Tiny
Reputation: 27899
No authentication manager set. Reauthentication of users when changing passwords will not be performed
I have a web application running in the following environment.
- Spring Framework 4.0.0 GA
- Spring Security 3.2.0 GA
- Apache Struts 2.3.16
On deployment of the application, the following information appears on the server terminal.
No authentication manager set. Reauthentication of users when changing passwords will not be performed.
It is however, neither a warning nor an error. The log level is INFO.
The complete information is as follows.
Jan 02, 2014 11:02:52 AM org.apache.catalina.startup.HostConfig deployDescriptor
INFO: Deploying configuration descriptor C:\Program Files\Apache Software Foundation\Apache Tomcat 7.0.35\conf\Catalina\localhost\TestStruts.xml
Jan 02, 2014 11:03:03 AM org.springframework.web.context.ContextLoader initWebApplicationContext
INFO: Root WebApplicationContext: initialization started
Jan 02, 2014 11:03:03 AM org.springframework.web.context.support.XmlWebApplicationContext prepareRefresh
INFO: Refreshing Root WebApplicationContext: startup date [Thu Jan 02 11:03:03 IST 2014]; root of context hierarchy
Jan 02, 2014 11:03:03 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from ServletContext resource [/WEB-INF/applicationContext.xml]
Jan 02, 2014 11:03:05 AM org.springframework.beans.factory.xml.XmlBeanDefinitionReader loadBeanDefinitions
INFO: Loading XML bean definitions from ServletContext resource [/WEB-INF/spring-security.xml]
Jan 02, 2014 11:03:05 AM org.springframework.security.core.SpringSecurityCoreVersion performVersionChecks
INFO: You are running with Spring Security Core 3.2.0.RELEASE
Jan 02, 2014 11:03:05 AM org.springframework.security.config.SecurityNamespaceHandler <init>
INFO: Spring Security 'config' module version is 3.2.0.RELEASE
Jan 02, 2014 11:03:05 AM org.springframework.security.config.http.FilterInvocationSecurityMetadataSourceParser parseInterceptUrlsForFilterInvocationRequestMap
INFO: Creating access control expression attribute 'hasRole('ROLE_ADMIN')' for /admin_side/ **
Jan 02, 2014 11:03:05 AM org.springframework.security.config.http.HttpSecurityBeanDefinitionParser checkFilterChainOrder
INFO: Checking sorted filter chain: [Root bean: class [org.springframework.security.web.access.channel.ChannelProcessingFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 100, Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 200, Root bean: class [org.springframework.security.web.session.ConcurrentSessionFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 300, Root bean: class [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 400, Root bean: class [org.springframework.security.web.authentication.logout.LogoutFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 700, <org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter#0>, order = 1100, Root bean: class [org.springframework.security.web.authentication.www.BasicAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1500, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1600, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2000, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2100, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 2200, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 2300]
Jan 02, 2014 11:03:06 AM org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource#0' of type [class org.springframework.security.access.method.MapBasedMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Jan 02, 2014 11:03:06 AM org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.transaction.annotation.AnnotationTransactionAttributeSource#0' of type [class org.springframework.transaction.annotation.AnnotationTransactionAttributeSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Jan 02, 2014 11:03:06 AM org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean '(inner bean)' of type [class org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Jan 02, 2014 11:03:06 AM org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource#0' of type [class org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Jan 02, 2014 11:03:06 AM org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' of type [class org.springframework.security.access.intercept.aopalliance.MethodSecurityMetadataSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Jan 02, 2014 11:03:06 AM org.springframework.context.support.PostProcessorRegistrationDelegate$BeanPostProcessorChecker postProcessAfterInitialization
INFO: Bean 'org.springframework.transaction.config.internalTransactionAdvisor' of type [class org.springframework.transaction.interceptor.BeanFactoryTransactionAttributeSourceAdvisor] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
Jan 02, 2014 11:03:07 AM org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean createNativeEntityManagerFactory
INFO: Building JPA container EntityManagerFactory for persistence unit 'TestStrutsPU'
Jan 02, 2014 11:03:07 AM org.hibernate.annotations.common.Version <clinit>
INFO: HCANN000001: Hibernate Commons Annotations {4.0.2.Final}
Jan 02, 2014 11:03:07 AM org.hibernate.Version logVersion
INFO: HHH000412: Hibernate Core {4.2.7.Final}
Jan 02, 2014 11:03:07 AM org.hibernate.cfg.Environment <clinit>
INFO: HHH000206: hibernate.properties not found
Jan 02, 2014 11:03:07 AM org.hibernate.cfg.Environment buildBytecodeProvider
INFO: HHH000021: Bytecode provider name : javassist
Jan 02, 2014 11:03:07 AM org.hibernate.ejb.Ejb3Configuration configure
INFO: HHH000204: Processing PersistenceUnitInfo [
name: TestStrutsPU
...]
