Search code examples
springjakarta-eespring-securityjava-ee-6spring-security-oauth2

Spring Security with Java EE 6 Restful Service

I have created a JavaEE 6 Restful service and now willing to integrate it with SpringSecurity. But, I really don't want to use SpringMVC and keep the library dependencies as least as possible. But, whenever I create a web.xml file and include a filter into that 

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
        org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>
<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>

</filter-mapping>

I get exception of class not found exception which is quite understood to me as I don't include the correct library. But, I have read too many blogs and using the library in the similar way.

Caused by: java.lang.ClassNotFoundException: org.springframework.web.filter.DelegatingFilterProxy

I have included two libraries into my application:

spring-security-core-3.2.3.RELEASE spring-security-web-3.2.3.RELEASE

Did anyone use architecture in this way or not. Basically I want to use OAuth2 from Spring Security. That's why I am trying to do all this. Secondly, don't want too many configuration files that's why developed Service in JavaEE 6.

Solution

  • Spring security has dependencies on the Spring framework so it's not enough to add only the spring-security jars to your project. The DelegatingFilterProxy class is provided in the spring-web library, but I guess you'll need more jars then spring-web alone to get it working.

    Normally these extra jars are automatically included when using tools such as maven/ivy/grails that handle transient dependencies for you.

    If you are managing your libraries manually you normally would download the distribution zip containing all the required jars, but I wasn't able to find a link to the spring security distribution. According to the docs it should be available from the main spring security page but I couldn't find the download link.

    There is however a distribution for the spring-framework (check the manual). I guess that it would sufficient to add the spring-security jars on top of the jars in the distribution, but the distribution will contain many more libraries then you really need for spring-security.

    I guess that you could track all the required dependencies manually via the the maven pom of spring-secuirty-web, but this is tedious work.