L'applicazione non inizia con Spring Boot 1.2.1 + Spring Security + Servlet 2.5

Question

Ho un'applicazione Spring Boot con Spring Security Starter che funziona bene nei server J2E "moderni" (ad esempio Servlet 3.0+) come Tomcat 7 o Jetty 8.

Il mio problema è che devo eseguire l'applicazione in un server Weblogic 10.3 (quello di produzione), che implementa le specifiche Servlet 2.5 e non supporta Servlet 3.0+, in base a here e here.

Ho visto che uno sforzo è stato messo da parte il progetto Spring Boot ufficiale per supportare server/app legacy, ovvero lo Spring Boot Legacy project che funziona bene ... fino a quando non attivo la dipendenza da spring-boot-starter-security: -S

E in modo efficace, c'è un open issue sul tracker Legacy Spring Boot.

Riproduco esattamente lo stesso errore su un server Tomcat 6 (Servlet 2.5) (vedere di seguito).

Quindi, qualcuno è già riuscito a far funzionare insieme il server basato su Spring Boot + Spring Security + Servlet 2.5?

2015-02-03 23:17:12.208 ERROR 2662 --- [on(4)-127.0.0.1] o.s.boot.SpringApplication    : Application startup failed 

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'securityFilterChainRegistration' defined in class path resource [org/springframework/boot/autoconfigure/security/SpringBootWebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.context.embedded.FilterRegistrationBean]: Factory method 'securityFilterChainRegistration' threw exception; nested exception is java.lang.NoClassDefFoundError: javax/servlet/DispatcherType 
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:599) 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.instantiateUsingFactoryMethod(AbstractAutowireCapableBeanFactory.java:1111) 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBeanInstance(AbstractAutowireCapableBeanFactory.java:1006) 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:504) 
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:476) 
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:303) 
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230) 
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:299) 
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:194) 
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:762) 
    at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:757) 
    at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:480) 
    at org.springframework.boot.SpringApplication.refresh(SpringApplication.java:691) 
    at org.springframework.boot.SpringApplication.run(SpringApplication.java:321) 
    at org.springframework.boot.builder.SpringApplicationBuilder.run(SpringApplicationBuilder.java:139) 
    at org.springframework.boot.legacy.context.web.SpringBootContextLoaderListener.initWebApplicationContext(SpringBootContextLoaderListener.java:61) 
    at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:106) 
    at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210) 
    at org.apache.catalina.core.StandardContext.start(StandardContext.java:4709) 
    at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:802) 
    at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:779) 
    at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:583) 
    at org.apache.catalina.startup.HostConfig.manageApp(HostConfig.java:1429) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:601) 
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:297) 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:792) 
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:631) 
    at org.apache.catalina.mbeans.MBeanFactory.createStandardContext(MBeanFactory.java:568) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:601) 
    at org.apache.tomcat.util.modeler.BaseModelMBean.invoke(BaseModelMBean.java:295) 
    at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:819) 
    at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:792) 
    at javax.management.remote.rmi.RMIConnectionImpl.doOperation(RMIConnectionImpl.java:1486) 
    at javax.management.remote.rmi.RMIConnectionImpl.access$300(RMIConnectionImpl.java:96) 
    at javax.management.remote.rmi.RMIConnectionImpl$PrivilegedOperation.run(RMIConnectionImpl.java:1327) 
    at javax.management.remote.rmi.RMIConnectionImpl.doPrivilegedOperation(RMIConnectionImpl.java:1419) 
    at javax.management.remote.rmi.RMIConnectionImpl.invoke(RMIConnectionImpl.java:847) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:601) 
    at sun.rmi.server.UnicastServerRef.dispatch(UnicastServerRef.java:322) 
    at sun.rmi.transport.Transport$1.run(Transport.java:177) 
    at sun.rmi.transport.Transport$1.run(Transport.java:174) 
    at java.security.AccessController.doPrivileged(Native Method) 
    at sun.rmi.transport.Transport.serviceCall(Transport.java:173) 
    at sun.rmi.transport.tcp.TCPTransport.handleMessages(TCPTransport.java:553) 
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run0(TCPTransport.java:808) 
    at sun.rmi.transport.tcp.TCPTransport$ConnectionHandler.run(TCPTransport.java:667) 
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) 
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) 
    at java.lang.Thread.run(Thread.java:722) 

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [org.springframework.boot.context.embedded.FilterRegistrationBean]: Factory method 'securityFilterChainRegistration' threw exception; nested exception is java.lang.NoClassDefFoundError: javax/servlet/DispatcherType 
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:189) 
    at org.springframework.beans.factory.support.ConstructorResolver.instantiateUsingFactoryMethod(ConstructorResolver.java:588) 
    ... 58 common frames omitted 

