I want to secure the REST URL. For that I have decided to go with token based authentication. In that, how can I create the token with expiration time and where can I store it for later validation token check ?
Thanks in advance.
This is my security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:sec="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<beans:import resource="applicationContext.xml"/>
<http pattern="/jaxrs/employess/**" create-session="stateless" entry-point-ref="myAuthenticationEntryPoint">
<intercept-url pattern='/jaxrs/employess/**' />
<custom-filter position="PRE_AUTH_FILTER" ref="myAuthenticationFilter" />
</http>
<beans:bean id="myAuthenticationEntryPoint" class="restservice.security.MyAuthenticationEntryPoint"/>
<global-method-security secured-annotations="enabled" />
<beans:bean id="myAuthenticationFilter" class="restservice.security.MyAuthenticationFilter">
<beans:property name="authenticationManager" ref="authenticationManager"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="myAuthenticationProvider"/>
</authentication-manager>
<!--<beans:bean id="restTemplate" class="org.springframework.web.client.RestTemplate"/>-->
<beans:bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
<!-- <beans:property name="errorHandler" ref="customErrorHandler" /> -->
</beans:bean>
<beans:bean id="myAuthenticationProvider" class="restservice.security.MyAuthenticationProvider" >
<beans:property name="restTemplate" ref="restTemplate"/>
</beans:bean>
<!-- <beans:bean id="customErrorHandler" class="com.AuthenticationResponseErrorHandler"/> -->
</beans:beans>*
You shouldn't store it anywhere, since that would imply storing some session state on the server.
Instead, the token itself should be a signed encoded string with the information you need to identify the user. You verify its authenticity by checking the signature. If you need to expire it, just append a time stamp to it before signing and calculate the token age based on the current time.
Related
We have a Spring web application secured using Spring Security and a set of SOAP API services uses the same security domain #org.jboss.ejb3.annotation.SecurityDomain that the Spring MVC uses to authenticate users.
We are now in process to refactor our application and to create,secure REST APIs.
We thought to follow the below approach
Spring #RestController methods act as REST APIS/webservices to replace our existing soap APIs.
Spring OAuth2 to protect the REST APIs
Spring MVC continue using the spring security and the security domain defined in the wildfly server, and after the form-login once the user is authenticated from the javascript/angular js use the oauth access token to invoke the protected REST APIs
Spring Configuration
<http pattern="/restapi/**" entry-point-ref="oauthAuthenticationEntryPoint"
create-session="stateless" xmlns="http://www.springframework.org/schema/security"
use-expressions="true">
<anonymous enabled="false" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<intercept-url pattern="/restapi/**" access="isAuthenticated()" />
<remember-me key="myapp" services-ref="rememberMeServices" />
<custom-filter ref="jbossSecurityFilter" after="REMEMBER_ME_FILTER" />
<custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
</http>
<http pattern="/oauth/token" create-session="stateless"
use-expressions="true" authentication-manager-ref="authenticationManager">
<intercept-url pattern="/oauth/token" access="isAuthenticated()" />
<anonymous enabled="false" />
<custom-filter ref="clientCredentialsTokenEndpointFilter"
before="BASIC_AUTH_FILTER" />
<access-denied-handler ref="oauthAccessDeniedHandler" />
<http-basic entry-point-ref="clientAuthenticationEntryPoint" />
<remember-me key="myapp" services-ref="rememberMeServices" />
<custom-filter ref="jbossSecurityFilter" after="REMEMBER_ME_FILTER" />
</http>
<beans:bean id="jaasAuthenticationProvider" class="org.springframework.security.authentication.jaas.JaasAuthenticationProvider">
<beans:property name="refreshConfigurationOnStartup" value="false"/>
<beans:property name="loginConfig" value="/WEB-INF/login.conf" />
<beans:property name="loginContextName" value="AppName" />
<beans:property name="callbackHandlers">
<beans:list>
<beans:ref bean="jaasNameCallBackHandler" />
<beans:bean class="org.springframework.security.authentication.jaas.JaasPasswordCallbackHandler" />
</beans:list>
</beans:property>
<beans:property name="authorityGranters">
<beans:list>
<beans:bean class="com.custom.CustomAuthorityGranter" />
</beans:list>
</beans:property>
</beans:bean>
The third party applications or the REST API clients will use the below steps to get access tokens and to access protected REST APIs
http://hostname:8080/myapp/oauth/token?grant_type=password&client_id=X&username=user1&password=secret&client_secret=XYZ&scope=read+write+trust
http://hostname:8080/myapp/restapi/getdata?access_token=5ec70b18-d9eb-449b-a1fa-d29c3d47274d
Is it safe to ask our webservice clients to send their credentials in the request param/headers to get the access tokens ?
