Here is the error log.
org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter springSecurityFilterChain
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:687)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1168)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:281)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:962)
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:324)
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235)
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:111)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4656)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5309)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Here are my configuration classes.
Spring version= 4.1.6.RELEASE
Spring security version= 4.1.0.RELEASE
1)WebInitializer implementing WebMvcConfigurerAdapter
public class WebInitializer implements WebApplicationInitializer
{
@Override
public void onStartup( ServletContext container )
{
AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
rootContext.register( AppConfig.class );
rootContext.setServletContext( container );
container.addListener( new ContextLoaderListener( rootContext ) );
container.addFilter("CORSFilter", it.codegen.tbx.central.service.config.SimpleCORSFilter.class)
.addMappingForUrlPatterns(null, false, "");
ServletRegistration.Dynamic dispatcher = container.addServlet( "dispatcher",
new DispatcherServlet( rootContext ) );
dispatcher.addMapping( "/" );
dispatcher.setLoadOnStartup( 1 );
}
}
2)AppConfig extending WebMvcConfigurerAdapter
@Configuration
@EnableWebMvc
@ComponentScan({ "it.codegen.tbx.central.service.config","it.codegen.tbx.central.service.backend.cache", "it.codegen.tbx.central.admin.config", "it.codegen.tbx.central.admin.service.controller", "it.codegen.tbx.central.admin.service.backend.tbx"})
@Import({ SecurityConfig.class })
public class AppConfig extends WebMvcConfigurerAdapter
{
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
}
3)SecurityConfig extending WebSecurityConfigurerAdapter
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("abc");
auth.inMemoryAuthentication().withUser("chaya").password("chaya").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/booking/search").access("hasAuthority('USER')")
.antMatchers("/booking/delete").access("hasAuthority('ADMIN')")
.and()
.formLogin()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login");
}
}
4)AbstractSecurityWebApplicationInitializer
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
I have gone through similar questions here and none of the solutions worked.
You have to annotate your Java configuration (SecurityConfig) with @EnableWebSecurity to add springSecurityFilterChain to your application context.
Your modified code:
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("abc");
auth.inMemoryAuthentication().withUser("chaya").password("chaya").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/booking/search").access("hasAuthority('USER')")
.antMatchers("/booking/delete").access("hasAuthority('ADMIN')")
.and()
.formLogin()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login");
}
}