BrunoTS BrunoTS - 1 year ago 56
Java Question

Spring migration from 2.5.6 to 4.3.6

I has an application with Spring 2.5.6 running with JDK 1.6. I changed to version 4.3.6 to use JDK 1.8.

Already changed some methods and imports...

There is no more compilation erros.

But when I try to start the application with Jetty i got the following error:

[WARNING] Nested in org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem: Failed to import bean definitions from URL location [classpath:spring-security-config.xml]
Offending resource: class path resource [beanRefFacory.xml]; nested exception is org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 18 in XML document from class path resource [spring-security-config.xml] is invalid; nested exception is org.xml.sax.SAXParseException; lineNumber: 18; columnNumber: 58; cvc-complex-type.2.4.c: O curinga correspondente é restrito, mas nenhuma declaração pode ser encontrada para o elemento 'security:http'.:
org.xml.sax.SAXParseException; lineNumber: 18; columnNumber: 58; cvc-complex-type.2.4.c: O curinga correspondente é restrito, mas nenhuma declaração pode ser encontrada para o elemento 'security:http'.
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.createSAXParseException(ErrorHandlerWrapper.java:198)
at com.sun.org.apache.xerces.internal.util.ErrorHandlerWrapper.error(ErrorHandlerWrapper.java:134)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:437)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:368)
at com.sun.org.apache.xerces.internal.impl.XMLErrorReporter.reportError(XMLErrorReporter.java:325)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator$XSIErrorReporter.reportError(XMLSchemaValidator.java:458)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.reportSchemaError(XMLSchemaValidator.java:3237)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.handleStartElement(XMLSchemaValidator.java:1917)
at com.sun.org.apache.xerces.internal.impl.xs.XMLSchemaValidator.startElement(XMLSchemaValidator.java:746)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.scanStartElement(XMLNSDocumentScannerImpl.java:379)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl$FragmentContentDriver.next(XMLDocumentFragmentScannerImpl.java:2786)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentScannerImpl.next(XMLDocumentScannerImpl.java:606)
at com.sun.org.apache.xerces.internal.impl.XMLNSDocumentScannerImpl.next(XMLNSDocumentScannerImpl.java:117)
at com.sun.org.apache.xerces.internal.impl.XMLDocumentFragmentScannerImpl.scanDocument(XMLDocumentFragmentScannerImpl.java:510)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:848)
at com.sun.org.apache.xerces.internal.parsers.XML11Configuration.parse(XML11Configuration.java:777)
at com.sun.org.apache.xerces.internal.parsers.XMLParser.parse(XMLParser.java:141)
at com.sun.org.apache.xerces.internal.parsers.DOMParser.parse(DOMParser.java:243)
at com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderImpl.parse(DocumentBuilderImpl.java:347)
at org.springframework.beans.factory.xml.DefaultDocumentLoader.loadDocument(DefaultDocumentLoader.java:76)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadDocument(XmlBeanDefinitionReader.java:429)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:391)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.importBeanDefinitionResource(DefaultBeanDefinitionDocumentReader.java:227)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseDefaultElement(DefaultBeanDefinitionDocumentReader.java:184)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:169)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.doRegisterBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:142)
at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:94)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:508)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:392)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:336)
at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.loadBeanDefinitions(XmlBeanDefinitionReader.java:304)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:181)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:217)
at org.springframework.beans.factory.support.AbstractBeanDefinitionReader.loadBeanDefinitions(AbstractBeanDefinitionReader.java:188)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:125)
at org.springframework.web.context.support.XmlWebApplicationContext.loadBeanDefinitions(XmlWebApplicationContext.java:94)
at org.springframework.context.support.AbstractRefreshableApplicationContext.refreshBeanFactory(AbstractRefreshableApplicationContext.java:129)
at org.springframework.context.support.AbstractApplicationContext.obtainFreshBeanFactory(AbstractApplicationContext.java:613)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:514)
at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:444)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:326)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
at org.mortbay.jetty.handler.ContextHandler.startContext(ContextHandler.java:548)
at org.mortbay.jetty.servlet.Context.startContext(Context.java:136)
at org.mortbay.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1250)
at org.mortbay.jetty.handler.ContextHandler.doStart(ContextHandler.java:517)
at org.mortbay.jetty.webapp.WebAppContext.doStart(WebAppContext.java:467)
at org.mortbay.jetty.plugin.Jetty6PluginWebAppContext.doStart(Jetty6PluginWebAppContext.java:115)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at org.mortbay.jetty.handler.ContextHandlerCollection.doStart(ContextHandlerCollection.java:156)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerCollection.doStart(HandlerCollection.java:152)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.handler.HandlerWrapper.doStart(HandlerWrapper.java:130)
at org.mortbay.jetty.Server.doStart(Server.java:224)
at org.mortbay.component.AbstractLifeCycle.start(AbstractLifeCycle.java:50)
at org.mortbay.jetty.plugin.Jetty6PluginServer.start(Jetty6PluginServer.java:132)
at org.mortbay.jetty.plugin.AbstractJettyMojo.startJetty(AbstractJettyMojo.java:441)
at org.mortbay.jetty.plugin.AbstractJettyMojo.execute(AbstractJettyMojo.java:383)
at org.mortbay.jetty.plugin.AbstractJettyRunMojo.execute(AbstractJettyRunMojo.java:210)
at org.mortbay.jetty.plugin.Jetty6RunMojo.execute(Jetty6RunMojo.java:184)
at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo(DefaultBuildPluginManager.java:134)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:207)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:153)
at org.apache.maven.lifecycle.internal.MojoExecutor.execute(MojoExecutor.java:145)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:116)
at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject(LifecycleModuleBuilder.java:80)
at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build(SingleThreadedBuilder.java:51)
at org.apache.maven.lifecycle.internal.LifecycleStarter.execute(LifecycleStarter.java:128)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:307)
at org.apache.maven.DefaultMaven.doExecute(DefaultMaven.java:193)
at org.apache.maven.DefaultMaven.execute(DefaultMaven.java:106)
at org.apache.maven.cli.MavenCli.execute(MavenCli.java:863)
at org.apache.maven.cli.MavenCli.doMain(MavenCli.java:288)
at org.apache.maven.cli.MavenCli.main(MavenCli.java:199)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced(Launcher.java:289)
at org.codehaus.plexus.classworlds.launcher.Launcher.launch(Launcher.java:229)
at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode(Launcher.java:415)
at org.codehaus.plexus.classworlds.launcher.Launcher.main(Launcher.java:356)


