I am attempting to add BASIC authentication to a RESTful web service that I have created using Jersey/JAX-RS and Tomcat Apache 7.0. In the future I want to deploy this web service on WebSphere so I have chosen to use Spring Security (ver 2.5.6) for my project.
My problem is this: though I believe my various xml files are correct and I have added spring.jar to my classpath I am getting the following error when starting the server.
SEVERE: Error configuring application listener of class
org.springframework.web.context.ContextLoaderListener java.lang.NoClassDefFoundError: javax/servlet/ServletContextListener
at java.lang.ClassLoader.defineClass1(Native Method)
at java.lang.ClassLoader.defineClassCond(Unknown Source)
...
and so on. Every resource that I have looked at states that I should add spring.jar to my class path, which I have. I am completely new to Spring so if any of my files are setup incorrectly please tell me. Here are all of the relevant XML files and settings.
security-applicationContext.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-2.0.xsd">
<security:global-method-security secured-annotations="enabled"/>
<security:http>
<security:http-basic/>
<security:intercept-url pattern="/**" access="ROLE_USER"/>
</security:http>
<security:authentication-manager alias="authenticationManager"/>
<bean id="basicProcessingFilter" class="org.springframework.security.ui.basicauth.BasicProcessingFilter">
<property name="authenticationEntryPoint" ref="authenticationEntryPoint"/>
<property name="authenticationManager" ref="authenticationManager"/>
</bean>
<bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<!--property name="contextClass" value="org.springframework.security.context.SecurityContextImpl"/-->
<property name="allowSessionCreation" value="false"/>
</bean>
<bean id="httpSessionContextIntegrationFilterWithASCFalse" class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
<property name="allowSessionCreation" value="false"/>
</bean>
<bean id="authenticationEntryPoint"
class="org.springframework.security.ui.basicauth.BasicProcessingFilterEntryPoint">
<property name="realmName" value="Your realm name"/>
</bean>
<security:authentication-provider>
<security:password-encoder hash="md5"/>
<security:user-service>
<security:user name="admin" password="2fa3fa1c2deff56ed33e0bf974f2e29e" authorities="ROLE_PARTNER, ROLE_USER"/>
</security:user-service>
</security:authentication-provider>
applicationContext.xml (I was told it could be empty):
<beans></beans>
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee
/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>TestService</display-name>
<servlet>
<servlet-name>Jersey REST Service</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>TestService</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Jersey REST Service</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security-applicationContext.xml,
/WEB-INF/applicationContext.xml
</param-value>
</context-param>
<!-- Enables Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>springSecurityFilterChain</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
Finally, my file structure:
and my server’s run configuration:
This looks like a similar problem.
You might want to try different Tomcat versions.
You are missing dependencies.
Minimal spring-security dependencies should be:
You don’t seem to be using maven so this site will help you find the jars you need. Just search for the
<artifactId>and you will be able to download the .jar for the dependency.This HOWTO might help you on a minimal spring-security configuration.