Is that good approach to save the tokens in the server sessions to use it in the UI for the Spring MVC requests ?
We are also asked to consider the API Keys to access the REST APIs. By using API Keys can we get the ejb session context and user details? If so can we use the API Keys along with the spring security in the Web part ?
I am using spring security and i18n.
My application has 2 languages: Fr and En, Fr being the default one. However, when I logged in using the English languages and then log out, I will be redirected to the french homepage. I tried changing the logout url, including the language part, like this:
"/login/login.mvc?logout=True?language=i18n_get_lang()"
, but no success. Any idea how to solve this would be more than welcome.
PS, the login redirection works correctly.
Below is my springSecurity.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login/login.mvc" access="isAnonymous()" />
<!-- <intercept-url pattern="/admin**" access="ROLE_USER" /> -->
<form-login
login-processing-url="/login/login.mvc"
login-page="/login/login.mvc"
default-target-url="/login/accueil.mvc"
authentication-failure-url="/login/login.mvc?Error=True"
username-parameter="j_username"
password-parameter="j_password" />
<logout logout-success-url="/login/login.mvc?logout=True?language=localeChangeInterceptor"
logout-url="/login/j_spring_security_logout"/>
<!-- unable csrf protection -->
<csrf disabled="true"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="1234" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
My MVC-servlet.xml
<?xml version="1.0" encoding="UTF-8" ?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd">
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/pages/" />
<property name="suffix" value=".jsp" />
</bean>
<mvc:resources mapping="/css/**" location="/css/" />
<mvc:resources mapping="/images/**" location="/images/" />
<mvc:resources mapping="/js/**" location="/js/" />
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:i18n/Message"/>
<property name="defaultEncoding" value="UTF-8"/>
</bean>
<bean id="localeResolver"
class="org.springframework.web.servlet.i18n.SessionLocaleResolver">
<property name="defaultLocale" value="fr" />
</bean>
<bean id="localeChangeInterceptor"
class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language" />
</bean>
<mvc:interceptors>
<!-- Changes the locale when a 'lang' request parameter is sent; e.g. /?lang=de -->
<bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<property name="paramName" value="language"/>
</bean>
</mvc:interceptors>
<bean class="org.springframework.web.servlet.mvc.support.ControllerClassNameHandlerMapping" >
<property name="interceptors">
<list>
<ref bean="localeChangeInterceptor" />
</list>
</property>
</bean>
</beans>
I found a solution: change SessionLocaleResolver to CookieLocaleResolver in MVC-servlet.xml.
I just implemented OAuth with Spring Security in RESTful web service WITH hard-coded username and password,for that i just added,one spring-security file,
spring-security.xml
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/security/oauth2
http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.1.6.xsd">
<!-- Definition of the Authentication Service -->
<http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
xmlns="http://www.springframework.org/schema/security">
<intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY"/>
<anonymous enabled="false"/>
<http-basic entry-point-ref="clientAuthenticationEntryPoint"/>
<!-- include this only if you need to authenticate clients via request parameters -->
<custom-filter ref="clientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
<access-denied-handler ref="oauthAccessDeniedHandler"/>
</http>
<!-- Protected resources -->
<http pattern="/admin/**"
create-session="never"
entry-point-ref="oauthAuthenticationEntryPoint"
access-decision-manager-ref="accessDecisionManager"
xmlns="http://www.springframework.org/schema/security">
<anonymous enabled="false"/>
<intercept-url pattern="/admin/**"
access="ROLE_USER"/>
<custom-filter ref="resourceServerFilter"
before="PRE_AUTH_FILTER"/>
<access-denied-handler
ref="oauthAccessDeniedHandler"/>
</http>
<beans:bean id="oauthAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="dstest"/>
</beans:bean>
<beans:bean id="clientAuthenticationEntryPoint"
class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<beans:property name="realmName" value="dstest/client"/>
<beans:property name="typeName" value="Basic"/>
</beans:bean>
<beans:bean id="oauthAccessDeniedHandler"
class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler"/>
<beans:bean id="clientCredentialsTokenEndpointFilter"
