After updating the libraries (switching to jsf 3.0, spring 6 and spring-security 6), an error began to appear when deploying to the payara 6 server:
ContainerBase.addChild: start:
org.apache.catalina.LifecycleException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains': Cannot resolve reference to bean 'org.springframework.security.web.DefaultSecurityFilterChain#0' while setting bean property 'sourceList' with key [0]
at org.apache.catalina.core.StandardContext.start(StandardContext.java:5772)
at com.sun.enterprise.web.WebModule.start(WebModule.java:619)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:958)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:941)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:694)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1813)
at com.sun.enterprise.web.WebContainer.loadWebModule(WebContainer.java:1565)
at com.sun.enterprise.web.WebApplication.start(WebApplication.java:107)
at org.glassfish.internal.data.EngineRef.start(EngineRef.java:123)
at org.glassfish.internal.data.ModuleInfo.start(ModuleInfo.java:292)
at org.glassfish.internal.data.ApplicationInfo.start(ApplicationInfo.java:361)
at com.sun.enterprise.v3.server.ApplicationLifecycle.initialize(ApplicationLifecycle.java:630)
at org.glassfish.deployment.admin.DeployCommand.execute(DeployCommand.java:616)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:556)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$2$1.run(CommandRunnerImpl.java:552)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/javax.security.auth.Subject.doAs(Subject.java:376)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$2.execute(CommandRunnerImpl.java:551)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$3.run(CommandRunnerImpl.java:582)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$3.run(CommandRunnerImpl.java:574)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:399)
at java.base/javax.security.auth.Subject.doAs(Subject.java:376)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:573)
at com.sun.enterprise.v3.admin.CommandRunnerImpl.doCommand(CommandRunnerImpl.java:1497)
at com.sun.enterprise.v3.admin.CommandRunnerImpl$ExecutionContext.execute(CommandRunnerImpl.java:1869)
... 118 more
Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'mvcHandlerMappingIntrospector' available: A Bean named mvcHandlerMappingIntrospector of type org.springframework.web.servlet.handler.HandlerMappingIntrospector is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.
at org.springframework.security.config.http.HandlerMappingIntrospectorFactoryBean.getObject(HandlerMappingIntrospectorFactoryBean.java:46)
at org.springframework.security.config.http.HandlerMappingIntrospectorFactoryBean.getObject(HandlerMappingIntrospectorFactoryBean.java:34)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:148)
... 120 more
The main problem, as I understand it, is this line:
No bean named 'mvcHandlerMappingIntrospector' available: A Bean named mvcHandlerMappingIntrospector of type org.springframework.web.servlet.handler.HandlerMappingIntrospector is required to use MvcRequestMatcher. Please ensure Spring Security & Spring MVC are configured in a shared ApplicationContext.
My context configurations securityJsfConfig.xml:
<beans:beans >
<beans:bean id="ajaxSessionManagementFilter" class="rpk.lincor.awp.filter.JsfAjaxFilter">
<beans:property name="invalidSessionUrl" value="/j_spring_security_logout" />
</beans:bean>
<sec:http use-expressions="true" create-session="always" disable-url-rewriting="true">
<sec:intercept-url pattern="/modules" access="hasRole('ROLE_USER')" />
<sec:intercept-url pattern="/modules/pages/error.xhtml" access="permitAll" />
<sec:form-login login-page="/login.xhtml"
username-parameter="j_username"
password-parameter="j_password"
login-processing-url="/j_spring_security_check"
authentication-success-handler-ref="authSuccessHandler"
authentication-failure-url="/login.xhtml?state=failure" />
<sec:logout logout-success-url="/login.xhtml?state=logout"
logout-url="/j_spring_security_logout"
invalidate-session="true" />
<sec:access-denied-handler ref="accessDeniedHandler" />
<sec:intercept-url pattern="/login.xhtml" access="! hasRole('ROLE_USER')" />
<sec:intercept-url pattern="/" access="! hasRole('ROLE_USER')" />
<sec:custom-filter ref="ajaxSessionManagementFilter" before="SESSION_MANAGEMENT_FILTER" />
<sec:csrf disabled="true"/>
<sec:headers disabled="true"/>
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="authProvider">
</sec:authentication-provider>
</sec:authentication-manager>
</beans:beans>
My applicationContext.xml (part of it):
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd"\>
My web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app >
<display-name>ases</display-name>
<context-param>
<param-name>Version</param-name>
<param-value>1.0.0.2</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/*.xml
</param-value>
</context-param>
<context-param>
<param-name>jakarta.faces.DATETIMECONVERTER_DEFAULT_TIMEZONE_IS_SYSTEM_TIMEZONE</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>jakarta.faces.FACELETS_LIBRARIES</param-name>
<param-value>/WEB-INF/springsecurity.taglib.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<listener>
<listener-class>com.sun.faces.config.ConfigureListener</listener-class>
</listener>
<context-param>
<param-name>jakarta.faces.PROJECT_STAGE</param-name>
<param-value>Production</param-value>
</context-param>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>utf-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>pageFilter</filter-name>
<filter-class>rpk.ases.awp.filter.PageServletFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>pageFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>validFilter</filter-name>
<filter-class>rpk.lincor.awp.filter.ValidationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>validFilter</filter-name>
<url-pattern>/modules/pages/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>login.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>rpk.ases.awp.MyServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<error-page>
<error-code>500</error-code>
<location>/modules/pages/error.xhtml?code=500</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/modules/pages/error.xhtml?code=404</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/modules/pages/error.xhtml?code=403</location>
</error-page>
<error-page>
<exception-type>java.io.FileNotFoundException</exception-type>
<location>/modules/pages/error.xhtml?code=404</location>
</error-page>
<error-page>
<exception-type>java.lang.ArrayIndexOutOfBoundsException</exception-type>
<location>/modules/pages/error.xhtml?code=500</location>
</error-page>
<error-page>
<exception-type>java.lang.IllegalArgumentException</exception-type>
<location>/modules/pages/error.xhtml?code=500</location>
</error-page>
<error-page>
<exception-type>jakarta.faces.application.ViewExpiredException</exception-type>
<location>/modules/pages/error.xhtml?code=500</location>
</error-page>
<error-page>
<exception-type>jakarta.servlet.ServletException</exception-type>
<location>/modules/pages/error.xhtml?code=500</location>
</error-page>
</web-app>
applicationContext.xml and securityJsfConfig.xml are located in the WEB-INF/spring folder
With jsf2.3 and spring 5 everything worked. I can’t understand what’s wrong with my settings?
I'm trying to upgrade to a new version of Spring and JSF.
UPDATE:
Solved the problem by adding it to my applicationContext.xml
<bean id="mvcHandlerMappingIntrospector" class="org.springframework.web.servlet.handler.HandlerMappingIntrospector">
</bean>
This solved the problem, but I don’t understand why in the new version I have to include this bean in my applicationContext.xml.