00

Maksym Demidas

7,707
1
29
36

So if we assume that my application does not have access to the internet, it must be getting the schema (including the other ones that it is OK with) from someplace. I would assume that it would be getting it from the jar included via the maven dependancy. Am I wrong here or do I not have the right dependancy? – John B Feb 05 '13 at 14:16
You are right. spring-security-config.jar is the right dependency. – Maksym Demidas Feb 05 '13 at 14:33

score 0 · Answer 2 · answered Feb 05 '13 at 14:21

0

Turns out the schemas for spring security are in the spring-security-config jar. I needed that dependancy.

answered Feb 05 '13 at 14:21

John B

32,493
6
77
98

spring-security-web error loading context

2 Answers2