Trying Spring Security with Jersey What is wrong with my security-context.xml file?

1
votes

I am trying to add Spring Security to my Jersey Webapp. I tried using the following as my security-context.xml file in addition with my existing applicationContext.xml (2 separate files for contextConfigLocation in web.xml):

http://snipt.org/OIh

based on a solution provided here: User authentication on a Jersey REST service

However upon starting tomcat... I get the following error:

SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 11 in XML document from ServletContext resource [/META-INF/securityContext.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:global-method-security'.

Can someone help me what is wrong?

1
javaspringspring-securityjersey
What is the version of spring security used?Arun P Johny

1 Answers

1
votes

You used: Spring Security 2 namespace but the element 'security:global-method-security' is a spring security 3 feature.

If you use Spring Security 3 (requires Spring 3) then update both namespaces, the one for Spring (you using Spring 2.5 namespace) and the Spring Security Namespace.

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.0.4.xsd
        http://www.springframework.org/schema/util
          http://www.springframework.org/schema/util/spring-util.xsd">

If you really must use spring security 2.0 then you ca not use the element 'security:global-method-security`. In this case you must explicit write the bean configuration that is hidden between that tag. (But unfortunately this are a lot of beans and there package names was changed form version 2.0 to version 3.0, so I can not provide a working example.)