ClasCastException to RootBeanDefinition in ZkEventSecurityBeanDefinitionParser.java:177

Question

ClasCastException to RootBeanDefinition in ZkEventSecurityBeanDefinitionParser.java:177

Closed this issue 10 years ago · 6 comments

GoogleCodeExporter commented 10 years ago

I'm doing some migration-tests from zkspring 2.x to 3.0RC.

With Spring 3.0 i get following stack-trace:

Caused by: java.lang.ClassCastException: java.lang.String cannot be cast to 
org.springframework.beans.factory.support.RootBeanDefinition
        at org.springframework.security.config.http.ZkEventSecurityBeanDefinitionParser.getStandardFilter(ZkEventSecurityBeanDefinitionParser.java:177)
        at org.springframework.security.config.http.ZkEventSecurityBeanDefinitionParser.registerLoginOKFilter(ZkEventSecurityBeanDefinitionParser.java:133)
        at org.springframework.security.config.http.ZkEventSecurityBeanDefinitionParser.parse(ZkEventSecurityBeanDefinitionParser.java:101)
        at org.springframework.beans.factory.xml.NamespaceHandlerSupport.parse(NamespaceHandlerSupport.java:73)
        at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1335)
        at org.springframework.beans.factory.xml.BeanDefinitionParserDelegate.parseCustomElement(BeanDefinitionParserDelegate.java:1325)
        at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.parseBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:135)
        at org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader.registerBeanDefinitions(DefaultBeanDefinitionDocumentReader.java:93)
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.registerBeanDefinitions(XmlBeanDefinitionReader.java:493)
        at org.springframework.beans.factory.xml.XmlBeanDefinitionReader.doLoadBeanDefinitions(XmlBeanDefinitionReader.java:390)
        ... 38 more

In ZkEventSecurityBeanDefinitionParser.java:177 it seems a RootBeanDefinition 
is expected. But it seems that also string values are valid. I just changed the 
type of rdb to Object and now it works for me...


Bye,
   Chris

Original issue reported on code.google.com by Christia...@gmail.com on 7 Oct 2010 at 7:43

Answer 1 · 2015-03-24T07:41:23.000Z

can you post your web.xml and bean config file please? I suppose you have read 
this document http://docs.zkoss.org/wiki/Spring

Original comment by ashish.dasnurkar on 13 Oct 2010 at 4:38

Answer 2 · 2015-03-24T07:41:23.000Z

Hi,

from web.xml: Which part are you interested in? I just double checked it with 
the samples from http://docs.zkoss.org/wiki/Spring and everything seems to be 
here. Except that i'm using an own spring loader that collects all config files 
from my project automatically.

From my bean config i post the relevant items here:

my "main" config is:

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:aop="http://www.springframework.org/schema/aop"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:tx="http://www.springframework.org/schema/tx"
       xmlns:util="http://www.springframework.org/schema/util"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:zksp="http://www.zkoss.org/2008/zkspring/core"
       xmlns:zksp-annot="http://www.zkoss.org/2008/zkspring-annot"
       xsi:schemaLocation="
       http://www.springframework.org/schema/aop        http://www.springframework.org/schema/aop/spring-aop-2.0.xsd
       http://www.springframework.org/schema/beans      http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
       http://www.springframework.org/schema/context    http://www.springframework.org/schema/context/spring-context-2.5.xsd
       http://www.springframework.org/schema/tx         http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
       http://www.springframework.org/schema/util       http://www.springframework.org/schema/util/spring-util-2.0.xsd
       http://www.zkoss.org/2008/zkspring/core          http://www.zkoss.org/2008/zkspring/core/zkspring-core.xsd
       http://www.zkoss.org/2008/zkspring-annot         http://www.zkoss.org/2008/zkspring-annot/zkspring-annot.xsd
       "
       >

    <!-- Spring Annotation Config -->
    <context:annotation-config />
    <context:component-scan base-package="org,de,com" />
    <aop:aspectj-autoproxy />

    <!-- ZK Spring Annotation Config -->
    <zksp:zk-config/>
    <zksp-annot:component-scan base-package="org,de"/>
</beans>

The security config:

<beans
     xmlns="http://www.springframework.org/schema/beans"
     xmlns:security="http://www.springframework.org/schema/security"
     xmlns:zksp="http://www.zkoss.org/2008/zkspring/security"
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     xsi:schemaLocation="http://www.springframework.org/schema/beans 
         http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
         http://www.springframework.org/schema/security 
         http://www.springframework.org/schema/security/spring-security-3.0.xsd
         http://www.zkoss.org/2008/zkspring/security
         http://www.zkoss.org/2008/zkspring/security/zkspring-security.xsd">

    <!--
       - Enable the @Secured annotation to secure service layer methods
       -->
    <security:global-method-security secured-annotations="enabled">
    </security:global-method-security>

