In using the Pool object from the multiprocessing module, is the number of processes limited by the number of CPU cores? E.g. if I have 4 cores, even if I create a Pool with 8 processes, only 4 will be running at one time?

Python multiprocessing&#39;s Pool process limit

Is there any statement that can describe all tables in a database?

Something like this:

    describe * from myDB;

How can I describe all tables in the database through one statement?

I have implemented Spring Social + Spring Security as outlined in the Spring security examples (and with spring security java config). I reported couple of problems at the time (see https://jira.springsource.org/browse/SEC-2204) all of those are resolved and my security works fine. 

However, I want to change my security implementation and use RESTful authentication. Spring oauth/oauth2 (http://projects.spring.io/spring-security-oauth/) solves this problem but I can not see how Spring Social will fit into that picture? Although behind the scenes Spring social talks to Facebook/Twitter with oauth, I don&#39;t think Spring Social&#39;s signup form and other characteristics are built for a restful API.

Any examples or ideas will definitely help.

**Update on this post: (4/6/2014)**

- I have built a (PHP) site that consumes my API.
- This PHP site (let&#39;s call it the client site), uses Facebook PHP SDK to register its own users. This is a completely separate way of gathering its own members.
- However, once users are registered client site passes username, email, password, first name, and last name data along with its client_id and client secret and using OAuth2 grant type `client_credentials` authentication.
- This passed-in user data creates an user record on the main system! (main application)
- After this, each time the client site calls the main system via OAuth2 grant type password and sends `client_id`, `client_secret`, username and password, gets an &quot;Authentication token&quot; and be able to communicate with the main site with this token.

Seems like a long way to go but solves the problem of keeping the user record on the main system. I&#39;m curious if there are other ways to do this? Please advise.

How to do rest authentication with Spring Social?

I have implemented Spring Social + Spring Security as outlined in the Spring security examples (and with spring security java config). I reported couple of problems at the time (see <a href="https://jira.springsource.org/browse/SEC-2204" target="_blank" rel="noopener noreferrer">https://jira.springsource.org/browse/SEC-2204</a>) all of those are resolved and my security works fine.
However, I want to change my security implementation and use RESTful authentication. Spring oauth/oauth2 (<a href="http://projects.spring.io/spring-security-oauth/" target="_blank" rel="noopener noreferrer">http://projects.spring.io/spring-security-oauth/</a>) solves this problem but I can not see how Spring Social will fit into that picture? Although behind the scenes Spring social talks to Facebook/Twitter with oauth, I don't think Spring Social's signup form and other characteristics are built for a restful API.
Any examples or ideas will definitely help.
Update on this post: (4/6/2014)
<ul>
<li>I have built a (PHP) site that consumes my API.</li>
<li>This PHP site (let's call it the client site), uses Facebook PHP SDK to register its own users. This is a completely separate way of gathering its own members.</li>
<li>However, once users are registered client site passes username, email, password, first name, and last name data along with its client_id and client secret and using OAuth2 grant type <code>client_credentials</code> authentication.</li>
<li>This passed-in user data creates an user record on the main system! (main application)</li>
<li>After this, each time the client site calls the main system via OAuth2 grant type password and sends <code>client_id</code>, <code>client_secret</code>, username and password, gets an "Authentication token" and be able to communicate with the main site with this token.</li>
</ul>
Seems like a long way to go but solves the problem of keeping the user record on the main system. I'm curious if there are other ways to do this? Please advise.

I&#39;ve been searching how to manage a REST API versions using Spring 3.2.x, but I haven&#39;t find anything that is easy to maintain. I&#39;ll explain first the problem I have, and then a solution... but I do wonder if I&#39;m re-inventing the wheel here.

I want to manage the version based on the Accept header, and for example if a request has the Accept header `application/vnd.company.app-1.1+json`, I want spring MVC to forward this to the method that handles this version. And since not all methods in an API change in the same release, I don&#39;t want to go to each of my controllers and change anything for a handler that hasn&#39;t changed between versions. I also don&#39;t want to have the logic to figure out which version to use in the controller themselves (using service locators) as Spring is already discovering which method to call.

So taken an API with versions 1.0, to 1.8 where a handler was introduced in version 1.0 and modified in v1.7, I would like handle this in the following way. Imagine that the code is inside a controller, and that there&#39;s some code that is able to extract the version from the header. (The following is invalid in Spring)

    @RequestMapping(...)
    @VersionRange(1.0,1.6)
    @ResponseBody
    public Object method1() {
       // so something
       return object;
    }

    @RequestMapping(...) //same Request mapping annotation
    @VersionRange(1.7)
    @ResponseBody
    public Object method2() {
       // so something
       return object;
    }

This is not possible in spring as the 2 methods have the same `RequestMapping` annotation and Spring fails to load. The idea is that the `VersionRange` annotation can define an open or closed version range. The first method is valid from versions 1.0 to 1.6, while the second for version 1.7 onwards (including the latest version 1.8). I know that this approach breaks if someone decides to pass version 99.99, but that&#39;s something I&#39;m OK to live with.


Now, since the above is not possible without a serious rework of how spring works, I was thinking of tinkering with the way handlers matched to requests, in particular to write my own `ProducesRequestCondition`, and have the version range in there. For example

Code:

    @RequestMapping(..., produces = &quot;application/vnd.company.app-[1.0-1.6]+json)
    @ResponseBody
    public Object method1() {
       // so something
       return object;
    }
 
    @RequestMapping(..., produces = &quot;application/vnd.company.app-[1.7-]+json)
    @ResponseBody
    public Object method2() {
       // so something
       return object;
    }

In this way, I can have closed or open version ranges defined in the produces part of the annotation. I&#39;m working on this solution now, with the problem that I still had to replace some core Spring MVC classes (`RequestMappingInfoHandlerMapping`, `RequestMappingHandlerMapping` and `RequestMappingInfo`), which I don&#39;t like, because it means extra work whenever I decide to upgrade to a newer version of spring.


I would appreciate any thoughts... and especially, any suggestion to do this in a simpler, easier to maintain way.

---
## Edit
Adding a bounty. To get the bounty, please answer the question above without suggesting to have this logic in the controller themselves. Spring already has a lot of logic to select which controller method to call, and I want to piggyback on that.

---
## Edit 2
I&#39;ve shared the original POC (with some improvements) in github: https://github.com/augusto/restVersioning


How to manage REST API versioning with spring?

I am trying to use properties from a `.properties` file, but it doesn&#39;t seem to work.

Here is my code:

    @Service(&quot;ServiceFTP&quot;)
    @Transactional
    public class ServiceFTPImpl implements ServiceFTP {

    @Value(&quot;${project.ftp.adresse}&quot;)
    private String adresse;

    @Value(&quot;${project.ftp.login}&quot;)
    private String compte;

    @Value(&quot;${project.ftp.password}&quot;)
    private String motDePasse;

    @Value(&quot;${project.ftp.root}&quot;)
    private String ROOT;

    [...]

    }

This class uses `@Value` annotations to get the properties.
It is also declared as a Spring Service and is linked to my `infraContext.xml` file :

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    &lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
       xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
       xmlns:context=&quot;http://www.springframework.org/schema/context&quot;
       xsi:schemaLocation=&quot;http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd&quot;&gt;

    &lt;context:property-placeholder location=&quot;classpath:context-core.properties&quot;/&gt;

    [...]