class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<beans:property name="authenticationManager" ref="clientAuthenticationManager"/>
</beans:bean>
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"
xmlns="http://www.springframework.org/schema/beans">
<constructor-arg>
<list>
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter"/>
<bean class="org.springframework.security.access.vote.RoleVoter"/>
<bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
</list>
</constructor-arg>
</bean>
<!-- Authentication in config file -->
<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider user-service-ref="clientDetailsUserService"/>
</authentication-manager>
<authentication-manager alias="authenticationManager" xmlns="http://www.springframework.org/schema/security">
<authentication-provider>
<user-service id="userDetailsService">
<user name="shree" password="pass" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
<beans:bean id="clientDetailsUserService"
class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
<beans:constructor-arg ref="clientDetails"/>
</beans:bean>
<!-- Token Store -->
<beans:bean id="tokenStore" class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore"/>
<beans:bean id="tokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
<beans:property name="tokenStore" ref="tokenStore"/>
<beans:property name="supportRefreshToken" value="true"/>
<beans:property name="clientDetailsService" ref="clientDetails"/>
<!-- VIV -->
<beans:property name="accessTokenValiditySeconds" value="10"/>
</beans:bean>
<beans:bean id="userApprovalHandler"
class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler">
<beans:property name="tokenServices" ref="tokenServices"/>
</beans:bean>
<!-- Token management -->
<oauth:authorization-server client-details-service-ref="clientDetails" token-services-ref="tokenServices"
user-approval-handler-ref="userApprovalHandler">
<oauth:authorization-code/>
<oauth:implicit/>
<oauth:refresh-token/>
<oauth:client-credentials/>
<oauth:password/>
</oauth:authorization-server>
<oauth:resource-server id="resourceServerFilter"
resource-id="dstest"
token-services-ref="tokenServices"/>
<!-- Client Definition -->
<oauth:client-details-service id="clientDetails">
<oauth:client client-id="my-trusted-client"
authorized-grant-types="password,authorization_code,refresh_token,implicit,redirect"
authorities="ROLE_CLIENT, ROLE_TRUSTED_CLIENT"
redirect-uri="/web"
scope="read,write,trust"
access-token-validity="10"
refresh-token-validity="30"/>
</oauth:client-details-service>
<sec:global-method-security pre-post-annotations="enabled" proxy-target-class="true">
<sec:expression-handler ref="oauthExpressionHandler"/>
</sec:global-method-security>
<oauth:expression-handler id="oauthExpressionHandler"/>
<oauth:web-expression-handler id="oauthWebExpressionHandler"/>
</beans:beans>
means we no need to goto .java file currently,but now I want to check username and password from MongoDB database.I tried searching for this but either I am not understanding because code is different or their different database confuse me,I am not getting some website which really explain flow & use of code.
So my question is How to simply make above code accessible to MongoDB database
and check username,password from their.
are you asking about authentication? spring security oauth use spring security for authentication. that means you could configure this with WebSecurityConfigurerAdapter. like this
#Configuration
#EnableWebSecurity
public class SecurityCfg extends WebSecurityConfigurerAdapter {
#Autowired
public vodie globalUserDetails(AuthenticationManagerBuilder auth)
{
auth.mongoDBAuthentication().dataSource(dataSource)
.passwordEncoder(passwordEncoder());
}
}
you've to look for or implement mongoDBAuthentication class which implements UserDetailsManager. and setup a datasource bean.
would be much easier to use jdbcAuthentication with MySQL or postgresQL.
maybe this would help https://github.com/caelwinner/spring-security-mongo
This has stopped working after I added a Spring Security filter.
Spring 3.1.4.RELEASE
Spring Security 3.1.2.RELEASE
Tomcat 7.0.37
The mapping is configured as expected when the app is deployed
INFO annotation.RequestMappingHandlerMapping: Mapped "{[/countries],methods=[GET],params=[!countryCode],headers=[],consumes=[],produces=[application/json],custom=[]}" onto public com.purpleleaf.proxy.rest.data.ProxyResponse com.purpleleaf.proxy.rest.service.reference.DefaultCountry.findAll()
The GET request is submitted.
GET http://localhost:8081/purpleleaf-admin-1.0.0/countries?page=1&start=0&limit=25
The request parameters are added by ExtJS and it is not an issue as it was working without security.