    <!--
       - Secure the page per the URL pattern
       -->
    <security:http auto-config="true">
        <security:intercept-url pattern="/secure/extreme/**" access="ROLE_SUPERVISOR"/>
        <security:intercept-url pattern="/zkau/web/mc*/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <security:intercept-url pattern="/zkau/web/sa*/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <security:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <security:intercept-url pattern="/index**" access="IS_AUTHENTICATED_REMEMBERED" />
        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />

        <!-- use own login page rather than the default one -->
        <security:form-login login-page="${sapartner.auth.loginpage}" login-processing-url="${sapartner.auth.loginProcessing}"
            authentication-failure-url="${sapartner.auth.loginpage}?login_error=1"/>
        <security:logout logout-success-url="${sapartner.auth.logoutpage}" logout-url="${sapartner.auth.logouttrigger}"/>

        <!-- Following is list of ZK Spring Security custom filters. 
            They needs to be exactly in the same order as shown below in order to work.  -->
        <security:custom-filter ref="zkDesktopReuseFilter" position="FIRST" />
        <security:custom-filter ref="zkDisableSessionInvalidateFilter" before="FORM_LOGIN_FILTER"/>
        <security:custom-filter ref="zkEnableSessionInvalidateFilter" before="FILTER_SECURITY_INTERCEPTOR"/>
        <security:custom-filter ref="zkLoginOKFilter" after="FILTER_SECURITY_INTERCEPTOR"/>
        <security:custom-filter ref="zkError403Filter" after="LOGOUT_FILTER"/>

    </security:http>

    <!--
     - Secure the ZK event processing per the event name and ZK component path pattern
     -->
    <zksp:zk-event login-template-close-delay="5">
        <!-- 
        <zksp:intercept-event event="onClick" path="//**/rebuildSearch" access="ROLE_TELLER"/>
        <zksp:intercept-event event="onClick" path="//**/btn_*" access="ROLE_TELLER"/>
         -->
        <zksp:intercept-event path="/secure/**" access="ROLE_USER"/>
        <zksp:intercept-event path="/zkau/web/mc*/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <zksp:intercept-event path="/zkau/web/sa*/**" access="IS_AUTHENTICATED_REMEMBERED" />
        <zksp:intercept-event path="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    </zksp:zk-event>

  <!-- removed user resolver and some related beans --> 
</beans>

So everything seems to be like the samples.

I debugged into ZkEventSecurityBeanDefinitionParser.java and looked on the 
"filterChainMap" property from the filterChainProxy. And this is from the 
debugger output: 

{/**=[<zkDesktopReuseFilter>, Root bean: class 
[org.springframework.security.web.context.SecurityContextPersistenceFilter]; 
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class [org.springframework.security.web.authentication.logout.LogoutFilter]; 
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, 
<zkError403Filter>, <zkDisableSessionInvalidateFilter>, Root bean: class 
[org.springframework.security.web.authentication.UsernamePasswordAuthenticationF
ilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; 
dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class 
[org.springframework.security.web.authentication.www.BasicAuthenticationFilter];
 scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; 
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class 
[org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFi
lter]; scope=; abstract=false; lazyInit=false; autowireMode=0; 
dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class 
[org.springframework.security.web.authentication.AnonymousAuthenticationFilter];
 scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class [org.springframework.security.web.session.SessionManagementFilter]; 
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, Root bean: 
class [org.springframework.security.web.access.ExceptionTranslationFilter]; 
scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; 
autowireCandidate=true; primary=false; factoryBeanName=null; 
factoryMethodName=null; initMethodName=null; destroyMethodName=null, 
<zkEnableSessionInvalidateFilter>, 
<org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>,
 <zkLoginOKFilter>]}

Any hints on this?

Hope the provided info helps a bit...

bye,
   chris

Original comment by Christia...@gmail.com on 13 Oct 2010 at 7:17

Answer 3 · 2015-03-24T07:41:23.000Z

Sorry I couldn't reproduce this issue. Could you please post a working example 
of it? war?

Original comment by ashish.dasnurkar on 1 Mar 2011 at 2:05

Changed state: Accepted

Answer 4 · 2015-03-24T07:41:24.000Z

Also try it with the latest freshly zk-spring-core-bin-3.0RC-FL-2011-02-24.zip

Original comment by ashish.dasnurkar on 1 Mar 2011 at 6:33

Answer 5 · 2015-03-24T07:41:24.000Z

It seems to be solved. I used a patched version and it seems i'm not facing 
this issue with 3.0...

Original comment by Christia...@gmail.com on 8 Apr 2011 at 3:13

Answer 6 · 2015-03-24T07:41:24.000Z

Fixed since 5/12/2011

Original comment by ashish.dasnurkar on 12 May 2011 at 3:04

Changed state: Fixed