    &lt;/beans&gt;

Using `context:property-placeholder`, I link this file to my `context-core.properties` file :

    project.ftp.adresse = localhost
    project.ftp.login = anonymous
    project.ftp.password =
    project.ftp.root = /anonymous/

This does make sense, right ?

But when I try to launch my project, Tomcat throw this exception :

        ERROR [context.ContextLoader.initWebApplicationContext()] Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name &#39;ServiceFTP&#39;: Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: private java.lang.String project.sins.service.impl.ServiceFTPImpl.adresse; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder &#39;project.ftp.adresse&#39; in string value &quot;${project.ftp.adresse}&quot;
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:287)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1106)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:607)
    	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:925)
    	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:472)
    	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:388)
    	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:293)
    	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
    	at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4887)
    	at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5381)
    	at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    	at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
    	at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
    	at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
    	at org.apache.catalina.startup.HostConfig.deployDescriptor(HostConfig.java:657)
    	at org.apache.catalina.startup.HostConfig$DeployDescriptor.run(HostConfig.java:1636)
    	at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    	at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334)
    	at java.util.concurrent.FutureTask.run(FutureTask.java:166)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    	at java.lang.Thread.run(Thread.java:722)
    Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire field: private java.lang.String project.sins.service.impl.ServiceFTPImpl.adresse; nested exception is java.lang.IllegalArgumentException: Could not resolve placeholder &#39;project.ftp.adresse&#39; in string value &quot;${project.ftp.adresse}&quot;
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:513)
    	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:92)
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:284)
    	... 27 more
    Caused by: java.lang.IllegalArgumentException: Could not resolve placeholder &#39;project.ftp.adresse&#39; in string value &quot;${project.ftp.adresse}&quot;
    	at org.springframework.util.PropertyPlaceholderHelper.parseStringValue(PropertyPlaceholderHelper.java:173)
    	at org.springframework.util.PropertyPlaceholderHelper.replacePlaceholders(PropertyPlaceholderHelper.java:125)
    	at org.springframework.core.env.AbstractPropertyResolver.doResolvePlaceholders(AbstractPropertyResolver.java:151)
    	at org.springframework.core.env.AbstractPropertyResolver.resolveRequiredPlaceholders(AbstractPropertyResolver.java:142)
    	at org.springframework.context.support.PropertySourcesPlaceholderConfigurer$2.resolveStringValue(PropertySourcesPlaceholderConfigurer.java:169)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.resolveEmbeddedValue(AbstractBeanFactory.java:748)
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:740)
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:730)
    	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:485)
    	... 29 more

Or, in short : `java.lang.IllegalArgumentException: Could not resolve placeholder &#39;project.ftp.adresse&#39; in string value &quot;${project.ftp.adresse}&quot;`

EDIT :

Here is my web.xml :

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    &lt;web-app xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
             xmlns=&quot;http://java.sun.com/xml/ns/javaee&quot;
             xsi:schemaLocation=&quot;http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd&quot;
             id=&quot;sins&quot; version=&quot;2.5&quot;&gt;
    
        &lt;display-name&gt;Project&lt;/display-name&gt;
    
        &lt;listener&gt;
            &lt;listener-class&gt;org.springframework.web.util.Log4jConfigListener&lt;/listener-class&gt;
        &lt;/listener&gt;
    
        &lt;context-param&gt;
            &lt;param-name&gt;log4jExposeWebAppRoot&lt;/param-name&gt;
            &lt;param-value&gt;false&lt;/param-value&gt;
        &lt;/context-param&gt;
    
        &lt;filter&gt;
            &lt;filter-name&gt;ExpiresFilter&lt;/filter-name&gt;
            &lt;filter-class&gt;org.apache.catalina.filters.ExpiresFilter&lt;/filter-class&gt;
            &lt;init-param&gt;
                &lt;param-name&gt;ExpiresByType text/html&lt;/param-name&gt;
                &lt;param-value&gt;now plus 0 seconds&lt;/param-value&gt;
            &lt;/init-param&gt;
            &lt;init-param&gt;
                &lt;param-name&gt;ExpiresByType application/json&lt;/param-name&gt;
                &lt;param-value&gt;now plus 0 seconds&lt;/param-value&gt;
            &lt;/init-param&gt;
        &lt;/filter&gt;
    
        &lt;filter-mapping&gt;
            &lt;filter-name&gt;ExpiresFilter&lt;/filter-name&gt;
            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
            &lt;dispatcher&gt;REQUEST&lt;/dispatcher&gt;
        &lt;/filter-mapping&gt;
    
        &lt;filter&gt;
            &lt;filter-name&gt;EncodingFilter&lt;/filter-name&gt;
            &lt;filter-class&gt;org.springframework.web.filter.CharacterEncodingFilter&lt;/filter-class&gt;
            &lt;init-param&gt;
                &lt;param-name&gt;encoding&lt;/param-name&gt;
                &lt;param-value&gt;UTF-8&lt;/param-value&gt;
            &lt;/init-param&gt;
            &lt;init-param&gt;
                &lt;param-name&gt;forceEncoding&lt;/param-name&gt;
                &lt;param-value&gt;true&lt;/param-value&gt;
            &lt;/init-param&gt;
        &lt;/filter&gt;
        &lt;filter-mapping&gt;
            &lt;filter-name&gt;EncodingFilter&lt;/filter-name&gt;
            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
        &lt;/filter-mapping&gt;
    
        &lt;filter&gt;
            &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt;
            &lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt;
        &lt;/filter&gt;
        &lt;filter-mapping&gt;
            &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt;
            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
        &lt;/filter-mapping&gt;
    
        &lt;filter&gt;
            &lt;filter-name&gt;Spring OpenEntityManagerInViewFilter&lt;/filter-name&gt;
            &lt;filter-class&gt;
                org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter
            &lt;/filter-class&gt;
        &lt;/filter&gt;
    
        &lt;filter-mapping&gt;
            &lt;filter-name&gt;Spring OpenEntityManagerInViewFilter&lt;/filter-name&gt;
            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
        &lt;/filter-mapping&gt;
    
        &lt;filter&gt;
            &lt;filter-name&gt;struts2&lt;/filter-name&gt;
            &lt;filter-class&gt;org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter&lt;/filter-class&gt;
        &lt;/filter&gt;
    
        &lt;filter-mapping&gt;
            &lt;filter-name&gt;struts2&lt;/filter-name&gt;
            &lt;url-pattern&gt;/*&lt;/url-pattern&gt;
        &lt;/filter-mapping&gt;
    
        &lt;welcome-file-list&gt;
            &lt;welcome-file&gt;index.jsp&lt;/welcome-file&gt;
        &lt;/welcome-file-list&gt;
    
        &lt;listener&gt;
            &lt;listener-class&gt;org.springframework.web.context.ContextLoaderListener&lt;/listener-class&gt;
        &lt;/listener&gt;
    
        &lt;listener&gt;
            &lt;listener-class&gt;org.apache.struts2.tiles.StrutsTilesListener&lt;/listener-class&gt;
        &lt;/listener&gt;
    
        &lt;context-param&gt;
            &lt;param-name&gt;
                org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
            &lt;/param-name&gt;
            &lt;param-value&gt;
                /WEB-INF/tiles/user.xml
            &lt;/param-value&gt;
        &lt;/context-param&gt;
    