Someone can help me with that?

edit:
This is my spring-security-config.xml (not changed during migration):

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:lang="http://www.springframework.org/schema/lang" xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util" xmlns:camel="http://activemq.apache.org/camel/schema/spring"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">

<security:http entry-point-ref="myAuthenticationEntryPoint"
auto-config="false" session-fixation-protection="none">

<security:intercept-url pattern="/login.iface"
filters="none" />
<security:intercept-url pattern="/img/**"
filters="none" />
<security:intercept-url pattern="/css/**"
filters="none" />
<security:intercept-url pattern="/scripts/**"
filters="none" />
<security:intercept-url pattern="/app/**"
access="IS_AUTHENTICATED_FULLY" />
<!-- <security:form-login login-page="/login.iface" default-target-url="/app/index.iface"
authentication-failure-url="/login.iface?login_error=true" /> -->
<security:logout logout-success-url="/login.jspx" />
</security:http>

<!-- Utilize 192.168.236.111 quando for testar local <security:ldap-server
url="${SOME.PROPERTY}" id="LDAPServer" /> -->
<bean id="memcachedLogin"
class="br.com.tpd.cac.thinkcat.memcached.MemCachedResourcesImpl">
<constructor-arg value="${SOME.PROPERTY}" />
<property name="timetoSet" value="${SOME.PROPERTY}" />
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
</bean>

<!-- ************************************************************* *** Customized
LDAP Security Authentication/Authorization *** ************************************************************* -->
<bean id="contextSource"
class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="${SOME.PROPERTY}" />
</bean>

