I am getting the following error message
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException:
No qualifying bean of type [org.springframework.security.core.session.SessionRegistry]
found for dependency: expected at least 1 bean which qualifies as autowire
candidate for this dependency. Dependency annotations:
{@org.springframework.beans.factory.annotation.Autowired(required=true)}
given the following Spring Security 4 setup:
Spring security configuration:
...
<x509 subject-principal-regex="CN=(.*?)," user-service-ref="userDetailsService" />
...
<custom-filter ref="concurrencyFilter" after="CONCURRENT_SESSION_FILTER" />
<session-management>
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="true"
session-registry-ref="sessionRegistry" />
</session-management>
<beans:bean id="concurrencyFilter"
class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:property name="sessionRegistry" ref="sessionRegistry"/>
<beans:property name="expiredUrl" value="/logout" />
</beans:bean>
<beans:bean id="sessionRegistry"
class="org.springframework.security.core.session.SessionRegistryImpl" />
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="userDetailsService" />
</authentication-manager>
...
Custom UserDetailsService:
...
@Service("userDetailsService")
public class UserDetailsServiceImpl implements UserDetailsService {
@Autowired
private SessionRegistryImpl sessionRegistry;
...
}
Any idea why SessionRegistryImpl fails to be injected into my custom UserDetailsService? I tried various permutations, e.g. session-registry-alias instead of session-registry-ref, and @Resource(name="sessionRegistry") instead of @Autowired, etc. but none worked for me. I am stuck, and any help will be greatly appreciated!