        &lt;resource-ref&gt;
            &lt;res-ref-name&gt;jdbc/si_nsg&lt;/res-ref-name&gt;
            &lt;res-type&gt;javax.sql.DataSource&lt;/res-type&gt;
            &lt;res-auth&gt;Container&lt;/res-auth&gt;
        &lt;/resource-ref&gt;
    
        &lt;session-config&gt;
            &lt;session-timeout&gt;60&lt;/session-timeout&gt;
        &lt;/session-config&gt;
    
    &lt;/web-app&gt;

My infraContext.xml is imported in another .xml file named applicationContext.xml :

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    &lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
           xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
           xmlns:jee=&quot;http://www.springframework.org/schema/jee&quot;
           xsi:schemaLocation=&quot;http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.1.xsd&quot;&gt;
    
        &lt;bean class=&quot;org.springframework.context.support.PropertySourcesPlaceholderConfigurer&quot;&gt;
            &lt;property name=&quot;environment&quot;&gt;
                &lt;bean class=&quot;org.springframework.web.context.support.StandardServletEnvironment&quot;/&gt;
            &lt;/property&gt;
        &lt;/bean&gt;
            
        &lt;import resource=&quot;classpath:securityContext.xml&quot;/&gt;
    
        [...]
        &lt;import resource=&quot;classpath:project/sins/persistenceContext.xml&quot;/&gt;
    
        &lt;import resource=&quot;classpath:project/sins/infraContext.xml&quot;/&gt;
    
    &lt;/beans&gt;

I am obviously missing something, but I can&#39;t figure out what.

Please let me know if you need more details, as it is my first question here, I&#39;ll try to answer as soon as I can :).

Could not resolve placeholder in string value

I&#39;m using Mockito&#39;s `@Mock` and `@InjectMocks` annotations to inject dependencies into private fields which are annotated with Spring&#39;s `@Autowired`:

    @RunWith(MockitoJUnitRunner.class)
    public class DemoTest {
        @Mock
        private SomeService service;
    
        @InjectMocks
        private Demo demo;
    
        /* ... */
    }

and

    public class Demo {
    
        @Autowired
        private SomeService service;
    
        /* ... */
    }

Now I would like to also inject **real** objects into private `@Autowired` fields (without setters). Is this possible or is the mechanism limited to injecting Mocks only?

Mockito: Inject real objects into private @Autowired fields

I have a spring-mvc project that is using spring-data-jpa for data access. I have a domain object called ``Travel`` which I want to allow the end-user to apply a number of filters to it.

For that, I&#39;ve implemented the following controller:

    @Autowired
    private TravelRepository travelRep;
    
    @RequestMapping(&quot;/search&quot;)  
    public ModelAndView search(
            @RequestParam(required= false, defaultValue=&quot;&quot;) String lastName, 
            Pageable pageable) {  
    	ModelAndView mav = new ModelAndView(&quot;travels/list&quot;);  
    	Page&lt;Travel&gt; travels  = travelRep.findByLastNameLike(&quot;%&quot;+lastName+&quot;%&quot;, pageable);
    	PageWrapper&lt;Travel&gt; page = new PageWrapper&lt;Travel&gt;(travels, &quot;/search&quot;);
    	mav.addObject(&quot;page&quot;, page);
    	mav.addObject(&quot;lastName&quot;, lastName);
    	return mav;
    }

This works fine: The user has a form with a ``lastName`` input box which can be used to filter the Travels. 

Beyond lastName, my ``Travel`` domain object has a lot more attributes by which I&#39;d like to filter. I think that if these attributes were all strings then I could add them as ``@RequestParam``s and add a spring-data-jpa method to query by these. For instance I&#39;d add a method ``findByLastNameLikeAndFirstNameLikeAndShipNameLike``.


However, I don&#39;t know how should I do it when I need to filter for foreign keys. So my ``Travel`` has a ``period`` attribute that is a foreign key to the ``Period`` domain object, which I need to have it as a dropdown for the user to select the ``Period``. 

What I want to do is when the period is null I want to retrieve all travels filtered by the lastName and when the period is not null I want to retrieve all travels for this period filtered by the lastName. 

I know that this can be done if I implement two methods in my repository and use an ``if`` to my controller:

    public ModelAndView search(
           @RequestParam(required= false, defaultValue=&quot;&quot;) String lastName,
           @RequestParam(required= false, defaultValue=null) Period period, 
           Pageable pageable) {  
      ModelAndView mav = new ModelAndView(&quot;travels/list&quot;);  
      Page travels = null;
      if(period==null) {
        travels  = travelRep.findByLastNameLike(&quot;%&quot;+lastName+&quot;%&quot;, pageable);
      } else {
        travels  = travelRep.findByPeriodAndLastNameLike(period,&quot;%&quot;+lastName+&quot;%&quot;, pageable);
      }
      mav.addObject(&quot;page&quot;, page);
      mav.addObject(&quot;period&quot;, period);
      mav.addObject(&quot;lastName&quot;, lastName);
      return mav;
    }

Is there a way to do this *without* using the ``if`` ? My Travel has not only the period but also other attributes that need to be filtered using dropdowns !! As you can understand, the complexity would be exponentially increased when I need to use more dropdowns because all the combinations&#39;d need to be considered :(

&lt;b&gt;Update 03/12/13&lt;/b&gt;: Continuing from M. Deinum&#39;s excelent answer, and after actually implementing it, I&#39;d like to provide some comments for completeness of the question/asnwer:

1. Instead of implementing ``JpaSpecificationExecutor`` you should implement ``JpaSpecificationExecutor&lt;Travel&gt;`` to avoid type check warnings.

2. Please take a look at kostja&#39;s excellent answer to this question 
https://stackoverflow.com/questions/11138118/really-dynamic-jpa-criteriabuilder
since you *will* need to implement this if you want to have correct filters.

3. The best documentation I was able to find for the Criteria API was http://www.ibm.com/developerworks/library/j-typesafejpa/. This is a rather long read but I totally recommend it - after reading it most of my questions for Root&lt;T&gt; and CriteriaBuilder were answered :)

4. Reusing the ``Travel`` object was not possible because it contained various other objects (who also contained other objects) which I needed to search for using ``Like`` - instead I used a ``TravelSearch`` object that contained the fields I needed to search for.

