CODEWITHSUNDEEP
springspring-security
user3541321
user3541321

Reputation: 165

Spring Security error

Hi i am new to spring security and trying to apply authentication and authorization through spring security.

While running the application i am getting this exception:

javax.servlet.ServletException: java.lang.NoClassDefFoundError:org/springframework/security/access/expression/SecurityExpressionHandler

description The server encountered an internal error that prevented it from fulfilling this request.

exception 
org.apache.jasper.JasperException: javax.servlet.ServletException: java.lang.NoClassDefFoundError: org/springframework/security/access/expression/SecurityExpressionHandler
org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:549)
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:455)
org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
org.springframework.web.servlet.view.InternalResourceView.renderMergedOutputModel(InternalResourceView.java:238)
org.springframework.web.servlet.view.AbstractView.render(AbstractView.java:263)
org.springframework.web.servlet.DispatcherServlet.render(DispatcherServlet.java:1208)
org.springframework.web.servlet.DispatcherServlet.processDispatchResult(DispatcherServlet.java:992)
org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:939)
org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:856)
org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:936)
org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:827)
javax.servlet.http.HttpServlet.service(HttpServlet.java:620)
org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:812)
javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:368)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:109)
org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:187)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:109)
org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:380)
org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:169)
org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)

web.xml file is :

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xmlns="http://java.sun.com/xml/ns/javaee" 
     xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0">
<display-name>bsolPortalWebApp</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>springDispatcher</servlet-name>
<servlet-class>
        org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
  <init-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>/WEB-INF/config/spring-context.xml</param-value>
 </init-param>
 <load-on-startup>1</load-on-startup>
 </servlet>

<servlet-mapping>
<servlet-name>springDispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

<listener>
    <listener-class>
              org.springframework.web.context.ContextLoaderListener
            </listener-class>
</listener>


<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/config/spring-context.xml,
        /WEB-INF/config/spring-security.xml
    </param-value>
</context-param>

     <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
              org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>
  </web-app>

my spring-security.xml file is 

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">

<http auto-config="true">
    <intercept-url pattern="/PoolB/*"  requires-channel="http"          access="ROLE_USER,ROLE_ADMIN" />        
    <form-login login-page="/login" default-target-url="/PoolB/Welcome" authentication-failure-url="/loginfailed" />                            
logout logout-success-url="/logout" />           
</http>
    <authentication-manager> 
    <authentication-provider> 
    <user-service> 
    <user name="abc" password="abc" authorities="ROLE_USER" /> 
    <user name="xyz" password="xyz" authorities="ROLE_USER" /> 
    </user-service> 
    </authentication-provider> 
    </authentication-manager>   
    </beans:beans>

login.jsp file is :

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>

<link href="${pageContext.request.contextPath}/resources/css/background.css"  rel="stylesheet" >

  <style>
  .errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
    margin-right:500px;
    margin-left:500px;
    }
   </style> 

</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Authentication with Database)</h3>
<c:if test="${not empty error}">
<div class="errorblock">
      Your login attempt was not successful, try again.<br /> Caused :
   ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>                 
<form name='f' action="<c:url value='j_spring_security_check' />" method='POST'>
<table  align="center">
        <tr>
    <td>User:</td>
    <td><input type='text' name='j_username'  value='' id='uname'>
    </td>
    </tr>
    <tr>
    <td>Password:</td>
    <td><input type='password' name='j_password'   id='pword'/>
    </td>
    </tr>           
    <tr>
    <td><input type="submit" value="Login"></td>
    <td><input name="reset" type="Reset" /></td>
    </tr>
</table>
</form>
</body>
</html>

Welcome.jsp file is :

<%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO- 8859-1"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"  "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>Insert title here</title>
</head>
<body>
Hi U R Succesfully Loged in.
<br/>
<security:authorize access="hasRole('ROLE_ADMIN')">
<p>
<a href="..../ScorpioWebApp/PoolB/insert">InsertRecord</a>
</p>
</security:authorize>
<a href="..../ScorpioWebApp/PoolB/View">RetriveRecord</a>
</body>

and the added jars are:

1.com.springsource.org.apache.commons.logging-1.1.1.jar
2.com.springsource.org.apache.log4j-1.2.15.jar
3.javax.servlet.jsp.jstl-1.2.1.jar
4.jstl-1.2.jar
5.log4j-1.2.11.jar
6.log4j.jar
7.spring-aop-3.0.3.RELEASE.jar
8.spring-aop-3.2.5.RELEASE.jar
9.spring-aspects-3.2.5.RELEASE.jar
10.spring-beans-3.2.5.RELEASE.jar
11.spring-build-src-3.2.5.RELEASE.jar
12.spring-context-3.2.5.RELEASE.jar
13.spring-context-support-3.2.5.RELEASE.jar
14.spring-core-3.2.5.RELEASE.jar
15.spring-expression-3.2.5.RELEASE.jar
16.spring-instrument-3.2.5.RELEASE.jar
17.spring-instrument-tomcat-3.2.5.RELEASE.jar
18.spring-jdbc-3.2.5.RELEASE.jar
19.spring-jms-3.2.5.RELEASE.jar
20.spring-mobile-device-1.1.0.RELEASE.jar
21.spring-orm-3.2.5.RELEASE.jar
22.spring-oxm-3.2.5.RELEASE.jar
23.spring-security-config-3.0.5.RELEASE.jar
24.spring-security-core-3.0.5.RELEASE.jar
25.spring-security-taglibs-3.1.0.RELEASE.jar
26.spring-security-web-3.0.5.RELEASE.jar
27.spring-struts-3.2.5.RELEASE.jar
28.spring-test-3.2.5.RELEASE.jar
29.spring-tx-3.2.5.RELEASE.jar
30.spring-web-3.2.5.RELEASE.jar
31.spring-webmvc-3.2.5.RELEASE.jar
32.spring-webmvc-portlet-3.2.5.RELEASE.jar
33.sqljdbc4.jar

Can anyone please help me to resolve this issue..

    It was the problem with jar only. I added 3.1.0 version of all spring security jars and as per the suggestiong from other users added the following bean to spring configuration

 <bean id="webexpressionHandler" class="org.springframework.security.web.access.exp

Upvotes: 0

Views: 3507

Answers (1)

geoand
geoand

Reputation: 63991

The problem seems to be that you have Spring Security 3.0.x dependencies added to your classpath while you also use security-taglibs-3.1.0.RELEASE. Try using Spring Security 3.1.x for all the dependencies

The class SecurityExpressionHandler was added to Spring Security 3.1

UPDATE

You also need to update the xsd references in spring.security.xml

and add the following bean to spring configuration

<bean id="webexpressionHandler" class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler" />

Upvotes: 1

Related Questions