Jan 02, 2014 11:03:08 AM org.hibernate.service.jdbc.connections.internal.ConnectionProviderInitiator instantiateExplicitConnectionProvider
INFO: HHH000130: Instantiating explicit connection provider: org.hibernate.ejb.connection.InjectedDataSourceConnectionProvider
Jan 02, 2014 11:03:08 AM org.hibernate.dialect.Dialect <init>
INFO: HHH000400: Using dialect: org.hibernate.dialect.MySQLDialect
Jan 02, 2014 11:03:11 AM org.hibernate.engine.transaction.internal.TransactionFactoryInitiator initiateService
INFO: HHH000268: Transaction strategy: org.hibernate.engine.transaction.internal.jdbc.JdbcTransactionFactory
Jan 02, 2014 11:03:11 AM org.hibernate.hql.internal.ast.ASTQueryTranslatorFactory <init>
INFO: HHH000397: Using ASTQueryTranslatorFactory
Jan 02, 2014 11:03:14 AM org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping registerHandlerMethod
INFO: Mapped "{[/Login],methods=[POST],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String spring.controller.LoginController.onSubmit(javax.servlet.http.HttpServletRequest,java.util.Map)
Jan 02, 2014 11:03:14 AM org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping registerHandlerMethod
INFO: Mapped "{[/Login],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String spring.controller.LoginController.showForm(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse,java.util.Map) throws java.io.IOException
Jan 02, 2014 11:03:14 AM org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping registerHandlerMethod
INFO: Mapped "{[/LoginFailed],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public java.lang.String spring.controller.LoginController.loginError(javax.servlet.http.HttpServletResponse,org.springframework.ui.ModelMap) throws java.io.IOException
Jan 02, 2014 11:03:15 AM org.springframework.security.web.DefaultSecurityFilterChain <init>
INFO: Creating filter chain: Ant [pattern='/login.jsp*'], []
Jan 02, 2014 11:03:15 AM org.springframework.security.web.access.channel.ChannelProcessingFilter afterPropertiesSet
INFO: Validated configuration attributes
Jan 02, 2014 11:03:15 AM org.springframework.security.provisioning.JdbcUserDetailsManager initDao
INFO: No authentication manager set. Reauthentication of users when changing passwords will not be performed.
Jan 02, 2014 11:03:16 AM org.springframework.security.web.DefaultSecurityFilterChain <init>
INFO: Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.access.channel.ChannelProcessingFilter@b5f385, org.springframework.security.web.context.SecurityContextPersistenceFilter@186d678, org.springframework.security.web.session.ConcurrentSessionFilter@16a6110, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@10a7fe9, org.springframework.security.web.authentication.logout.LogoutFilter@53bd68, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@1b811ae, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@190eaae, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@11f5198, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@125e846, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@1b45682, org.springframework.security.web.session.SessionManagementFilter@9ba80c, org.springframework.security.web.access.ExceptionTranslationFilter@135b24b, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4c7a58]
Jan 02, 2014 11:03:16 AM org.springframework.security.config.http.DefaultFilterChainValidator checkLoginPageIsntProtected
INFO: Checking whether login URL '/admin_login/Login.action' is accessible with your configuration
Jan 02, 2014 11:03:16 AM org.springframework.web.context.ContextLoader initWebApplicationContext
INFO: Root WebApplicationContext: initialization completed in 12609 ms
Jan 02, 2014 11:03:18 AM com.opensymphony.xwork2.config.providers.XmlConfigurationProvider info
INFO: Parsing configuration file [struts-default.xml]
Jan 02, 2014 11:03:18 AM com.opensymphony.xwork2.config.providers.XmlConfigurationProvider info
INFO: Parsing configuration file [struts-plugin.xml]
Jan 02, 2014 11:03:18 AM com.opensymphony.xwork2.config.providers.XmlConfigurationProvider info
INFO: Parsing configuration file [struts.xml]
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (spring) for (com.opensymphony.xwork2.ObjectFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.factory.ActionFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.factory.ResultFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.factory.ConverterFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.factory.InterceptorFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.factory.ValidatorFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.FileManagerFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.impl.XWorkConverter)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.impl.CollectionConverter)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.impl.ArrayConverter)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.impl.DateConverter)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.impl.NumberConverter)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.impl.StringConverter)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.ConversionPropertiesProcessor)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.ConversionFileProcessor)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.ConversionAnnotationProcessor)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.TypeConverterCreator)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.TypeConverterHolder)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.TextProvider)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.LocaleProvider)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.ActionProxyFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.conversion.ObjectTypeDeterminer)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (org.apache.struts2.dispatcher.mapper.ActionMapper)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (jakarta) for (org.apache.struts2.dispatcher.multipart.MultiPartRequest)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (org.apache.struts2.views.freemarker.FreemarkerManager)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (org.apache.struts2.components.UrlRenderer)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.validator.ActionValidatorManager)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.util.ValueStackFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.util.reflection.ReflectionProvider)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.util.reflection.ReflectionContextFactory)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.util.PatternMatcher)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (org.apache.struts2.dispatcher.StaticContentLoader)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.UnknownHandlerManager)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (org.apache.struts2.views.util.UrlHelper)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.AbstractBeanSelectionProvider info
INFO: Choosing bean (struts) for (com.opensymphony.xwork2.util.TextParser)
Jan 02, 2014 11:03:18 AM org.apache.struts2.config.DefaultBeanSelectionProvider info
INFO: Loading global messages from [global]
Jan 02, 2014 11:03:18 AM org.apache.struts2.spring.StrutsSpringObjectFactory info
INFO: Initializing Struts-Spring integration...
