2

I am trying to learn How to do login using spring-security. I have provided my web.xml, Dispatcher-servlet.xml, login.jsp, spring-security.xml files. I thing there is some mistake in spring-security.xml.

You can provide me a complete working login program using spring-security.

Error is as follows:

org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from relative location [spring-security.xml]
Offending resource: ServletContext resource [/WEB-INF/dispatcher-servlet.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 21 in XML document from ServletContext resource [/WEB-INF/spring-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 21; columnNumber: 36; cvc-complex-type.3.2.2: Attribute 'username-parameter' is not allowed to appear in element 'form-login'.
org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70)

My DispatcherServlet is as follows:

   <?xml version='1.0' encoding='UTF-8' ?>
   <!-- was: <?xml version="1.0" encoding="UTF-8"?> -->
   <beans xmlns="http://www.springframework.org/schema/beans"
   xmlns:beans="http://www.springframework.org/schema/beans"
   xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:p="http://www.springframework.org/schema/p"
   xmlns:context="http://www.springframework.org/schema/context"
   xmlns:mvc="http://www.springframework.org/schema/mvc"
   xmlns:aop="http://www.springframework.org/schema/aop"
   xmlns:tx="http://www.springframework.org/schema/tx"
   xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
   http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-4.0.xsd
   http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.0.xsd
   http://www.springframework.org/schema/mvc
   http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
   http://www.springframework.org/schema/context 
   http://www.springframework.org/schema/context/spring-context-4.0.xsd
   http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping"/>
<context:annotation-config />
<context:component-scan base-package="com" />
<mvc:annotation-driven />

<!--
Most controllers will use the ControllerClassNameHandlerMapping above, but
for the index controller we are using ParameterizableViewController, so we must
define an explicit mapping for it.
-->
<bean id="urlMapping" class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping">
    <property name="mappings">
        <props>
            <prop key="index.htm">indexController</prop>
        </props>
    </property>
</bean>

<bean id="viewResolver"
      class="org.springframework.web.servlet.view.InternalResourceViewResolver"
      p:prefix="/WEB-INF/jsp/"
      p:suffix=".jsp" />

<!--
The index controller.
-->
<bean name="indexController"
          class="org.springframework.web.servlet.mvc.ParameterizableViewController"
      p:viewName="index" />
 <import resource="spring-security.xml"/>
 </beans>

My spring-security.xml file is as follows:

<b:beans xmlns:b="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<http auto-config='true'>
   <intercept-url pattern="/admin**" access="ROLE_USER" />
    <form-login 
        login-page="/login" 
        default-target-url="/welcome" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login?logout"  />
        </http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="mkyong" password="123456" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>
</beans:beans>

My Web.xml file is as follows:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/applicationContext.xml</param-value>
</context-param>
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
    <servlet-name>dispatcher</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
    <servlet-name>dispatcher</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
    <session-timeout>
        30
    </session-timeout>
</session-config>
</web-app>

My login.jsp is as follows:

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<head>
<title>Login Page</title>
<style>
 .error {
padding: 15px;
margin-bottom: 20px;
border: 1px solid transparent;
border-radius: 4px;
color: #a94442;
background-color: #f2dede;
border-color: #ebccd1;
}

.msg {
padding: 15px;
margin-bottom: 20px;
border: 1px solid transparent;
border-radius: 4px;
color: #31708f;
background-color: #d9edf7;
border-color: #bce8f1;
}

#login-box {
width: 300px;
padding: 20px;
margin: 100px auto;
background: #fff;
-webkit-border-radius: 2px;
-moz-border-radius: 2px;
border: 1px solid #000;
}
</style>
</head>
<body onload='document.loginForm.username.focus();'>
<h1>Spring Security Custom Login Form (XML)</h1>
<div id="login-box">
    <h3>Login with Username and Password</h3>
    <c:if test="${not empty error}">
        <div class="error">${error}</div>
    </c:if>
    <c:if test="${not empty msg}">
        <div class="msg">${msg}</div>
    </c:if>
    <form name='loginForm'
        action="<c:url value='/j_spring_security_check' />" method='POST'>
        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='username'></td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='password' /></td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" /></td>
            </tr>
        </table>        
        </form>
    </div>
</body>
</html>
paawan
  • 111
  • 1
  • 2
  • 13
  • Which Spring security version you are using – Sangram Jadhav Jun 01 '16 at 05:57
  • I am using spring-security-core-3.1.2.RELEASE.jar and spring-security-config-3.0.5.RELEASE.jar – paawan Jun 01 '16 at 08:09
  • Something is conflicting with xsd definition of form-login. can you check if no other security jar (of different version) is included somehow. Are you using any maven/gradle for dependency management – Sangram Jadhav Jun 01 '16 at 08:17
  • No, the jars I am using are these two only. I am not using maven/gradle for dependency management. – paawan Jun 01 '16 at 10:41

2 Answers2

2

The answer of my problem is following xml schema:

<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security 
http://www.springframework.org/schema/security/spring-security-3.2.xsd 
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/util    
http://www.springframework.org/schema/util/spring-util-4.0.xsd 
http://www.springframework.org/schema/context 
http://www.springframework.org/schema/context/spring-context-4.0.xsd">
paawan
  • 111
  • 1
  • 2
  • 13
0

Try to use below configuration for spring-security.xml

<bean:beans xmlns:b="http://www.springframework.org/schema/beans"
xmlns="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">
<http auto-config='true'>
   <intercept-url pattern="/admin**" access="ROLE_USER" />
    <form-login 
        login-page="/login" 
        default-target-url="/welcome" 
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login?logout"  />
        </http>

<authentication-manager>
    <authentication-provider>
        <user-service>
            <user name="mkyong" password="123456" authorities="ROLE_USER" />
        </user-service>
    </authentication-provider>
</authentication-manager>
</beans:beans>

I have updated your configuration to use version in all XSD schemas

Sangram Jadhav
  • 2,438
  • 16
  • 17
  • Following error occurs after updating configuration as you said: Line 10 in XML document from ServletContext resource [/WEB-INF/spring-security.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 10; columnNumber: 118; The prefix "bean" for element "bean:beans" is not bound. org.springframework.beans.factory.parsing.FailFastProblemReporter.error(FailFastProblemReporter.java:70) – paawan Jun 01 '16 at 15:23
  • oh there is a typo at first line. Use ` – Sangram Jadhav Jun 02 '16 at 04:24
  • I did as you said. There was also an another problem. that is I had did xmlns:b instead of xmlns:beans. Thanks friend for your help. This problem is solved, but now there is another problem. When I submit username and password in login.jsp page, it says that "The requested resource is not available." Please Help me. – paawan Jun 02 '16 at 07:12
  • My problem is solved I get help from this site http://stackoverflow.com/questions/12123516/getting-exception-no-bean-named-springsecurityfilterchain-is-defined – paawan Jun 02 '16 at 07:54