&lt;b&gt;Update 10/05/15&lt;/b&gt;: As per @priyank&#39;s request, here&#39;s how I implemented the TravelSearch object:

    public class TravelSearch {
    	private String lastName;
    	private School school;
    	private Period period;
    	private String companyName;
    	private TravelTypeEnum travelType;
    	private TravelStatusEnum travelStatus;
        // Setters + Getters
    }

This object was used by TravelSpecification (most of the code is domain specific but I&#39;m leaving it there as an example):

    public class TravelSpecification implements Specification&lt;Travel&gt; {
    	private TravelSearch criteria;
    	
    
        public TravelSpecification(TravelSearch ts) {
        	criteria= ts;
        }
    	
    	@Override
    	public Predicate toPredicate(Root&lt;Travel&gt; root, CriteriaQuery&lt;?&gt; query, 
                CriteriaBuilder cb) {
    		Join&lt;Travel, Candidacy&gt; o = root.join(Travel_.candidacy);
    		
    		Path&lt;Candidacy&gt; candidacy = root.get(Travel_.candidacy);
    		Path&lt;Student&gt; student = candidacy.get(Candidacy_.student);
    		Path&lt;String&gt; lastName = student.get(Student_.lastName);
    		Path&lt;School&gt; school = student.get(Student_.school);
    		
    		Path&lt;Period&gt; period = candidacy.get(Candidacy_.period);
    		Path&lt;TravelStatusEnum&gt; travelStatus = root.get(Travel_.travelStatus);
    		Path&lt;TravelTypeEnum&gt; travelType = root.get(Travel_.travelType);
    		
    		Path&lt;Company&gt; company = root.get(Travel_.company);
    		Path&lt;String&gt; companyName = company.get(Company_.name);
    		
    		final List&lt;Predicate&gt; predicates = new ArrayList&lt;Predicate&gt;();
    		if(criteria.getSchool()!=null) {
    			predicates.add(cb.equal(school, criteria.getSchool()));
    		}
    		if(criteria.getCompanyName()!=null) {
    			predicates.add(cb.like(companyName, &quot;%&quot;+criteria.getCompanyName()+&quot;%&quot;));
    		}
    		if(criteria.getPeriod()!=null) {
    			predicates.add(cb.equal(period, criteria.getPeriod()));
    		}
    		if(criteria.getTravelStatus()!=null) {
    			predicates.add(cb.equal(travelStatus, criteria.getTravelStatus()));
    		}
    		if(criteria.getTravelType()!=null) {
    			predicates.add(cb.equal(travelType, criteria.getTravelType()));
    		}
    		if(criteria.getLastName()!=null ) {
    			predicates.add(cb.like(lastName, &quot;%&quot;+criteria.getLastName()+&quot;%&quot;));
    		}
    		return cb.and(predicates.toArray(new Predicate[predicates.size()]));
    		
    	}
    }

Finally, here&#39;s my search method:

    @RequestMapping(&quot;/search&quot;)  
    public ModelAndView search(
    		@ModelAttribute TravelSearch travelSearch,
    		Pageable pageable) {  
    	ModelAndView mav = new ModelAndView(&quot;travels/list&quot;);  
    
    	TravelSpecification tspec = new TravelSpecification(travelSearch);
    		
    	Page&lt;Travel&gt; travels  = travelRep.findAll(tspec, pageable);
    		
    	PageWrapper&lt;Travel&gt; page = new PageWrapper&lt;Travel&gt;(travels, &quot;/search&quot;);
    		
    	mav.addObject(travelSearch);
    		
    	mav.addObject(&quot;page&quot;, page);
    	mav.addObject(&quot;schools&quot;, schoolRep.findAll() );
    	mav.addObject(&quot;periods&quot;, periodRep.findAll() );
    	mav.addObject(&quot;travelTypes&quot;, TravelTypeEnum.values());
    	mav.addObject(&quot;travelStatuses&quot;, TravelStatusEnum.values());
    	return mav;
    }

Hope I helped!

Filtering database rows with spring-data-jpa and spring-mvc

I&#39;ve started my project by creating entities, services and JUnit tests for services using Spring and Hibernate. All of this works great.
Then I&#39;ve added spring-mvc to make this web application using many different step-by-step tutorials, but when I&#39;m trying to make Controller with `@Autowired` annotation, I&#39;m getting errors from Glassfish during deployment. I guess that for some reason Spring doesn&#39;t see my services, but after many attempts I still can&#39;t handle it.

Tests for services with 

    @RunWith(SpringJUnit4ClassRunner.class)
    @ContextConfiguration(locations = {&quot;classpath:/beans.xml&quot;})

and

    @Autowired
    MailManager mailManager;

works properly.

Controllers without `@Autowired` too, I can open my project in web browser without trouble.

/src/main/resources/beans.xml

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    
    &lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
    	   xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot; xmlns:aop=&quot;http://www.springframework.org/schema/aop&quot;
    	   xmlns:context=&quot;http://www.springframework.org/schema/context&quot;
    	   xmlns:jdbc=&quot;http://www.springframework.org/schema/jdbc&quot; xmlns:tx=&quot;http://www.springframework.org/schema/tx&quot;
    	   xmlns:util=&quot;http://www.springframework.org/schema/util&quot;
    	   xsi:schemaLocation=&quot;http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    		http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
    		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    		http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd
    		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
    		http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
    		http://java.sun.com/xml/ns/persistence/orm http://java.sun.com/xml/ns/persistence/orm_2_0.xsd&quot;&gt;
    
    	&lt;context:property-placeholder location=&quot;jdbc.properties&quot; /&gt;
    	
    	&lt;context:component-scan base-package=&quot;pl.com.radzikowski.webmail&quot;&gt;
    		&lt;context:exclude-filter type=&quot;annotation&quot; expression=&quot;org.springframework.stereotype.Controller&quot; /&gt;
    	&lt;/context:component-scan&gt;
    	
    	&lt;!--&lt;context:component-scan base-package=&quot;pl.com.radzikowski.webmail.service&quot; /&gt;--&gt;
    	
    	&lt;bean id=&quot;dataSource&quot; class=&quot;org.apache.commons.dbcp.BasicDataSource&quot; destroy-method=&quot;close&quot;&gt;
    		&lt;property name=&quot;driverClassName&quot; value=&quot;${jdbc.driverClassName}&quot; /&gt;
    		&lt;property name=&quot;url&quot; value=&quot;${jdbc.url}&quot; /&gt;
    		&lt;property name=&quot;username&quot; value=&quot;${jdbc.username}&quot; /&gt;
    		&lt;property name=&quot;password&quot; value=&quot;${jdbc.password}&quot; /&gt;
    	&lt;/bean&gt;
    	
    	&lt;!-- Persistance Unit Manager for persistance options managing --&gt;
    	&lt;bean id=&quot;persistenceUnitManager&quot; class=&quot;org.springframework.orm.jpa.persistenceunit.DefaultPersistenceUnitManager&quot;&gt;
    		&lt;property name=&quot;defaultDataSource&quot; ref=&quot;dataSource&quot;/&gt;
    	&lt;/bean&gt;
    
    	&lt;!-- Entity Manager Factory for creating/updating DB schema based on persistence files and entity classes --&gt;
    	&lt;bean id=&quot;entityManagerFactory&quot; class=&quot;org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean&quot;&gt;
    		&lt;property name=&quot;persistenceUnitManager&quot; ref=&quot;persistenceUnitManager&quot;/&gt;
    		&lt;property name=&quot;persistenceUnitName&quot; value=&quot;WebMailPU&quot;/&gt;
    	&lt;/bean&gt;
    
    	&lt;!-- Hibernate Session Factory --&gt;
    	&lt;bean id=&quot;sessionFactory&quot; class=&quot;org.springframework.orm.hibernate4.LocalSessionFactoryBean&quot;&gt;
    		&lt;property name=&quot;dataSource&quot; ref=&quot;dataSource&quot;/&gt;
    		&lt;!--&lt;property name=&quot;schemaUpdate&quot; value=&quot;true&quot; /&gt;--&gt;
    		&lt;property name=&quot;packagesToScan&quot; value=&quot;pl.com.radzikowski.webmail.domain&quot; /&gt;
    		&lt;property name=&quot;hibernateProperties&quot;&gt;
    			&lt;props&gt;
    				&lt;prop key=&quot;hibernate.dialect&quot;&gt;org.hibernate.dialect.MySQLDialect&lt;/prop&gt;
    			&lt;/props&gt;
    		&lt;/property&gt;
    	&lt;/bean&gt;
    	