The log for the GET request
DEBUG util.AntPathRequestMatcher: Checking match of request : '/countries'; against '/*'
DEBUG web.FilterChainProxy: /countries?page=1&start=0&limit=25 has an empty filter list
DEBUG servlet.DispatcherServlet: DispatcherServlet with name 'admin-spring' processing GET request for [//purpleleaf-admin-1.0.0/countries]
DEBUG annotation.RequestMappingHandlerMapping: Looking up handler method for path //purpleleaf-admin-1.0.0/countries
DEBUG annotation.RequestMappingHandlerMapping: Did not find handler method for [//purpleleaf-admin-1.0.0/countries]
DEBUG handler.SimpleUrlHandlerMapping: Matching patterns for request [//purpleleaf-admin-1.0.0/countries] are [/**]
DEBUG handler.SimpleUrlHandlerMapping: URI Template variables for request [//purpleleaf-admin-1.0.0/countries] are {}
DEBUG handler.SimpleUrlHandlerMapping: Mapping [//purpleleaf-admin-1.0.0/countries] to HandlerExecutionChain with handler [org.springframework.web.servlet.resource.DefaultServletHttpRequestHandler#3f8050cf] and 1 interceptor
DEBUG servlet.DispatcherServlet: Last-Modified value for [//purpleleaf-admin-1.0.0/countries] is: -1
DEBUG servlet.DispatcherServlet: Null ModelAndView returned to DispatcherServlet with name 'admin-spring': assuming HandlerAdapter completed request handling
DEBUG servlet.DispatcherServlet: Successfully completed request
When the request is processed by web.filterChainProxy it is /countries but when it is process by annotation.RequestMappingHandlerMapping it is //purpleleaf-admin-1.0.0/countires
purpleleaf-admin-1.0.0 is the folder where war file is unpaked.
web.xml has following servlet and filter mapping
<servlet-mapping>
<servlet-name>admin-spring</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Any suggestion on how I can resolve this mapping?
Edit 1: Spring Security Configuration File
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<beans:import resource="classpath*:applicationContext-CrowdClient.xml" />
<beans:bean id="crowdUserDetailsService" class="com.atlassian.crowd.integration.springsecurity.user.CrowdUserDetailsServiceImpl">
<beans:property name="authenticationManager" ref="crowdAuthenticationManager"/>
<beans:property name="groupMembershipManager" ref="crowdGroupMembershipManager"/>
<beans:property name="userManager" ref="crowdUserManager"/>
<beans:property name="authorityPrefix" value="ROLE_"/>
</beans:bean>
<beans:bean id="crowdAuthenticationProvider" class="com.atlassian.crowd.integration.springsecurity.RemoteCrowdAuthenticationProvider">
<beans:constructor-arg ref="crowdAuthenticationManager"/>
<beans:constructor-arg ref="httpAuthenticator"/>
<beans:constructor-arg ref="crowdUserDetailsService"/>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref='crowdAuthenticationProvider' />
</authentication-manager>
<beans:bean id="crowdAuthenticationProcessingFilterEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg value="/login.jsp" />
</beans:bean>
<beans:bean id="crowdAuthenticationProcessingFilter" class="com.atlassian.crowd.integration.springsecurity.CrowdSSOAuthenticationProcessingFilter">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
<beans:property name="authenticationManager" ref="authenticationManager"/>
<beans:property name="filterProcessesUrl" value="/j_security_check"/>
<beans:property name="authenticationFailureHandler">
<beans:bean class="com.atlassian.crowd.integration.springsecurity.UsernameStoringAuthenticationFailureHandler">
<beans:property name="defaultFailureUrl" value="/login.jsp?error=true"/>
</beans:bean>
</beans:property>
<beans:property name="authenticationSuccessHandler">
<beans:bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<beans:property name="defaultTargetUrl" value="/"/>
</beans:bean>
</beans:property>
</beans:bean>
<beans:bean id="crowdLogoutHandler" class="com.atlassian.crowd.integration.springsecurity.CrowdLogoutHandler">
<beans:property name="httpAuthenticator" ref="httpAuthenticator"/>
</beans:bean>
<beans:bean id="securityContextLogoutHandler" class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler" />
<beans:bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
<beans:constructor-arg index="0" value="/index.html"/>
<beans:constructor-arg index="1">
<beans:list>
<beans:ref bean="crowdLogoutHandler"/>
<beans:ref bean="securityContextLogoutHandler"/>
</beans:list>
</beans:constructor-arg>
<beans:property name="filterProcessesUrl" value="/logout.html"/>
</beans:bean>
<http pattern='/*' security='none'/>
<!--http pattern='/scripts/*' security='none'/-->
<http auto-config="false" entry-point-ref="crowdAuthenticationProcessingFilterEntryPoint">
<custom-filter position="FORM_LOGIN_FILTER" ref='crowdAuthenticationProcessingFilter'/>
<custom-filter position="LOGOUT_FILTER" ref='logoutFilter'/>
<!--intercept-url pattern="/admin/*" access="ROLE_application-administrators"/-->
<!--intercept-url pattern="/passwordHint.html" access="ROLE_ANONYMOUS,ROLE_ADMIN,ROLE_USER"/-->
<!--security:intercept-url pattern="/**/*.html*" access="IS_AUTHENTICATED_FULLY"/-->
</http>
</beans:beans>
The root cause was the purpleleaf-admin-1.0.0 on the url. util.AntPathRequestMatcher could not resolve the path correctly when it contains a dot(.).
