Trying Spring Security with Jersey What is wrong with my security-context.xml file?

Question

I am trying to add Spring Security to my Jersey Webapp. I tried using the following as my security-context.xml file in addition with my existing applicationContext.xml (2 separate files for contextConfigLocation in web.xml):

http://snipt.org/OIh

based on a solution provided here: User authentication on a Jersey REST service

However upon starting tomcat... I get the following error:

SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 11 in XML document from ServletContext resource [/META-INF/securityContext.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:global-method-security'.

Can someone help me what is wrong?

What is the version of spring security used? – Arun P Johny Dec 07 '11 at 07:05 — Arun P Johny, Dec 07 '11 at 07:05

Ralph · Accepted Answer · 2011-12-07T09:04:37.893

1

You used: Spring Security 2 namespace but the element 'security:global-method-security' is a spring security 3 feature.

If you use Spring Security 3 (requires Spring 3) then update both namespaces, the one for Spring (you using Spring 2.5 namespace) and the Spring Security Namespace.

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.4.xsd
        http://www.springframework.org/schema/util
          http://www.springframework.org/schema/util/spring-util.xsd">

If you really must use spring security 2.0 then you ca not use the element 'security:global-method-security`. In this case you must explicit write the bean configuration that is hidden between that tag. (But unfortunately this are a lot of beans and there package names was changed form version 2.0 to version 3.0, so I can not provide a working example.)

edited Dec 07 '11 at 09:04

answered Dec 07 '11 at 07:51

Ralph

118,862
56
287
383

I've modified the securityContext.xml file as you described, but am still getting the same error. I am currently using the 3.0.5 RELEASE jars. – Rolando Dec 07 '11 at 14:26
@Teiviere: I highly doubt that you use Spring Security 3! For example the deprecated Class `HttpSessionContextIntegrationFilter` not longer resist in package `org.springframework.security.context`, it is moved to`org.springframework.security.web.context` in Spring Security 3. – Ralph Dec 07 '11 at 14:44
Is there a better example of a security-context.xml file I could use just to get basic spring security working that complements by applicationContext.xml that does not contain any mention of Spring security. – Rolando Dec 07 '11 at 14:56
@Teiviere: security-context.xml without Spring Security? Is that what you asked? – Ralph Dec 07 '11 at 14:58
I meant my applicationContext.xml does not have spring security, but I would like a basic sample security-context.xml sample file that contains all the spring security stuff as the one I posted from the link I looked in the other thread doesnt appear to be working. – Rolando Dec 07 '11 at 15:02
That link is very helpful. Thanks Ralph! – Rolando Dec 07 '11 at 21:28

Trying Spring Security with Jersey What is wrong with my security-context.xml file?

1 Answers1