    	&lt;!-- Hibernate Transaction Manager --&gt;
    	&lt;bean id=&quot;txManager&quot; class=&quot;org.springframework.orm.hibernate4.HibernateTransactionManager&quot;&gt;
    		&lt;property name=&quot;sessionFactory&quot; ref=&quot;sessionFactory&quot;/&gt;
    	&lt;/bean&gt;
    	
    	&lt;!-- Activates annotation based transaction management --&gt;
    	&lt;tx:annotation-driven transaction-manager=&quot;txManager&quot;/&gt;
    
    &lt;/beans&gt;

/webapp/WEB-INF/web.xml

    &lt;web-app xmlns=&quot;http://java.sun.com/xml/ns/j2ee&quot; xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot; id=&quot;WebApp_ID&quot; version=&quot;2.4&quot; xsi:schemaLocation=&quot;http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd&quot;&gt;
    	&lt;display-name&gt;Spring Web MVC Application&lt;/display-name&gt;
    	&lt;servlet&gt;
    		&lt;servlet-name&gt;mvc-dispatcher&lt;/servlet-name&gt;
    		&lt;servlet-class&gt;org.springframework.web.servlet.DispatcherServlet&lt;/servlet-class&gt;
    		&lt;load-on-startup&gt;1&lt;/load-on-startup&gt;
    	&lt;/servlet&gt;
    	&lt;servlet-mapping&gt;
    		&lt;servlet-name&gt;mvc-dispatcher&lt;/servlet-name&gt;
    		&lt;url-pattern&gt;/&lt;/url-pattern&gt;
    	&lt;/servlet-mapping&gt;
    	&lt;context-param&gt;
    		&lt;param-name&gt;contextConfigLocation&lt;/param-name&gt;
    		&lt;param-value&gt;/WEB-INF/mvc-dispatcher-servlet.xml&lt;/param-value&gt;
    	&lt;/context-param&gt;
    	&lt;listener&gt;
    		&lt;listener-class&gt;org.springframework.web.context.ContextLoaderListener&lt;/listener-class&gt;
    	&lt;/listener&gt;
    &lt;/web-app&gt;

/webapp/WEB-INF/mvc-dispatcher-servlet.xml

    &lt;beans xmlns=&quot;http://www.springframework.org/schema/beans&quot;
    	   xmlns:context=&quot;http://www.springframework.org/schema/context&quot;
    	   xmlns:mvc=&quot;http://www.springframework.org/schema/mvc&quot;
    	   xmlns:xsi=&quot;http://www.w3.org/2001/XMLSchema-instance&quot;
    	   xsi:schemaLocation=&quot;http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
    		http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd&quot;&gt;
    	
    	&lt;context:component-scan base-package=&quot;pl.com.radzikowski.webmail&quot; use-default-filters=&quot;false&quot;&gt;
    		&lt;context:include-filter type=&quot;annotation&quot; expression=&quot;org.springframework.stereotype.Controller&quot; /&gt;
    	&lt;/context:component-scan&gt;
    	
    	&lt;mvc:annotation-driven/&gt;
    	
    	&lt;bean class=&quot;org.springframework.web.servlet.view.InternalResourceViewResolver&quot;&gt;
    		&lt;property name=&quot;prefix&quot; value=&quot;/WEB-INF/views/&quot; /&gt;
    		&lt;property name=&quot;suffix&quot; value=&quot;.jsp&quot; /&gt;
    	&lt;/bean&gt;
    	
    &lt;/beans&gt;

pl.com.radzikowski.webmail.service.AbstractManager

    package pl.com.radzikowski.webmail.service;
    
    import org.apache.log4j.Logger;
    import org.hibernate.SessionFactory;
    import org.springframework.beans.factory.annotation.Autowired;
    
    /**
     * Master Manager class providing basic fields for services.
     * @author Maciej Radzikowski &lt;maciej@radzikowski.com.pl&gt;
     */
    public class AbstractManager {
    
    	@Autowired
    	protected SessionFactory sessionFactory;
    
    	protected final Logger logger = Logger.getLogger(this.getClass());
    
    }

pl.com.radzikowski.webmail.service.MailManager

    package pl.com.radzikowski.webmail.service;
    
    import org.springframework.stereotype.Component;
    import org.springframework.transaction.annotation.Transactional;
    
    @Component
    @Transactional
    public class MailManager extends AbstractManager {
        // some methods...
    }

pl.com.radzikowski.webmail.HomeController

    package pl.com.radzikowski.webmail.controller;
    
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.stereotype.Controller;
    import org.springframework.ui.ModelMap;
    import org.springframework.web.bind.annotation.RequestMapping;
    import org.springframework.web.bind.annotation.RequestMethod;
    import pl.com.radzikowski.webmail.service.MailManager;
    
    @Controller
    @RequestMapping(&quot;/&quot;)
    public class HomeController {
    
    	@Autowired
    	public MailManager mailManager;
    
    	@RequestMapping(value = &quot;/&quot;, method = RequestMethod.GET)
    	public String homepage(ModelMap model) {
    		return &quot;homepage&quot;;
    	}
    
    }

Error:

&gt;    SEVERE:   Exception while loading the app\
&gt;    SEVERE:   Undeployment failed for context /WebMail\
&gt;    SEVERE:   Exception while loading the app : java.lang.IllegalStateException: ContainerBase.addChild: start: org.apache.catalina.LifecycleException: org.springframework.beans.factory.BeanCreationException: Error creating bean with name &#39;homeController&#39;: Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire field: public pl.com.radzikowski.webmail.service.MailManager pl.com.radzikowski.webmail.controller.HomeController.mailManager; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [pl.com.radzikowski.webmail.service.MailManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {@org.springframework.beans.factory.annotation.Autowired(required=true)}

Sorry for a lot of code, but I don&#39;t know what can cause that error anymore.

**Added**

I&#39;ve created the interface:

    @Component
    public interface IMailManager {

added implements:

    @Component
    @Transactional
    public class MailManager extends AbstractManager implements IMailManager {

and changed autowired:

    @Autowired
    public IMailManager mailManager;

But it still throws errors (also when I&#39;ve tried with `@Qualifier`)

&gt; ..Could not autowire field: public
&gt; pl.com.radzikowski.webmail.service.IMailManager
&gt; pl.com.radzikowski.webmail.controller.HomeController.mailManager...

I&#39;ve tried with different combinations of `@Component` and `@Transactional` too.

Shouldn&#39;t I include beans.xml in web.xml somehow?

@Autowired - No qualifying bean of type found for dependency

I am using Spring 3.0 and Spring Security 3. I am able to authenticate a user against a database using Spring Security. Using:

    SecurityContextHolder.getContext().getAuthentication().getPrincipal()

I am able to retrieve username of the current logged in user. I wish to add additional details like user id and the module accesses to the principal object stored in Spring Security context so that I can retrieve it later. How can I add additional details to the principal object and then how can I retrieve it later on a jsp or java class. Please provide an appropriate code snippet if possible.

Edit: I am using JDBC to access my database.