The class was not in the path until the security filter was added.
Can someone please tell what am I doing wrong here. All I'm trying to do is hit the mysql database using Spring MVC with JPA configuration. I'm greeted with error every time I'm running the program.
servlet-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
<context:property-placeholder location="classpath:hibernate.properties" />
<!-- DispatcherServlet Context: defines this servlet's request-processing
infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<annotation-driven />
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by #Controllers to .jsp resources
in the /WEB-INF/views directory -->
<beans:bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
<context:component-scan base-package="com.logicalideasJPA" />
<!-- Enables the Spring MVC #Controller programming model -->
<tx:annotation-driven transaction-manager="transactionManager" />
<!-- Declare a JPA entityManagerFactory -->
<beans:bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<beans:property name="dataSource" ref="dataSource" />
<beans:property name="loadTimeWeaver">
<beans:bean
class="org.springframework.instrument.classloading.InstrumentationLoadTimeWeaver" />
</beans:property>
<beans:property name="jpaVendorAdapter">
<beans:bean
class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter">
<beans:property name="showSql" value="true" />
</beans:bean>
</beans:property>
</beans:bean>
<!-- Declare a transaction manager -->
<beans:bean id="transactionManager"
class="org.springframework.orm.jpa.JpaTransactionManager">
<beans:property name="entityManagerFactory" ref="entityManagerFactory" />
<beans:property name="dataSource" ref="dataSource" />
</beans:bean>
<beans:bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<beans:property name="driverClassName" value="${database.driver}" />
<beans:property name="url" value="${database.url}" />
<beans:property name="username" value="${database.user}" />
<beans:property name="password" value="${database.password}" />
</beans:bean>
</beans:beans>
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping#0': Initialization of bean failed; nested exception is java.lang.NoClassDefFoundError: com/logicalideas/persistence/Contacts
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:527)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
at org.springframework.web.servlet.FrameworkServlet.configureAndRefreshWebApplicationContext(FrameworkServlet.java:631)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:588)
at org.springframework.web.servlet.FrameworkServlet.createWebApplicationContext(FrameworkServlet.java:645)
at org.springframework.web.servlet.FrameworkServlet.initWebApplicationContext(FrameworkServlet.java:508)
at org.springframework.web.servlet.FrameworkServlet.initServletBean(FrameworkServlet.java:449)
at org.springframework.web.servlet.HttpServletBean.init(HttpServletBean.java:133)
at javax.servlet.GenericServlet.init(GenericServlet.java:160)
at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1266)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1185)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:1080)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:5001)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5289)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1525)
at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1515)
at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:303)
at java.util.concurrent.FutureTask.run(FutureTask.java:138)
at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
In your entityManagerFactory bean, you have to set the packages to scan in order to hibernate can find your entities:
<beans:bean id="entityManagerFactory"
class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
...
<beans:property name="packagesToScan" value="com.logicalideas.persistence"/>
...
</beans:bean>
You can find more information here.
Looks like you are scanning for com.logicalideasJPA,
<context:component-scan base-package="com.logicalideasJPA" />
while your JPA classes are expected to be at com.logicalideas.persistence, based on the exception you are getting. Try changing scanning package name.