<bean id="poolingContextSource"
class="org.springframework.ldap.pool.factory.PoolingContextSource"
destroy-method="close">
<property name="contextSource" ref="contextSource" />
<property name="dirContextValidator" ref="dirContextValidator" />
<property name="minIdle" value="${SOME.PROPERTY}" />
<property name="maxIdle" value="${SOME.PROPERTY}" />
<property name="maxActive" value="${SOME.PROPERTY}" />
<property name="maxTotal" value="${SOME.PROPERTY}" />
<property name="maxWait" value="${SOME.PROPERTY}" />
<property name="testOnBorrow" value="${SOME.PROPERTY}" />
<property name="testWhileIdle" value="${SOME.PROPERTY}" />
<property name="timeBetweenEvictionRunsMillis"
value="${SOME.PROPERTY}" />
<property name="minEvictableIdleTimeMillis"
value="${SOME.PROPERTY}" />
<property name="numTestsPerEvictionRun"
value="${SOME.PROPERTY}" />
</bean>

<bean id="dirContextValidator"
class="org.springframework.ldap.pool.validation.DefaultDirContextValidator" />



<bean id="ldapAuthProvider"
class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

<security:custom-authentication-provider />

<constructor-arg>
<bean
class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
<constructor-arg ref="contextSource" />
<property name="userDnPatterns">
<!-- <list><value>uid={0},ou=people,dc=portalsigres,dc=com</value></list> -->
<list>
<value>${SOME.PROPERTY}</value>
</list>
</property>
</bean>
</constructor-arg>

<constructor-arg>
<bean id="ThinkCATWebLdapUserDetails" class="br.com.tpd.cac.thinkcat.security.ldap.LdapUserDetails">
<constructor-arg ref="contextSource" />
<constructor-arg value="${SOME.PROPERTY}" />
</bean>
</constructor-arg>

</bean>

<!-- ************************************************************* *** Customized
LDAP Security Authentication/Authorization *** ************************************************************* -->


<!-- LDAP TEMPLATE -->

<bean id="LDAPTemplateContext" class="net.sf.ldaptemplate.support.LdapContextSource">
<property name="url" value="${SOME.PROPERTY}" />
<property name="base" value="${SOME.PROPERTY}" />
<property name="userName" value="${SOME.PROPERTY}" />
<property name="password" value="${SOME.PROPERTY}" />
<property name="dirObjectFactory"
value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
<!-- Dont use sun ldap pool. Use poolContextSource instead -->
<property name="pooled" value="false" />
</bean>

<bean id="ldapTemplate" class="net.sf.ldaptemplate.LdapTemplate">
<constructor-arg ref="LDAPTemplateContext" />
</bean>


<bean id="sessionRegistry"
class="org.springframework.security.concurrent.SessionRegistryImpl" />

<bean id="defaultConcurrentSessionController"
class="br.com.tpd.cac.thinkcat.security.acesso.DMConcurrentSessionController">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="exceptionIfMaximumExceeded" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>

<bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
<property name="providers">
<list>
<ref local="ldapAuthProvider" />
</list>
</property>
<property name="sessionController" ref="defaultConcurrentSessionController" />
</bean>

<bean id="sucessfulAuthenticationCallbackImpl"
class="br.com.tpd.cac.thinkcat.security.acesso.SuccessfulAuthenticationCallbackImpl">
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>

<bean id="myAuthenticationEntryPoint"
class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
<property name="loginFormUrl" value="/login.iface" />
</bean>

<bean id="authenticationProcessingFilter"
class="br.com.tpd.cac.thinkcat.security.acesso.DMAuthenticationProcessingFilter">
<security:custom-filter position="AUTHENTICATION_PROCESSING_FILTER" />
<property name="defaultTargetUrl" value="/app/index.iface" />
<property name="authenticationManager" ref="authenticationManager" />
<property name="authenticationFailureUrl" value="/login.iface?login_error=true" />
<property name="allowSessionCreation" value="true" />
<property name="callback" ref="sucessfulAuthenticationCallbackImpl" />
<property name="rememberMeServices" ref="rememberMeServices" />
</bean>

