No bean named 'springSecurityFilterChain' is defined error with javaconfig

Question

I'm having some problems adding spring security. It shows an error that says:No bean named 'springSecurityFilterChain' is defined

public class WebInitializer implements WebApplicationInitializer {

    public void onStartup(ServletContext servletContext) throws ServletException {


        // Create the 'root' Spring application context
        AnnotationConfigWebApplicationContext rootContext = new AnnotationConfigWebApplicationContext();
        rootContext.register(App.class);
        servletContext.addListener(new ContextLoaderListener(rootContext));


       // security filter
        servletContext.addFilter(
                "springSecurityFilterChain",
                new DelegatingFilterProxy("springSecurityFilterChain"))
                .addMappingForUrlPatterns(null, false, "/*");

        // Manage the lifecycle of the root application context
        AnnotationConfigWebApplicationContext webContext = new AnnotationConfigWebApplicationContext();
        webContext.register(WebConfig.class);
        webContext.setServletContext(servletContext);


        ServletRegistration.Dynamic servlet = servletContext.addServlet("dispatcher", new DispatcherServlet(webContext));
        servlet.addMapping("/");
        servlet.setLoadOnStartup(1);
    }
}

In the moment I add the security filter, it shows this error. I've been like crazy trying to resolve this with no success.

This is my WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("tom").password("123456").roles("USER");
        auth.inMemoryAuthentication().withUser("bill").password("123456").roles("ADMIN");
        auth.inMemoryAuthentication().withUser("james").password("123456").roles("SUPERADMIN");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
                .antMatchers("/signin").access("hasRole('ROLE_ADMIN')")
                .and().formLogin();

    }
}

WebConfig

@Configuration
@EnableWebMvc
@ComponentScan(value = {"com.hp.visitor.controller"})
@Import({ WebSecurityConfig.class })
public class WebConfig extends WebMvcConfigurerAdapter {

    @Bean
    UrlBasedViewResolver setupViewResolver(){
        UrlBasedViewResolver resolver = new UrlBasedViewResolver();
        resolver.setPrefix("/");
        resolver.setSuffix(".jsp");
        resolver.setViewClass(JstlView.class);
        return resolver;
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**").addResourceLocations("/static/");
    }

}

I've been trying a lot, but it always shows an 503 error.

How can I fix it?

Answer 1

You do not actually need to add the security filter manually. You can extend AbstractSecurityWebApplicationInitializer, which will insert the filter. You do not need to add any additional code than what is in the example below:

package com.example.spring.security.config;

import org.springframework.core.annotation.Order;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

@Order(1)
public class SecurityWebAppInitializer extends AbstractSecurityWebApplicationInitializer {

}

I typically will have my Security App Initializer with @Order(1) and the standard Web App Initializer with @Order(2).

You also need to make sure that your component scan is setup correctly. I have had it pointing at a wrong package and I have gotten this error before.

Answer 2

Try registering the security filter this way

FilterRegistration.Dynamic securityFilter = servletContext.addFilter("springSecurityFilterChain", DelegatingFilterProxy.class);
    securityFilter.addMappingForUrlPatterns(null, false, "/*");

And add the @Import({WebSecurityConfig.class}) in the configuration class you declare as your rootContext in WebInitializer in your case is in App.java

Answer 3

You can simply create a class that extends from AbstractSecurityWebApplicationInitializer and it will automatically create/initialize the security filter chain for you. No code needed:

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {}

Also, if you're only just creating a single dispatcher servlet, you could consider simply extending your WebAppIntializer class from AbstractAnnotationConfigDispatcherServletInitializer:

public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[]{WebSecurityConfig.class, App.class};
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{WebConfig.class};
    }

    @Override
    protected String[] getServletMappings() {
        return new String[]{
            "/"
        };
    }