Jan 02, 2014 11:03:18 AM com.opensymphony.xwork2.spring.SpringObjectFactory info
INFO: Setting autowire strategy to name
Jan 02, 2014 11:03:18 AM org.apache.struts2.spring.StrutsSpringObjectFactory info
INFO: ... initialized Struts-Spring integration successfully
Jan 02, 2014 11:03:20 AM org.apache.catalina.util.LifecycleBase start
INFO: The start() method was called on component [StandardEngine[Catalina].StandardHost[localhost].StandardContext[/TestStruts]] after start() had already been called. The second call will be ignored.
It has not yet caused any problem in the application. It was happening with the earlier versions which I was using. They were,
- Spring Framework 3.2.2
- Spring Security 3.2.0 M1
What does it mean? Am I missing something? Can this be solved somehow?
The spring-security.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http pattern="/Login.jsp*" security="none"></http>
<http auto-config='true' use-expressions="true" disable-url-rewriting="true" authentication-manager-ref="authenticationManager">
<session-management session-fixation-protection="newSession">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true" />
</session-management>
<intercept-url pattern="/admin_side/**" access="hasRole('ROLE_ADMIN')" requires-channel="any"/>
<form-login login-page="/admin_login/Login.action" authentication-success-handler-ref="loginSuccessHandler" authentication-failure-handler-ref="authenticationFailureHandler"/>
<logout logout-success-url="/admin_login/Login.action" invalidate-session="true" delete-cookies="JSESSIONID"/>
</http>
<authentication-manager id="authenticationManager">
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select email_id, password, enabled from user_table where lower(email_id)=lower(?)"
authorities-by-username-query="select ut.email_id, ur.authority from user_table ut, user_roles ur where ut.user_id=ur.user_id and lower(ut.email_id)=lower(?)"/>
</authentication-provider>
</authentication-manager>
<beans:bean id="loginSuccessHandler" class="loginsuccesshandler.LoginSuccessHandler"/>
<beans:bean id="authenticationFailureHandler" class="loginsuccesshandler.AuthenticationFailureHandler" />
<global-method-security secured-annotations="enabled" proxy-target-class="false">
<protect-pointcut expression="execution(* admin.dao.*.*(..))" access="ROLE_ADMIN"/>
</global-method-security>
</beans:beans>
The web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>AdminLoginNocacheFilter</filter-name>
<filter-class>filter.AdminLoginNocacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>AdminLoginNocacheFilter</filter-name>
<url-pattern>/admin_login/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>NoCacheFilter</filter-name>
<filter-class>filter.NoCacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>NoCacheFilter</filter-name>
<url-pattern>/admin_side/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
<init-param>
<param-name>struts.devMode</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
Upvotes: 1
Views: 3876
Answers (1)
Shaun the Sheep
Reputation: 22742
The message occurs because jdbc-user-service actually uses an instance of JdbcUserDetailsManager internally. This class supports creating and updating users and changing of passwords in addition to just reading a user's details.
If you are using the changePassword function then the class will optionally check the old password for you as part of the update, by calling an injected AuthenticationManager.
Since you aren't using this functionality (only the loadUserByUsername is needed for authentication) you can safely ignore the message.
Upvotes: 4
Related Questions
- Changing password using Spring security
- Spring-security is not picking up my authentication manager
- Spring Security: Authentication returns null
- Spring Security authentication manager problems
- Spring security form-login for struts
- Authentication in struts2
- How to force re-authentication of credentials in Spring Security?
- Spring Security manually setting authentication without authentication manager giving error
- Role-based authentication does not work
- Spring-security does not work properly