java - Tomcat 7 and AbstractSecurityWebApplicationInitializer are not working together -

i following article try basic http-auth without use of web.xml

i'm using tomcat 7.0.41 , dependencies on gradle:

  ext.springversion =  "3.2.1.release"   compile "org.springframework:spring-jdbc:$springversion",           "org.springframework:spring-context:$springversion",           "org.springframework:spring-web:$springversion",           "org.springframework:spring-webmvc:$springversion",           "org.springframework.security:spring-security-core:3.2.0.m2",           "org.springframework.security:spring-security-web:3.2.0.m2",           "org.springframework.security:spring-security-config:3.2.0.m2", 

according tutorial defined following

@enablewebsecurity public class securityconfiguration extends websecurityconfigureradapter {      @override     protected void registerauthentication(authenticationmanagerbuilder auth)             throws exception {         auth.inmemoryauthentication().withuser("admin").password("admin")                 .roles("user");     }      @override     protected void configure(httpsecurity http) throws exception {         http.authorizeurls().antmatchers("/").hasrole("user")                 .and().httpbasic();     }  } 

then added class initializer this:

@order(1) public class servletconfiguration extends         abstractannotationconfigdispatcherservletinitializer {      @override     protected class<?>[] getrootconfigclasses() {         return new class[] { securityconfiguration.class };         // return null;     }      @override     protected class<?>[] getservletconfigclasses() {         return new class[] { appconfiguration.class };     }      @override     protected string[] getservletmappings() {         return new string[] { "/" };     }  //  @override //  protected dynamic registerservletfilter(servletcontext servletcontext, //          filter filter) { //      dynamic securityfilter = servletcontext.addfilter( //              "springsecurityfilterchain", delegatingfilterproxy.class); //      securityfilter.addmappingforurlpatterns( //              enumset.allof(dispatchertype.class), false, "/*"); //      return securityfilter; //  }  } 

and added class inizialize springsecurityfilterchain:

@order(2) public class securityinitializer extends abstractsecuritywebapplicationinitializer  { @override protected void afterspringsecurityfilterchain(servletcontext servletcontext) {     system.out.println("afterspringsecurityfilterchain");     super.afterspringsecurityfilterchain(servletcontext); } } 

but i'm getting error:

debug: org.springframework.jndi.jndipropertysource - jndi lookup name [spring.livebeansview.mbeandomain] threw namingexception message: name [spring.livebeansview.mbeandomain] not bound in context. unable find [spring.livebeansview.mbeandomain].. returning null. jul 11, 2013 9:22:24 pm org.apache.catalina.core.standardcontext filterstart severe: exception starting filter springsecurityfilterchain org.springframework.beans.factory.nosuchbeandefinitionexception: no bean named 'springsecurityfilterchain' defined 

i don't why though, because when go debugging server initialization, these 2 methods called:

@override public final void onstartup(servletcontext servletcontext)         throws servletexception {     if(enablehttpsessioneventpublisher()) {         servletcontext.addlistener(httpsessioneventpublisher.class);     }     insertspringsecurityfilterchain(servletcontext);     afterspringsecurityfilterchain(servletcontext); } 

then

private void insertspringsecurityfilterchain(servletcontext servletcontext) {     string filtername = "springsecurityfilterchain";     delegatingfilterproxy springsecurityfilterchain = new delegatingfilterproxy(filtername);     string contextattribute = getwebapplicationcontextattribute();     if(contextattribute != null) {         springsecurityfilterchain.setcontextattribute(contextattribute);     }     registerfilter(servletcontext, true, filtername, springsecurityfilterchain); } 

so filter gets created. gets lost somewhere.

i tried play @order, doing nothing tried register springsecurityfilterchain using registerservletfilter method i'm not getting http-auth request authentication. , securityconfiguration doens't loaded.

securityinitializer creates delegatingfilterproxy used bean name of springsecurityfilterchain. springsecurityfilterchain created using @enablewebsecurity. problem missing @configuration annotation (without root applicationcontext not going try load securityconfiguration). want following:

@configuration @enablewebsecurity public class securityconfiguration extends websecurityconfigureradapter { ... } 

a few additional things point out:

• you not need use @order because not adding other filters
• the url have secured context root (i.e. /).
• you want aware of bug httpbasic() discussed on need spring security java config example showing basic auth only
• update: should have pointed out have logged spr-10660 support @enable* annotations without having @configuration on them. after resolved, issue magically go away.