<bean id="rememberMeAuthenticationManager"
class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthenticationManager">
<property name="providers">
<list>
<ref local="ldapAuthProvider" />
</list>
</property>
</bean>

<bean id="rememberMeProcessingFilter"
class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthFilter">
<security:custom-filter position="REMEMBER_ME_FILTER" />
<property name="authenticationManager" ref="rememberMeAuthenticationManager" />
<property name="rememberMeServices" ref="rememberMeServices" />
<property name="cache" ref="memcachedLogin" />
<property name="bloqueioMultiploAcesso" value="${SOME.PROPERTY}" />
</bean>

<bean id="pdrUserDetails"
class="br.com.tpd.cac.thinkcat.security.ldap.PDRUserDetailsService" />

<bean id="rememberMeServices"
class="br.com.tpd.cac.thinkcat.security.acesso.TokenBasedRememberMeServices">
<property name="userDetailsService" ref="pdrUserDetails" />
<property name="key" value="DM_REMEMBERME_KEY" />
<property name="sessionTimeout" value="${SOME.PROPERTY}" />
<property name="cache" ref="memcachedLogin" />
</bean>

<bean id="rememberMeAuthenticationProvider"
class="org.springframework.security.providers.rememberme.RememberMeAuthenticationProvider">
<security:custom-authentication-provider />
<property name="key" value="whatever" />
</bean>
</beans>

Answer Source

Initial answer

Here is your http element:

<security:http entry-point-ref="myAuthenticationEntryPoint"
    auto-config="false" session-fixation-protection="none">

In modern Spring Security versions (4.x) the session-fixation-attribute is not suppored by http anymore; instead, it is configured on session-management: https://docs.spring.io/spring-security/site/docs/4.2.x/reference/html/appendix-namespace.html#nsa-session-management-attributes

Here is how it can look:

<security:http entry-point-ref="myAuthenticationEntryPoint"
    auto-config="false">

    <security:session-management session-fixation-protection="none"/>

    ... the rest

This is just a partial answer. If you have other issues, please update the question.

Update

I've played with your XML a bit and now Spring Security is able to parse it. Here is what I got:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
    xmlns:lang="http://www.springframework.org/schema/lang" xmlns:p="http://www.springframework.org/schema/p"
    xmlns:util="http://www.springframework.org/schema/util" xmlns:camel="http://activemq.apache.org/camel/schema/spring"
    xmlns:jee="http://www.springframework.org/schema/jee" xmlns:tx="http://www.springframework.org/schema/tx"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security  http://www.springframework.org/schema/security/spring-security-3.1.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
        http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
        http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
        http://activemq.apache.org/camel/schema/spring http://activemq.apache.org/camel/schema/spring/camel-spring.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-2.0.xsd
        http://www.springframework.org/schema/tx  http://www.springframework.org/schema/tx/spring-tx-2.5.xsd">

    <security:http pattern="/login.iface" security="none" />
    <security:http pattern="/img/**" security="none" />
    <security:http pattern="/css/**" security="none" />
    <security:http pattern="/scripts/**" security="none" />

    <security:http entry-point-ref="myAuthenticationEntryPoint"
        auto-config="false">

        <security:session-management session-fixation-protection="none"/>

        <security:intercept-url pattern="/app/**"
            access="IS_AUTHENTICATED_FULLY" />
        <!-- <security:form-login login-page="/login.iface" default-target-url="/app/index.iface"
            authentication-failure-url="/login.iface?login_error=true" /> -->
        <security:logout logout-success-url="/login.jspx" />

        <security:custom-filter ref="authenticationProcessingFilter" position="FORM_LOGIN_FILTER"/>
        <security:custom-filter ref="rememberMeProcessingFilter" position="REMEMBER_ME_FILTER" />
    </security:http>

