Spring security error with AOP

Question

I want to delegate the security of my project in Spring Security, but when I add the dependencies to my POM and start the server I get an error that doesn't make sense... it says that my applicationContext.xml has an error and it points to the line where I have an aop sentence...

Here is a reduced version of my applicationContext.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:aop="http://www.springframework.org/schema/aop" xmlns:tx="http://www.springframework.org/schema/tx"
        xsi:schemaLocation="  
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd  
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.1.xsd  
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd  
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd">

 <!-- Activates scanning of @Autowired -->
    <context:annotation-config/>

    <!-- Activates scanning of @Repository and @Service -->
    <context:component-scan base-package="es.myproject"/>

    <!-- datasource configuration -->
    <context:property-placeholder location="classpath:jdbc.properties" />

    <bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
        <property name="jndiName" value="${jndi.name}" />
        <property name="lookupOnStartup" value="true"></property>
        <property name="cache" value="true"></property>
        <property name="proxyInterface" value="javax.sql.DataSource"></property>
    </bean>

    <!-- hibernate session factory -->
    <bean id="sessionFactory" class="org.springframework.orm.hibernate3.annotation.AnnotationSessionFactoryBean">
        <property name="dataSource"  ref="dataSource" />
        <property name="configLocation" value="classpath:hibernate.cfg.xml" />
        <property name="packagesToScan" value="es.myproject.modelo.datos" />
    </bean>

    <!-- enable the configuration of transactional behavior based on annotations -->
    <aop:aspectj-autoproxy />
    <tx:annotation-driven transaction-manager="transactionManager" />

    <!-- Transaction manager for a single Hibernate SessionFactory (alternative to JTA) -->
    <bean id="transactionManager" class="org.springframework.orm.hibernate3.HibernateTransactionManager">
        <property name="sessionFactory" ref="sessionFactory" />
    </bean>

</beans>

These are de dependencies:

<!-- Spring security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-core</artifactId>
            <version>3.1.0.RELEASE</version>    

        </dependency> 
       <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>3.1.0.RELEASE</version> 
        </dependency>   
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>3.1.0.RELEASE</version>
        </dependency>

And the error points to <aop:aspectj-autoproxy /> in the applicationContext.xml

If I delete the Spring Security dependencies, the error goes away... weird huh? Any ideas anybody?

The error says: org.xml.sax.SAXParseException: schema_reference.4: Failed to read schema document 'http://www.springframework.org/schema/aop/spring-aop-3.1.xsd', because 1) could not find the document; 2) the document could not be read; 3) the root element of the document is not <xsd:schema>. org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 41 in XML document from ServletContext resource [/WEB-INF/classes/applicationContext.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'aop:aspectj-autoproxy'.

But there's no real problem with reading that xsd, as I said if I delete the spring security dependencies this error doesn't show...

Answer 1

Strange. Your XML is valid (according to the W3 validator), and your bean definitions all look reasonable. That makes me think this is a classpath issue. Make sure that you have the following jars in your classpath:

• aopalliance-1.0.jar
• commons-logging-1.0.1.jar
• spring-aop-3.1.0.RELEASE.jar
• spring-asm-3.1.0.RELEASE.jar
• spring-beans-3.1.0.RELEASE.jar
• spring-context-3.1.0.RELEASE.jar
• spring-core-3.1.0.RELEASE.jar
• spring-expression-3.1.0.RELEASE.jar
• spring-jdbc-3.1.0.RELEASE.jar
• spring-orm-3.1.0.RELEASE.jar
• spring-security-core-3.1.0.RELEASE.jar
• spring-security-web-3.1.0.RELEASE.jar
• spring-tx-3.1.0.RELEASE.jar
• spring-web-3.1.0.RELEASE.jar

Also make sure that none of these appears multiple times (possibly with a different version)

Ah, re-reading your question, the problem may be that you don't explicitly list Spring 3.1.x as dependency. Spring Security 3.1.x only pulls Spring core 3.0.7 unless you explicitly request otherwise.

Add these dependencies and you should be safe:

<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-aop</artifactId>
    <version>3.1.0.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-orm</artifactId>
    <version>3.1.0.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-context</artifactId>
    <version>3.1.0.RELEASE</version>
</dependency>
<dependency>
    <groupId>org.springframework</groupId>
    <artifactId>spring-web</artifactId>
    <version>3.1.0.RELEASE</version>
</dependency>