Thanks in advance.

Adding additional details to principal object stored in spring security context

After configuring Spring Security 3.2, `_csrf.token` is not bound to a request or a session object.

This is the spring security config:

	&lt;http pattern=&quot;/login.jsp&quot; security=&quot;none&quot;/&gt;

    &lt;http&gt;
    	&lt;intercept-url pattern=&quot;/**&quot; access=&quot;ROLE_USER&quot;/&gt;
        &lt;form-login login-page=&quot;/login.jsp&quot;
        			authentication-failure-url=&quot;/login.jsp?error=1&quot;
        			default-target-url=&quot;/index.jsp&quot;/&gt;
        &lt;logout/&gt;
        &lt;csrf /&gt;
    &lt;/http&gt;

    &lt;authentication-manager&gt;
    	&lt;authentication-provider&gt;
			&lt;user-service&gt;
		    	&lt;user name=&quot;test&quot; password=&quot;test&quot; authorities=&quot;ROLE_USER/&gt;
		  	&lt;/user-service&gt;
    	&lt;/authentication-provider&gt;
    &lt;/authentication-manager&gt;


The login.jsp file

    &lt;form name=&quot;f&quot; action=&quot;${contextPath}/j_spring_security_check&quot; method=&quot;post&quot; &gt;
        &lt;input type=&quot;hidden&quot; name=&quot;${_csrf.parameterName}&quot; value=&quot;${_csrf.token}&quot; /&gt;
        &lt;button id=&quot;ingresarButton&quot;
                name=&quot;submit&quot;
                type=&quot;submit&quot;
                class=&quot;right&quot;
                style=&quot;margin-right: 10px;&quot;&gt;Ingresar&lt;/button&gt;
        &lt;span&gt;
            &lt;label for=&quot;usuario&quot;&gt;Usuario :&lt;/label&gt;
            &lt;input type=&quot;text&quot; name=&quot;j_username&quot; id=&quot;u&quot; class=&quot;&quot; value=&#39;&#39;/&gt;
        &lt;/span&gt;
        &lt;span&gt;
            &lt;label for=&quot;clave&quot;&gt;Contrase&amp;ntilde;a :&lt;/label&gt;

            &lt;input type=&quot;password&quot;
                   name=&quot;j_password&quot;
                   id=&quot;p&quot;
                   class=&quot;&quot;
                   onfocus=&quot;vc_psfocus = 1;&quot;
                   value=&quot;&quot;&gt;
        &lt;/span&gt;
    &lt;/form&gt;

And it renders the next html:

    &lt;input type=&quot;hidden&quot; name=&quot;&quot; value=&quot;&quot; /&gt;

The result is 403 HTTP status:

    Invalid CSRF Token &#39;null&#39; was found on the request parameter &#39;_csrf&#39; or header &#39;X-CSRF-TOKEN&#39;.


**UPDATE**
After some debug, the request object gets out fine form DelegatingFilterProxy, but in the line 469 of CoyoteAdapter it executes request.recycle(); that erases all the attributes...

I test in Tomcat 6.0.36, 7.0.50 with JDK 1.7.

I have not understood this behavior, rather than, it would be possible if someone point me in the direction of some application sample war with Spring Security 3.2 that works with CSRF.

Invalid CSRF Token &#39;null&#39; was found on the request parameter &#39;_csrf&#39; or header &#39;X-CSRF-TOKEN&#39;

I&#39;m using Spring Security 3.2 and Spring 4.0.1

I&#39;m working on converting an xml config into a Java config. When I annotate `AuthenticationManager` with `@Autowired` in my Filter, I&#39;m getting an exception 

    Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.authentication.AuthenticationManager] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}

I&#39;ve tried injecting `AuthenticationManagerFactoryBean` but that also fails with a similar exception.



Here is the XML configuration I&#39;m working from

&lt;!-- language: xml --&gt;

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt; &lt;beans ...&gt;
        &lt;security:authentication-manager id=&quot;authenticationManager&quot;&gt;
            &lt;security:authentication-provider user-service-ref=&quot;userDao&quot;&gt;
                &lt;security:password-encoder ref=&quot;passwordEncoder&quot;/&gt;
            &lt;/security:authentication-provider&gt;
        &lt;/security:authentication-manager&gt;
    
        &lt;security:http
                realm=&quot;Protected API&quot;
                use-expressions=&quot;true&quot;
                auto-config=&quot;false&quot;
                create-session=&quot;stateless&quot;
                entry-point-ref=&quot;unauthorizedEntryPoint&quot;
                authentication-manager-ref=&quot;authenticationManager&quot;&gt;
            &lt;security:access-denied-handler ref=&quot;accessDeniedHandler&quot;/&gt;
            &lt;security:custom-filter ref=&quot;tokenAuthenticationProcessingFilter&quot; position=&quot;FORM_LOGIN_FILTER&quot;/&gt;
            &lt;security:custom-filter ref=&quot;tokenFilter&quot; position=&quot;REMEMBER_ME_FILTER&quot;/&gt;
            &lt;security:intercept-url method=&quot;GET&quot; pattern=&quot;/rest/news/**&quot; access=&quot;hasRole(&#39;user&#39;)&quot;/&gt;
            &lt;security:intercept-url method=&quot;PUT&quot; pattern=&quot;/rest/news/**&quot; access=&quot;hasRole(&#39;admin&#39;)&quot;/&gt;
            &lt;security:intercept-url method=&quot;POST&quot; pattern=&quot;/rest/news/**&quot; access=&quot;hasRole(&#39;admin&#39;)&quot;/&gt;
            &lt;security:intercept-url method=&quot;DELETE&quot; pattern=&quot;/rest/news/**&quot; access=&quot;hasRole(&#39;admin&#39;)&quot;/&gt;
        &lt;/security:http&gt;
    
        &lt;bean class=&quot;com.unsubcentral.security.TokenAuthenticationProcessingFilter&quot;
              id=&quot;tokenAuthenticationProcessingFilter&quot;&gt;
            &lt;constructor-arg value=&quot;/rest/user/authenticate&quot;/&gt;
            &lt;property name=&quot;authenticationManager&quot; ref=&quot;authenticationManager&quot;/&gt;
            &lt;property name=&quot;authenticationSuccessHandler&quot; ref=&quot;authenticationSuccessHandler&quot;/&gt;
            &lt;property name=&quot;authenticationFailureHandler&quot; ref=&quot;authenticationFailureHandler&quot;/&gt;
        &lt;/bean&gt;
    
    &lt;/beans&gt;

Here is the Java Config I&#39;m attempting

    @Configuration
    @EnableWebSecurity
    public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Autowired
        private UserDetailsService userDetailsService;
    
        @Autowired
        private PasswordEncoder passwordEncoder;
    
        @Autowired
        private AuthenticationEntryPoint authenticationEntryPoint;
    
        @Autowired
        private AccessDeniedHandler accessDeniedHandler;
    
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth
                    .userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
        }
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                    .sessionManagement()
                        .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                        .and()
                    .exceptionHandling()
                        .authenticationEntryPoint(authenticationEntryPoint)
                        .accessDeniedHandler(accessDeniedHandler)
                        .and();
            //TODO: Custom Filters
        }
    }

And this is the Custom Filter class. The line giving me trouble is the setter for AuthenticationManager

