XML : Update from Spring-security-3 to Spring-security-4 caused XML error

After updating to Spring security 4 my rest-security.xml has an error in it

  Attribute 'access-denied-page' is not allowed to appear in element 'security:http'

Currently my rest-security.xml looks like this:

  <?xml version="1.0" encoding="UTF-8"?>  <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"      xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p"      xmlns:context="http://www.springframework.org/schema/context"      xsi:schemaLocation="          http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd          http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd">        <security:http pattern="/rest/**" auto-config="false" use-expressions="true" entry-point-ref="response403EntryPoint"/>        <security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint"          access-denied-page="/#/not-authorized">            <security:logout logout-url="/logout" invalidate-session="true" logout-success-url="/" />          <security:custom-filter ref="jsonAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER" />      </security:http>        <bean id="customAuthenticationManager" class="com.nortal.security.CustomAuthenticationManager" p:username="admin"          p:password="admin" />        <bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler"          p:defaultFailureUrl="/rest/security/login-failed" />        <bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler"          p:defaultTargetUrl="/rest/security/check" />        <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"          p:loginFormUrl="/#/login" />        <bean id="response403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/>        <bean id="jsonAuthenticationProcessingFilter" class="com.nortal.security.JsonAuthenticationProcessingFilter"          p:authenticationManager-ref="customAuthenticationManager" p:authenticationFailureHandler-ref="customAuthenticationFailureHandler"          p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" />        <security:authentication-manager />  </beans>

And this element is causing the error:

  <security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint"          access-denied-page="/#/not-authorized">

Attribute access-denied-page is not allowed. How should I change my rest-security.xml file to make it compatible with Spring security 4?

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)