getting exception: No bean named 'springSecurityFilterChain' is defined

Question

I am learning spring security from reference material. release 3.1.2.RELEASE. As stated in that I have configured security:http tag like this

security-context.xml

<security:http auto-config="true">
        <security:intercept-url pattern="/**" access="ROLE_USER"/>
    </security:http>

web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>classpath*:*-context.xml</param-value>
  </context-param>

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

  <listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
  </listener>

  <servlet>
    <servlet-name>security</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <load-on-startup>1</load-on-startup>
  </servlet>

  <servlet-mapping>
    <servlet-name>security</servlet-name>
    <url-pattern>/</url-pattern>
  </servlet-mapping>

security-servlet.xml

<context:component-scan base-package="com.pokuri.security.mvc.controllers"/>

    <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
        <property name="prefix" value="/WEB-INF/page/"/>
        <property name="suffix" value=".jsp"/>
    </bean>

But I am getting this exception when I start the application. If I remove security configuration my spring web application working fine. I went through the same kind of questions in stackoverflow. But no luck.

Answer 1

I think that the reason of your problem can be in that your xml configuration file for spring security isn't loaded when you start your web app.

To fix this you should specify all your XML config files in web.xml like that:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>

If you have your config files in classpath (not WEB-INF folder or it's subfolders) then you can specify list of config files in such way;

...
<param-value>
    classpath:applicationContext.xml,
    classpath:spitter-security.xml
</param-value>
...

And also you need to add special listener that will load your config files:

<listener>
    <listener-class>
        org.springframework.web.context.ContextLoaderListener
    </listener-class>
</listener>

Answer 2

I just added the bean definition in applicationContext.xml as Spring asked:

<bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>

Answer 3

add this your web.xml

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/root-context.xml, /WEB-INF/spring-security.xml</param-value>
</context-param>

<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

        <!-- filter declaration for Spring Security -->
<filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

Answer 4

In case it helps anyone, I had renamed one of my packages but Eclipse doesn't auto-update your @ComponentScan paths, so make sure you change that too:

@ComponentScan(basePackages = "com.package.spring")

Answer 5

As of Spring Security 5.2.1-SNAPSHOT, this error occurred to me when I hadn't declared the <http/> element in security XML configuration.

I was trying a sample and I had configuration like

    <b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">

    <user-service>
        <user name="user" password="{noop}password" authorities="ROLE_USER" />
    </user-service>
</b:beans>

I had to change it to add <http/> like below.

<b:beans xmlns="http://www.springframework.org/schema/security" xmlns:b="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans https://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security https://www.springframework.org/schema/security/spring-security.xsd">

    <http />
    <user-service>
        <user name="user" password="{noop}password" authorities="ROLE_USER" />
    </user-service>
</b:beans>

Answer 6

For those who learning spring without xml may be this helps.

I faced the same exception when learning the spring without xml.

Found that i have register the spring security filter by extending the class AbstractSecurityWebApplicationInitializer but did not configure the spring security. To configure the spring security i added below code and it works.

@Configuration
@EnableWebSecurity
public class SpringSecurityConfigInitializer extends 
WebSecurityConfigurerAdapter {

@Override
protected void configure(AuthenticationManagerBuilder auth) throws 
Exception {
    UserBuilder users = User.withDefaultPasswordEncoder();
auth.inMemoryAuthentication().withUser(users.username("test").
password("test123").roles("EMPLOYEE"));
 }

 }

Above is just sample for my case but the exception was due to the missing configuration.