    @Component
    public class TokenAuthenticationProcessingFilter extends AbstractAuthenticationProcessingFilter {
    
    
        @Autowired
        public TokenAuthenticationProcessingFilter(@Value(&quot;/rest/useAuthenticationManagerr/authenticate&quot;) String defaultFilterProcessesUrl) {
            super(defaultFilterProcessesUrl);
        }
    
    
        @Override
        public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException {
          ...
        }
    
        private String obtainPassword(HttpServletRequest request) {
            return request.getParameter(&quot;password&quot;);
        }
    
        private String obtainUsername(HttpServletRequest request) {
            return request.getParameter(&quot;username&quot;);
        }
    
        @Autowired
        @Override
        public void setAuthenticationManager(AuthenticationManager authenticationManager) {
            super.setAuthenticationManager(authenticationManager);
        }
    
        @Autowired
        @Override
        public void setAuthenticationSuccessHandler(AuthenticationSuccessHandler successHandler) {
            super.setAuthenticationSuccessHandler(successHandler);
        }
    
        @Autowired
        @Override
        public void setAuthenticationFailureHandler(AuthenticationFailureHandler failureHandler) {
            super.setAuthenticationFailureHandler(failureHandler);
        }
    }

How To Inject AuthenticationManager using Java Configuration in a Custom Filter

Is it possible to disable Spring Security for a type of HTTP Method? 

We have a Spring REST application with services that require Authorization token to be attached in the header of http request. I am writing a JS client for it and using JQuery to send the GET/POST requests. The application is CORS enabled with this filter code.

    doFilter(....) {

	  HttpServletResponse httpResp = (HttpServletResponse) response;
	  httpResp.setHeader(&quot;Access-Control-Allow-Origin&quot;, &quot;*&quot;);
	  httpResp.setHeader(&quot;Access-Control-Allow-Methods&quot;, &quot;POST, GET, OPTIONS, DELETE&quot;);
	  httpResp.setHeader(&quot;Access-Control-Max-Age&quot;, &quot;3600&quot;);
	  Enumeration&lt;String&gt; headersEnum = ((HttpServletRequest) request).getHeaders(&quot;Access-Control-Request-Headers&quot;);
	  StringBuilder headers = new StringBuilder();
	  String delim = &quot;&quot;;
	  while (headersEnum.hasMoreElements()) {
	    headers.append(delim).append(headersEnum.nextElement());
		delim = &quot;, &quot;;
	  }
	  httpResp.setHeader(&quot;Access-Control-Allow-Headers&quot;, headers.toString());
    }

But when JQuery sends in the OPTIONS request for CORS, the server responds with Authorization Failed token. Clearly the OPTIONS request, lacks Authorization token. So is it possible to let the OPTIONS escape the Security Layer from the Spring Security Configuration?

Disable Spring Security for OPTIONS Http Method

I have spring web application with Spring security configured using java config approach. I want to exclude some URL patterns from authentication(eg: static resources etc..). I have done this earlier with spring security xml config but couldn&#39;t figure out with java config as adding antmatchers doesn&#39;t help.

Following is my code added in security config class extending WebSecurityConfigurerAdapter

    @Override
	public void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests()
				.antMatchers(&quot;/authFailure&quot;)
				.permitAll()
				.anyRequest()
				.authenticated()
				.and()
				.httpBasic()
				.and()
				.authenticationProvider(_provider)
				.sessionManagement()
				.sessionCreationPolicy(SessionCreationPolicy.STATELESS)
				.and()
				.addFilter(authFilter())
				.addFilterAfter(executionContextFilter(),
						TokenBasedSecurityFilter.class).csrf().disable();
	}

The spring security version that I use is 3.2.0. Thanks in advance for helping

&lt;b&gt;Edit:&lt;/b&gt;

The stacktrace that I got while hitting the excluded URL,

    org.springframework.security.authentication.AuthenticationServiceException: Authorization Header is not available in the request
    	at com.inventory.ricemill.tba.spring.TokenBasedSecurityFilter.doFilter(TokenBasedSecurityFilter.java:59)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
    	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
    	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
    	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    	at java.lang.Thread.run(Thread.java:744)
    
    Apr 01, 2014 10:18:41 PM org.apache.catalina.core.StandardWrapperValve invoke
    SEVERE: Servlet.service() for servlet [Inventory] in context with path [/ricemill] threw exception [Request processing failed; nested exception is org.springframework.security.authentication.AuthenticationServiceException: Authorization Header is not available in the request] with root cause
    org.springframework.security.authentication.AuthenticationServiceException: Authorization Header is not available in the request
    	at com.inventory.ricemill.tba.spring.TokenBasedSecurityFilter.doFilter(TokenBasedSecurityFilter.java:59)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
    	at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    	at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    	at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    	at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    	at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:343)
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:260)
    	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    	at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
    	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:100)
    	at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
    	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1041)
    	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:603)
    	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:310)
    	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    	at java.lang.Thread.run(Thread.java:744)


The request goes through the filters registered in spring security filter chain, while it shouldn&#39;t as the request is ignored with antmatcher

Spring Security exclude url patterns in security annotation configurartion

Following the release of Spring Security 4 and it&#39;s [improved support for testing](http://docs.spring.io/spring-security/site/docs/4.0.x/reference/htmlsingle/#test) I&#39;ve wanted to update my current Spring security oauth2 resource server tests.

At present I have a helper class that sets up a `OAuth2RestTemplate` using `ResourceOwnerPasswordResourceDetails` with a test `ClientId` connecting to an actual `AccessTokenUri` to requests a valid token for my tests. This resttemplate is then used to make requests in my `@WebIntegrationTest`s.

I&#39;d like to drop the dependency on the actual AuthorizationServer, and the use of valid (if limited) user credentials in my tests, by taking advantage of the new testing support in Spring Security 4.

Up to now all my attempts at using `@WithMockUser`, `@WithSecurityContext`, `SecurityMockMvcConfigurers.springSecurity()` &amp; `SecurityMockMvcRequestPostProcessors.*` have failed to make authenticated calls through `MockMvc`, and I can not find any such working examples in the Spring example projects.

Can anyone help me test my oauth2 resource server with some kind of mocked credentials, while still testing the security restrictions imposed?

** **EDIT** **
Sample code available here: https://github.com/timtebeek/resource-server-testing
For each of the test classes I understand why it won&#39;t work as it, but I&#39;m looking for ways that would allow me to test the security setup easily.

I&#39;m now thinking of creating a very permissive OAuthServer under `src/test/java`, which might help a bit. Does anyone have any other suggestions?

How to test spring-security-oauth2 resource server security?

I am using Spring Security OAuth2 and JWT tokens. My question is: How can I revoke a JWT token?

As mentioned here 
http://projects.spring.io/spring-security-oauth/docs/oauth2.html, revocation is done by refresh token. But it does not seem to work. 



How can I revoke a JWT token?

