Spring MVC, Spring Security and Hibernate cannot autowire properties between contexts

Question

I am using Spring MVC 3.0.6 and Spring security 3.0.7. I cannot @Autowire the RoleDao class to my user class when in the security context.

my web.xml file:

    <context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring/root-context.xml
        /WEB-INF/security-app-context.xml
    </param-value>
</context-param>

<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Processes application requests -->
<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>



<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

The security-app-context.xml:

<beans:bean id="chineseCheckersEntryPoint" class="com.nike.golf.security.ChineseCheckersAuthenticationEntryPoint" />

<beans:bean id="chineseCheckersFilter" class="com.nike.golf.security.ChineseCheckersAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>

<http use-expressions="true" auto-config="false" entry-point-ref="chineseCheckersEntryPoint">
    <intercept-url pattern="/secure/extreme/**" access="hasRole('supervisor')" />
    <intercept-url pattern="/user/**" access="permitAll" />
    <intercept-url pattern="/profile/**" access="isAuthenticated()" />
    <intercept-url pattern="/secure/**" access="isAuthenticated()" />
    <custom-filter position="PRE_AUTH_FILTER" ref="chineseCheckersFilter" />
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider ref="chineseCheckersAuthenticationProvider" />
</authentication-manager>

<beans:bean id="chineseCheckersAuthenticationProvider" class="com.nike.golf.security.ChineseCheckersAuthenticationProvider" />

In my user object where it uses the roleDao, it's null. It has not been autowired. From all the research I have done online it seems to be related to the different contexts, and not being able to autowire between them.

Can someone help me understand these contexts and how I can get them into the same context?

Answer 1

Thank you everyone for your help. I managed to figure this out.

This question was similar to mine and got me moving in the right direction: Declaring Spring Bean in Parent Context vs Child Context

This forum post really simplified the idea for me.

In your web.xml file you define the servlet context and the application context. The application context is configured through these pieces of XML:

<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/spring/root-context.xml
        /WEB-INF/security-app-context.xml
    </param-value>
</context-param>

<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

any number of *context.xml files you pass into the context-param > contextConfigLocation are in the application context. This is the parent context.

The servlet context gets created in the web.xml file by this bit of xml:

<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

The servlet context as the child context has access to the application context (parent).

This was the key thing for me to understand. So I moved all configuration I had in the servlet context, up to the application context.

Like the answer in the other question I linked to above says @Autowired still does not work. Anyone know the reason for that? So to get around this I defined the beans and the properties in the xml all the way from the property I was concerned with down to the sessionFactory.

The thing is now I could wire up the beans I needed in xml all the way up the hierarchy to sessionFactory because it was in the same context, since I moved it up to the application context from the servlet context where it was before.

In my question I didn't even post the servlet-context.xml file because I didn't think it needed to be touched, but in fact I needed to move the configuration up to the app context if I wanted to wire things up to my security beans.

I hope that makes sense.

Answer 2

You can imagine a context as a set of Spring beans.

Contexts can be nested, so that the outer context can access the beans from the inner one, but not the other way around. An example for this are typical web application, the have two contexts: the inner one specified with the contextConfigLocation and loaded by ContextLoaderListener, and the outer one configured with the DispatcherServlet.

One way to merge two xml files to one context, is introducing a third apllication configuration xml file, that only include then other xml files via bean:include. And then you have only to specify this third xml files for the loader. But I am not sure if you really have 2 application contexts configured for ContextLoaderListener. -- Anyway you can try the trick with the 3. xml file.