We are trying to introduce Spring Security 4.0.2 into a Spring MVC application which uses Spring 4.2.3 but also is running on servlet 2.5. I am having trouble configuring Security:
Caused by: java.lang.ClassNotFoundException: javax.servlet.FilterRegistration$Dynamic
I believe this class is only in Servlet 3.0. Is it possible to use Spring Security 4.0 with Servlet 2.5? Or should we regress to Security 3.2?
My suspicion is you are using Jetty and this explains your situation.
The javax.servlet.FilterRegistration class was introduced in Servlet
3.0. This exception suggests that you have still libraries of an older Servlet API version in your runtime classpath which got precedence in
classloading.
Apparently, Java configuration demands this class. I used the old XML configuration and things worked fine.
Related
How can I control in my Spring 2.1.4 Boot application (packaged as a WAR) whether I am creating a servlet 3.1 or 4.0 web application. Normally, when using a web.xml web application descriptor, the attributes on the web-app would announce the version of the spec being used. In a Spring WebApplicationInitializer application without a web.xml (which is my case), there is no such advertisement.
Is it just a matter of using only the servlet 3.1 features and deploying them to a container and hope that it works?
The web.xml file is optional since Servlet 3 and Java EE 6 where annotations such as #WebServlet, #WebFilter, #WebListener were introduced.
However, there is no way to declare this information outside the web.xml using the WebApplicationInitializer so you have to include the file anyway and specify the version.
After more than a year of posting this question I discovered that maven makes such determination by the presence of the specific API declared as a dependency. For example if you have the javax.servlet:javax.servlet-api:4.0.1 dependency in your Pom file maven will assume a servlet 4.0 container. I believe Spring boot does not support this but I think it should. As a sidenote the M2eclipse plug-in also works this way
I was tasked to assign to modify an application with RBAC(Role Based access control) for a project which uses an older spring mvc version 3.0.5.
We plan to integrate spring security for this task.
The question is, are there any older version of spring security we can use
that is compatible with the spring mvc we have?
Last Spring Security-3.1.0 supports spring 3.0.6. This version of spring security should work fine for your project.
Although your version should work fine with this version of spring security if you want you can do a minor version upgrade of spring. You can find the changelogs here https://spring.io/blog/2011/08/24/spring-3-0-6-is-now-available
And documentation for this version of the library can be found at this link spring-security-3.0.7-docs
But, please be cautious, it's not recommended to use older versions of security-related libraries since they might have known vulnerabilities.
Spring Boot 1.3.0 and above is based on Servlet API versions 3.1.x. However I am using a standalone application server which is based on Servlet 3.0.x. Could this cause a problem, such as Spring Boot attempting to call a method which was introduced in Servlet API 3.1.x and getting a NoSuchMethodError or some other type of LinkageError at runtime? Should I be considering downgrading to Spring Boot version 1.1.12, the last version of Spring Boot to be based on Servlet API 3.0.x?
Section 9.1 of the Spring Boot Reference Guide (for Spring Boot 1.4.1.RELEASE) says
You can also deploy Spring Boot applications to any Servlet 3.0+ compatible container.
I would like to create a Spring Boot application to be deployed on Google AppEngine infrastructure. GAE currently only supports servlet 2.5 web applications.
Is it possible to use Spring Boot - using auto-configuration - in combination with a old-fashioned web.xml?
Can I for example use a contextClass/contextConfigLocation pointing to a #Configration class including #EnableAutoConfiguration?
All Spring Boot examples seem to use a simple Application class with main method to run the application. So I would like to know if Spring Boot supports using a web.xml as start point to boot the application?
More than one question there:
There's nothing stopping you from using web.xml (it's still part of the Servlet spec). Most people prefer the Java initializers these days.
#EnableAutoConfiguration works for any application context (it just uses features of Spring).
But Spring Boot out of the box doesn't have a ContextLoaderListener that knows about SpringApplication, so you miss some of the benefits of Boot if you do as you describe. There's one you might find useful here.
Spring Boot Actuator relies on a few Servlet 3.0 features here and there so you need workarounds for a 2.5 environment (see this spring-boot-legacy prototype for details).
There's a sample app here that runs on GAE, currently deployed here: http://dsyerboot.appspot.com/.
I am having a project which uses Spring framework(migrated from 2.0 to 3.0.7) and Spring security 2.0. And I want to use Spring security 3.0.7. I have used MessageDigestPasswordEncoder, SecurityContextHolder. But now I've added Spring security 3.0.7 jar files to my project but it is showing some compilation issues to above classes.
I need help for migration.
Thanks in advance.