    <security:authentication-manager alias="authenticationManager">
        <security:authentication-provider ref="ldapAuthProvider"/>
        <security:authentication-provider ref="rememberMeAuthenticationProvider" />
    </security:authentication-manager>

    <!-- Utilize 192.168.236.111 quando for testar local <security:ldap-server
        url="${SOME.PROPERTY}" id="LDAPServer" /> -->
<!--
    <bean id="memcachedLogin"
        class="br.com.tpd.cac.thinkcat.memcached.MemCachedResourcesImpl">
        <constructor-arg value="${SOME.PROPERTY}" />
        <property name="timetoSet" value="${SOME.PROPERTY}" />
        <property name="sessionTimeout" value="${SOME.PROPERTY}" />
    </bean>
-->

    <!-- ************************************************************* *** Customized
        LDAP Security Authentication/Authorization *** ************************************************************* -->
    <bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <constructor-arg value="${SOME.PROPERTY}" />
    </bean>

    <bean id="poolingContextSource"
        class="org.springframework.ldap.pool.factory.PoolingContextSource"
        destroy-method="close">
        <property name="contextSource" ref="contextSource" />
        <property name="dirContextValidator" ref="dirContextValidator" />
        <property name="minIdle" value="${SOME.PROPERTY}" />
        <property name="maxIdle" value="${SOME.PROPERTY}" />
        <property name="maxActive" value="${SOME.PROPERTY}" />
        <property name="maxTotal" value="${SOME.PROPERTY}" />
        <property name="maxWait" value="${SOME.PROPERTY}" />
        <property name="testOnBorrow" value="${SOME.PROPERTY}" />
        <property name="testWhileIdle" value="${SOME.PROPERTY}" />
        <property name="timeBetweenEvictionRunsMillis"
            value="${SOME.PROPERTY}" />
        <property name="minEvictableIdleTimeMillis"
            value="${SOME.PROPERTY}" />
        <property name="numTestsPerEvictionRun"
            value="${SOME.PROPERTY}" />
    </bean>

    <bean id="dirContextValidator"
        class="org.springframework.ldap.pool.validation.DefaultDirContextValidator" />



    <bean id="ldapAuthProvider"
        class="org.springframework.security.providers.ldap.LdapAuthenticationProvider">

        <constructor-arg>
            <bean
                class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator">
                <constructor-arg ref="contextSource" />
                <property name="userDnPatterns">
                    <!-- <list><value>uid={0},ou=people,dc=portalsigres,dc=com</value></list> -->
                    <list>
                        <value>${SOME.PROPERTY}</value>
                    </list>
                </property>
            </bean>
        </constructor-arg>

        <constructor-arg>
            <bean id="ThinkCATWebLdapUserDetails" class="br.com.tpd.cac.thinkcat.security.ldap.LdapUserDetails">
                <constructor-arg ref="contextSource" />
                <constructor-arg value="${SOME.PROPERTY}" />
            </bean>
        </constructor-arg>

    </bean>

    <!-- ************************************************************* *** Customized
        LDAP Security Authentication/Authorization *** ************************************************************* -->


    <!-- LDAP TEMPLATE -->

    <bean id="LDAPTemplateContext" class="net.sf.ldaptemplate.support.LdapContextSource">
        <property name="url" value="${SOME.PROPERTY}" />
        <property name="base" value="${SOME.PROPERTY}" />
        <property name="userName" value="${SOME.PROPERTY}" />
        <property name="password" value="${SOME.PROPERTY}" />
        <property name="dirObjectFactory"
            value="org.springframework.ldap.core.support.DefaultDirObjectFactory" />
        <!-- Dont use sun ldap pool. Use poolContextSource instead -->
        <property name="pooled" value="false" />
    </bean>

    <bean id="ldapTemplate" class="net.sf.ldaptemplate.LdapTemplate">
        <constructor-arg ref="LDAPTemplateContext" />
    </bean>


    <bean id="sessionRegistry"
        class="org.springframework.security.concurrent.SessionRegistryImpl" />

