Skip navigation

I was upgrading my application from Spring 2.5.6 + Spring Security 2.0.x to the latest 3.0 RC releases. After modifying my Maven pom.xml files to accomodate for the new artifact naming conventions, I still couldn’t get my application context to load due to a SAX exception:

org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 37 in XML document from class path resource [security-config.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:authentication-provider'.

I found myself spending almost an hour trying to figure out what’s wrong with my configuration file. Was I missing a JAR file? no, everything seems to be in its right place (you WILL want to make sure that you’re including spring-security-config.jar, though!), Eclipse didn’t detect anything wrong with the config file. In my despair, I turned to Security Namespace Configuration chapter of the Spring Security 3 reference manual. There I noticed the following paragraph:

        <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
        <user name="bob" password="bobspassword" authorities="ROLE_USER" />

Turning to my own configuration file, I saw this:

<security:authentication-provider user-service-ref="userService">
   <security:password-encoder ref="passwordEncoder">
      <security:salt-source user-property="username"/>

<security:authentication-manager alias="authenticationManager"/>

Apparently, while in Spring Security 2.x the authentication-provider tag used to be a root-level citizen, now it must live inside the authentication-manager definition.

I hope this will save some other folks some time when migrating to the 3.x Spring stack.


  1. Thank you. That was helpful!

  2. Thanks for sharing this info, It saved me 2 or 3 hours of time

  3. My hero!!

    Thanks mate, saved me a ton of time

  4. Thanks. This saved me time.

  5. Merci beaucoup !

  6. Thanks! Really helpful.

  7. Thanks, that’s solution my problem but I get another one :D.
    Gracias, esa fue la solucion pero consegui otro problema. 😀

  8. thank you, i spent at least 3 hours to soluation the same problem, at last i found the answer from here.
    A chinese people!
    thank you!

  9. yup, that got me too… and had me for a few hours! thanks for sharing your solution.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: