Skip navigation

I was upgrading my application from Spring 2.5.6 + Spring Security 2.0.x to the latest 3.0 RC releases. After modifying my Maven pom.xml files to accomodate for the new artifact naming conventions, I still couldn’t get my application context to load due to a SAX exception:

org.springframework.beans.factory.xml.XmlBeanDefinitionStoreException: Line 37 in XML document from class path resource [security-config.xml] is invalid; nested exception is org.xml.sax.SAXParseException: cvc-complex-type.2.4.c: The matching wildcard is strict, but no declaration can be found for element 'security:authentication-provider'.

I found myself spending almost an hour trying to figure out what’s wrong with my configuration file. Was I missing a JAR file? no, everything seems to be in its right place (you WILL want to make sure that you’re including spring-security-config.jar, though!), Eclipse didn’t detect anything wrong with the config file. In my despair, I turned to Security Namespace Configuration chapter of the Spring Security 3 reference manual. There I noticed the following paragraph:

  <authentication-manager>
    <authentication-provider>
      <user-service>
        <user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
        <user name="bob" password="bobspassword" authorities="ROLE_USER" />
      </user-service>
    </authentication-provider>
  </authentication-manager>

Turning to my own configuration file, I saw this:

<security:authentication-provider user-service-ref="userService">
   <security:password-encoder ref="passwordEncoder">
      <security:salt-source user-property="username"/>
   </security:password-encoder>
</security:authentication-provider>

<security:authentication-manager alias="authenticationManager"/>

Apparently, while in Spring Security 2.x the authentication-provider tag used to be a root-level citizen, now it must live inside the authentication-manager definition.

I hope this will save some other folks some time when migrating to the 3.x Spring stack.

9 Comments

  1. Thank you. That was helpful!

  2. Thanks for sharing this info, It saved me 2 or 3 hours of time

  3. My hero!!

    Thanks mate, saved me a ton of time

  4. Thanks. This saved me time.

  5. Merci beaucoup !

  6. Thanks! Really helpful.

  7. Thanks, that’s solution my problem but I get another one :D.
    Gracias, esa fue la solucion pero consegui otro problema. 😀

  8. thank you, i spent at least 3 hours to soluation the same problem, at last i found the answer from here.
    A chinese people!
    thank you!

  9. yup, that got me too… and had me for a few hours! thanks for sharing your solution.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: