After updating to Spring security 4 my rest-security.xml has an error in it
Attribute 'access-denied-page' is not allowed to appear in element 'security:http'
Currently my rest-security.xml looks like this:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd"> <security:http pattern="/rest/**" auto-config="false" use-expressions="true" entry-point-ref="response403EntryPoint"/> <security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" access-denied-page="/#/not-authorized"> <security:logout logout-url="/logout" invalidate-session="true" logout-success-url="/" /> <security:custom-filter ref="jsonAuthenticationProcessingFilter" position="FORM_LOGIN_FILTER" /> </security:http> <bean id="customAuthenticationManager" class="com.nortal.security.CustomAuthenticationManager" p:username="admin" p:password="admin" /> <bean id="customAuthenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler" p:defaultFailureUrl="/rest/security/login-failed" /> <bean id="customAuthenticationSuccessHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler" p:defaultTargetUrl="/rest/security/check" /> <bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint" p:loginFormUrl="/#/login" /> <bean id="response403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint"/> <bean id="jsonAuthenticationProcessingFilter" class="com.nortal.security.JsonAuthenticationProcessingFilter" p:authenticationManager-ref="customAuthenticationManager" p:authenticationFailureHandler-ref="customAuthenticationFailureHandler" p:authenticationSuccessHandler-ref="customAuthenticationSuccessHandler" /> <security:authentication-manager /> </beans>
And this element is causing the error:
<security:http auto-config="false" use-expressions="true" entry-point-ref="authenticationEntryPoint" access-denied-page="/#/not-authorized">
Attribute access-denied-page
is not allowed. How should I change my rest-security.xml
file to make it compatible with Spring security 4?
No comments:
Post a Comment