Caused by: java.lang.NoClassDefFoundError: javax/servlet/DispatcherType 
    at org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration.securityFilterChainRegistration(SpringBootWebSecurityConfiguration.java:109) 
    at org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration$$EnhancerBySpringCGLIB$$300a37f.CGLIB$securityFilterChainRegistration$1(<generated>) 
    at org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration$$EnhancerBySpringCGLIB$$300a37f$$FastClassBySpringCGLIB$$6b869afe.invoke(<generated>) 
    at org.springframework.cglib.proxy.MethodProxy.invokeSuper(MethodProxy.java:228) 
    at org.springframework.context.annotation.ConfigurationClassEnhancer$BeanMethodInterceptor.intercept(ConfigurationClassEnhancer.java:309) 
    at org.springframework.boot.autoconfigure.security.SpringBootWebSecurityConfiguration$$EnhancerBySpringCGLIB$$300a37f.securityFilterChainRegistration(<generated>) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) 
    at java.lang.reflect.Method.invoke(Method.java:601) 
    at org.springframework.beans.factory.support.SimpleInstantiationStrategy.instantiate(SimpleInstantiationStrategy.java:162) 
    ... 59 common frames omitted 

Caused by: java.lang.ClassNotFoundException: javax.servlet.DispatcherType 
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1680) 
    at org.apache.catalina.loader.WebappClassLoader.loadClass(WebappClassLoader.java:1526) 
    ... 70 common frames omitted 

Grazie.

Answer 1

Ho finalmente trovato una soluzione valida. Lo post, se può aiutare qualcun altro.

Il problema è venuto effettivamente da Spring Security. Ho trovato this documentation dalla documentazione di riferimento di Spring Security che mi aiuta un po '.

Infine, le cose che faccio per rendere la mia applicazione in esecuzione su un Tomcat 6 (Servlet 2.5) o Tomcat 7 (Servlet 3.0) sono stati:

• a pom.xml (di nuovo), a mantenere la dipendenza da primavera-boot-legacy
• in pom.xml, sostituire la dipendenza alla primavera-boot-starter-sicurezza da quelle di primavera di sicurezza (primavera-security-web e la primavera-sicurezza-config)
• aggiungere il @EnableWebMvcSecurity annotazione sulla classe di configurazione di sicurezza
• in web.xml, aggiungere il filtro springSecu rityFilterChain con classe di filtro org.springframework.web.filter.DelegatingFilterProxy

Queste sono le mie dipendenze in pom.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> 
    ... 
    <parent> 
     <groupId>org.springframework.boot</groupId> 
     <artifactId>spring-boot-starter-parent</artifactId> 
     <version>1.2.1.RELEASE</version> 
    </parent> 
    <dependencies> 
     <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-starter-web</artifactId> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.boot</groupId> 
      <artifactId>spring-boot-legacy</artifactId> 
      <version>1.0.1.RELEASE</version> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-web</artifactId> 
     </dependency> 
     <dependency> 
      <groupId>org.springframework.security</groupId> 
      <artifactId>spring-security-config</artifactId> 
     </dependency> 
     ... 
    </dependencies> 
    ... 
</project> 

Questo è il mio web.xml:

<?xml version="1.0" encoding="UTF-8"?> 
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
     xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> 

    <context-param> 
     <param-name>contextConfigLocation</param-name> 
     <param-value>com.acme.Application</param-value> 
    </context-param> 

    <listener> 
     <listener-class>org.springframework.boot.legacy.context.web.SpringBootContextLoaderListener</listener-class> 
    </listener> 

    <filter> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> 
    </filter> 
    <filter-mapping> 
     <filter-name>springSecurityFilterChain</filter-name> 
     <url-pattern>/*</url-pattern> 
     <dispatcher>ERROR</dispatcher> 
     <dispatcher>REQUEST</dispatcher> 
    </filter-mapping> 

    <servlet> 
     <servlet-name>appServlet</servlet-name> 
     <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> 
     <init-param> 
      <param-name>contextAttribute</param-name> 
      <param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value> 
     </init-param> 
     <load-on-startup>1</load-on-startup> 
    </servlet> 

    <servlet-mapping> 
     <servlet-name>appServlet</servlet-name> 
     <url-pattern>/</url-pattern> 
    </servlet-mapping> 

</web-app> 

E questa è la mia configurazione di Spring Security:

@Configuration 
@Order(SecurityProperties.ACCESS_OVERRIDE_ORDER) 
@EnableWebMvcSecurity 
public class SecurityConfig extends WebSecurityConfigurerAdapter { 

     @Inject 
     private AuthenticationProvider authenticationProvider; 

     @Inject 
     protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { 
      auth.authenticationProvider(authenticationProvider); 
     } 

     @Override 
     protected void configure(HttpSecurity http) throws Exception { 
      http 
       .antMatcher("/api/**") 
       .authorizeRequests().anyRequest() 
       .fullyAuthenticated().and().httpBasic(); 
     } 
}