Greg Turnquist (Migrated from SEC-1244) said:
I coded a pure LDAP authentication/authorization solution (no DAO entities) with the following XML configuration.
<security:intercept-url pattern="/**" access="ROLE_USER" />
This generated the error message:
2009-09-10 12:32:42,328 [main] ERROR [localhost].[/] - Exception sending context initialized event to listener instance of class org.codehaus.groovy.grails.web.context.GrailsContextLoaderListener org.springframework.beans.factory.access.BootstrapException: Error executing bootstraps; nested exception is org.springframework.security.config.SecurityConfigurationException: No SpringSecurityContextSource instances found. Have you added an element to your application context?
I altered resources.xml to make security namespace the default...
Everything works now!
Luke Taylor said:
The LDAP sample application doesn't use security as the default namespace, so this can't be a general case.
I would have thought that the XML would be identical once it has been parsed, regardless of whichever namespace is used as the default.
Greg Turnquist said:
What are the odds this is actually a Grails issue? I thought that only tweaking the resources.xml file pointed the finger at Spring Security. Its tricky to figure out, because most people seem to use DAO-based solutions, so I thought perhaps I had stumbled into a less than common corner case of Spring Security.
I don't use any DAO, and have no entities representing Users or Roles in the database. Instead, all Users and Roles are stored in LDAP, and I just want them transported appropriately into SecurityContextHolder. Hmm....
I haven't used Grails so I don't know how it could cause something like this. Can you always reproduce the problem?
I have a java app at work that uses the same authentication mechanism. Currently I'm using Spring JavaConfig. Let me see if I can comment out the Java auth parts, and plugin some XML, to test this out.
Okay, this has to be a Grails issue. I tweaked my pure Java app (no Grails), using security namespace, and it worked fine. I wasn't using Security namespace, but instead Spring JavaConfig, which required me to define all the beans in pure Java. I'll go open a JIRA issue on Grails to report this problem.
Created http://jira.codehaus.org/browse/GRAILS-5155 Grails issue to track this.
Ok. Closing as won't fix for the time being.