    <bean id="defaultConcurrentSessionController"
        class="br.com.tpd.cac.thinkcat.security.acesso.DMConcurrentSessionController">
        <property name="sessionRegistry" ref="sessionRegistry" />
        <property name="exceptionIfMaximumExceeded" value="${SOME.PROPERTY}" />
        <property name="cache" ref="memcachedLogin" />
    </bean>

    <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager">
        <property name="providers">
            <list>
                <ref bean="ldapAuthProvider" />
            </list>
        </property>
        <property name="sessionController" ref="defaultConcurrentSessionController" />
    </bean>

    <bean id="sucessfulAuthenticationCallbackImpl"
        class="br.com.tpd.cac.thinkcat.security.acesso.SuccessfulAuthenticationCallbackImpl">
        <property name="sessionTimeout" value="${SOME.PROPERTY}" />
        <property name="cache" ref="memcachedLogin" />
    </bean>

    <bean id="myAuthenticationEntryPoint"
        class="org.springframework.security.ui.webapp.AuthenticationProcessingFilterEntryPoint">
        <property name="loginFormUrl" value="/login.iface" />
    </bean>

    <bean id="authenticationProcessingFilter"
        class="br.com.tpd.cac.thinkcat.security.acesso.DMAuthenticationProcessingFilter">
        <property name="defaultTargetUrl" value="/app/index.iface" />
        <property name="authenticationManager" ref="authenticationManager" />
        <property name="authenticationFailureUrl" value="/login.iface?login_error=true" />
        <property name="allowSessionCreation" value="true" />
        <property name="callback" ref="sucessfulAuthenticationCallbackImpl" />
        <property name="rememberMeServices" ref="rememberMeServices" />
    </bean>

    <bean id="rememberMeAuthenticationManager"
        class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthenticationManager">
        <property name="providers">
            <list>
                <ref bean="ldapAuthProvider" />
            </list>
        </property>
    </bean>

    <bean id="rememberMeProcessingFilter"
        class="br.com.tpd.cac.thinkcat.security.acesso.RememberMeAuthFilter">
        <property name="authenticationManager" ref="rememberMeAuthenticationManager" />
        <property name="rememberMeServices" ref="rememberMeServices" />
        <property name="cache" ref="memcachedLogin" />
        <property name="bloqueioMultiploAcesso" value="${SOME.PROPERTY}" />
    </bean>

    <bean id="pdrUserDetails"
        class="br.com.tpd.cac.thinkcat.security.ldap.PDRUserDetailsService" />

    <bean id="rememberMeServices"
        class="br.com.tpd.cac.thinkcat.security.acesso.TokenBasedRememberMeServices">
        <property name="userDetailsService" ref="pdrUserDetails" />
        <property name="key" value="DM_REMEMBERME_KEY" />
        <property name="sessionTimeout" value="${SOME.PROPERTY}" />
        <property name="cache" ref="memcachedLogin" />
    </bean>

    <bean id="rememberMeAuthenticationProvider"
        class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
        <property name="key" value="whatever" />
    </bean>
</beans>

What I changed:

  1. <ref>: replaced local with bean attribute
  2. upgraded spring-security XSD version to 3.1 as recent Spring Security versions do not support version 2.x.
  3. moved session-fixation-protection (as described above)
  4. moved and renamed <custom-authentication-provider> elements
  5. renamed AUTHENTICATION_PROCESSING_FILTER to FORM_LOGIN_FILTER
  6. moved <custom-filter> elements
  7. for each <intercept-url> with filters="none" removed it and added an <http> element with security="none" (this is the recommended way)
  8. changed package name for RememberMeAuthenticationProvider

This is parsed successfully by Spring. The context startup fails because it cannot find some custom class (br.com.tpd.cac.thinkcat.security.acesso.TokenBasedRememberMeServices) which I don't have. It will likely need further work, but at least it does not fail with a mysterious error message anymore.

One more thing: I used Spring Security 3.1.4 to play with it, and not Spring 4.3.x as I just ran of time for today. So this is again a partial answer, I write it hoping that it will help you.

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download