I am implementing spring security with oauth2 and jwt.
the below is my login function

    function doLogin(loginData) {
    	
    	$.ajax({
    		url :  back+&quot;/auth/secret&quot;,
    		type : &quot;POST&quot;,
    		data : JSON.stringify(loginData),
    		contentType : &quot;application/json; charset=utf-8&quot;,
    		dataType : &quot;json&quot;,
    		async : false,
    		success : function(data, textStatus, jqXHR) {
    			
    			setJwtToken(data.token);
    			
    
    		},
    		error : function(jqXHR, textStatus, errorThrown) {
    			alert(&quot;an unexpected error occured: &quot; + errorThrown);
    			window.location.href= back+&#39;/login_page.html&#39;;
    		}
    	});
    }

And down I have the Controller

     @RequestMapping(value = &quot;auth/secret&quot;, method = RequestMethod.POST)
        public ResponseEntity&lt;?&gt; createAuthenticationToken(@RequestBody JwtAuthenticationRequest authenticationRequest, Device device) throws AuthenticationException {
            System.out.println();
        	logger.info(&quot;authentication request : &quot; + authenticationRequest.getUsername() + &quot; &quot; + authenticationRequest.getPassword());
            // Perform the security
        	 System.out.println( authenticationRequest.getUsername()+&quot;is the username and &quot;+authenticationRequest.getPassword());
            final Authentication authentication = authenticationManager.authenticate(
                    new UsernamePasswordAuthenticationToken(
                            authenticationRequest.getUsername(),
                            authenticationRequest.getPassword()
                            
                    		
                    		)
                    
                    
            );
            SecurityContextHolder.getContext().setAuthentication(authentication);
    
        	logger.info(&quot;authentication passed&quot;);
    
            // Reload password post-security so we can generate token
            final UserDetails userDetails = userDetailsService.loadUserByUsername(authenticationRequest.getUsername());
            final String token = jwtTokenUtil.generateToken(userDetails, device);
            logger.info(&quot;token &quot; + token);
    
            // Return the token
            return ResponseEntity.ok(new JwtAuthenticationResponse(token));
        }

But when I try the post request with the postman it shows me 

    {
      &quot;timestamp&quot;: 1488973010828,
      &quot;status&quot;: 415,
      &quot;error&quot;: &quot;Unsupported Media Type&quot;,
      &quot;exception&quot;: &quot;org.springframework.web.HttpMediaTypeNotSupportedException&quot;,
      &quot;message&quot;: &quot;Content type &#39;multipart/form-data;boundary=----WebKitFormBoundaryY4KgeeQ9ONtKpvkQ;charset=UTF-8&#39; not supported&quot;,
      &quot;path&quot;: &quot;/TaxiVis/auth/secret&quot;
    }

But when I do  `cosole.log(data)` in the ajax call it prints the token?I could not figure out what is wrong.Any help is appreciated. 

Unsupported Media Type in postman

I am migrating from Spring Boot 1.4.9 to Spring Boot 2.0 and also to Spring Security 5 and I am trying to do authenticate via OAuth 2. But I am getting this error: 

&gt; java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id &quot;null 

From the documentation of [Spring Security 5][1], I get to know that
storage format for password is changed.

In my current code I have created my password encoder bean as:

&lt;!-- language: java --&gt;

    @Bean
    public BCryptPasswordEncoder passwordEncoder() {
    	return new BCryptPasswordEncoder();
    }

However it was giving me below error: 

&gt; **Encoded password does not look like BCrypt**


So I update the encoder as per the [Spring Security 5][1] document to:

&lt;!-- language: java --&gt;

    @Bean
    public PasswordEncoder passwordEncoder() {
     	return PasswordEncoderFactories.createDelegatingPasswordEncoder();
    }

Now if I can see password in database it is storing as 

    {bcrypt}$2a$10$LoV/3z36G86x6Gn101aekuz3q9d7yfBp3jFn7dzNN/AL5630FyUQ

With that 1st error gone and now when I am trying to do authentication I am getting below error:

&gt; java.lang.IllegalArgumentException: There is no PasswordEncoder mapped for the id &quot;null

To solve this issue I tried all the below questions from Stackoverflow:

- https://stackoverflow.com/questions/46999940/spring-boot-passwordencoder-error?noredirect=1&amp;lq=1

- https://stackoverflow.com/questions/26013251/spring-oauth2-password-encoder-is-not-set-in-daoauthenticationprovider 

Here is a question similar to mine but not answerd:

- https://stackoverflow.com/questions/49236707/spring-security-5-password-migration

  [1]: https://spring.io/blog/2017/11/01/spring-security-5-0-0-rc1-released#password-encoding

NOTE: I am already storing encrypted password in database so no need to encode again in `UserDetailsService`.

In the [Spring security 5][1] documentation they suggested you can handle this exception using:

&gt;  
   DelegatingPasswordEncoder.setDefaultPasswordEncoderForMatches(PasswordEncoder)

If this is the fix then where should I put it? I have tried to put it in `PasswordEncoder` bean like below but it wasn&#39;t working: 

&lt;!--language: java --&gt;

    DelegatingPasswordEncoder def = new DelegatingPasswordEncoder(idForEncode, encoders);
	def.setDefaultPasswordEncoderForMatches(passwordEncoder);


**MyWebSecurity class**

&lt;!-- language: java --&gt;

    @Configuration
    @EnableWebSecurity
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    
        @Autowired
        private UserDetailsService userDetailsService;
        
        @Bean
        public PasswordEncoder passwordEncoder() {
        	return PasswordEncoderFactories.createDelegatingPasswordEncoder();
        }
    
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
        }
    
        @Override
        public void configure(WebSecurity web) throws Exception {
    
            web
                    .ignoring()
                    .antMatchers(HttpMethod.OPTIONS)
                    .antMatchers(&quot;/api/user/add&quot;);
        }
    
        @Override
        @Bean
        public AuthenticationManager authenticationManagerBean() throws Exception {
            return super.authenticationManagerBean();
        }
    }

**MyOauth2 Configuration**

&lt;!-- language: java --&gt;

    @Configuration
    @EnableAuthorizationServer
    protected static class AuthorizationServerConfiguration extends AuthorizationServerConfigurerAdapter {
    
        @Bean
        public TokenStore tokenStore() {
            return new InMemoryTokenStore();
        }
    
        @Autowired
        @Qualifier(&quot;authenticationManagerBean&quot;)
        private AuthenticationManager authenticationManager;
    
        
        @Bean
        public TokenEnhancer tokenEnhancer() {
            return new CustomTokenEnhancer();
        }
        
        @Bean
        public DefaultAccessTokenConverter accessTokenConverter() {
            return new DefaultAccessTokenConverter();
        }
        
        @Override
        public void configure(AuthorizationServerEndpointsConfigurer endpoints)
                throws Exception {
            endpoints
                    .tokenStore(tokenStore())
                    .tokenEnhancer(tokenEnhancer())
                    .accessTokenConverter(accessTokenConverter())
                    .authenticationManager(authenticationManager);
        }
        
        @Override
        public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
            clients
                    .inMemory()
                    .withClient(&quot;test&quot;)
                    .scopes(&quot;read&quot;, &quot;write&quot;)
                    .authorities(Roles.ADMIN.name(), Roles.USER.name())
                    .authorizedGrantTypes(&quot;password&quot;, &quot;refresh_token&quot;)
                    .secret(&quot;secret&quot;)
                    .accessTokenValiditySeconds(1800);
        }
    }

Please guide me with this issue. I have spend hours to fix this but not able to fix.


How to do rest authentication with Spring Social?

Spring Problem Overview

Spring Solutions

How can I describe all tables in the database through one statement?

Python multiprocessing's Pool process limit

Attributions