I believe that the problem is in the **order** of your rules:

    .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
    .antMatchers(&quot;/admin/login&quot;).permitAll()

The order of the rules matters and the more specific rules should go first. Now everything that starts with `/admin` will require authenticated user with ADMIN role, even the `/admin/login` path (because `/admin/login` is already matched by the `/admin/**` rule and therefore the second rule is ignored).

The rule for the login page should therefore go before the `/admin/**` rule.  E.G.

    .antMatchers(&quot;/admin/login&quot;).permitAll()
    .antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)

I&#39;m using basic RecyclerView with GridLayoutManager. I observed that nor smoothScrollToPosition nor scrollToPosition works properly.

a) when using `smoothScrollToPosition` I often receive error from `RecyclerView` 

&gt; &quot;RecyclerView﹕ Passed over target position while smooth scrolling.&quot;

 and `RecyclerView` is not scrolled properly (often it misses the targeted row). This is observed mostly when I&#39;m trying to scroll to the 1st item of some row

b) when using `scrollToPosition` it seems to work quite ok but most of the time I can see only the 1st item of the row and the rest are not displayed.

Can you give me some hints how to make work properly at least one of the methods?

Thanks a lot!

(Smooth)ScrollToPosition doesn&#39;t work properly with RecyclerView

I&#39;m working with a responsive theme. And I&#39;m facing the input form problem here. In the desktop view, the input will not have placeholder but have label. 

However, when it comes to the mobile view, I will hide this input label and change this label with placeholder.



    

    &lt;input name=&quot;name&quot; type=&quot;text&quot; placehoder=&quot;insert your name&quot;&gt; 

My real question is so simple here. How to hide this placeholder with css? 


Thanks in advance!

hide placeholder with css

I work on content management system, that has five *antMatchers* like the following:

    http.authorizeRequests()
			.antMatchers(&quot;/&quot;, &quot;/*.html&quot;).permitAll()
			.antMatchers(&quot;/user/**&quot;).hasRole(&quot;USER&quot;)
			.antMatchers(&quot;/admin/**&quot;).hasRole(&quot;ADMIN&quot;)
			.antMatchers(&quot;/admin/login&quot;).permitAll()
			.antMatchers(&quot;/user/login&quot;).permitAll()
			.anyRequest().authenticated()
			.and()
        	.csrf().disable();

which suppose to mean that the visitors can see all site at root path (/*), and users can see only (/user), admin can see only (/admin), and there are two login pages one for users and another for admin.

The code seems to work fine, except the admin section - it doesn&#39;t work but  return access denied exception.


Multiple antMatchers in Spring security

I work on content management system, that has five antMatchers like the following:
<pre><code class="hljs language-scss">http.authorizeRequests()
		.antMatchers("/", "/*.html").permitAll()
		.antMatchers("/user/**").hasRole("USER")
		.antMatchers("/admin/**").hasRole("ADMIN")
		.antMatchers("/admin/login").permitAll()
		.antMatchers("/user/login").permitAll()
		.anyRequest().authenticated()
		.and()
 	.csrf().disable();
</code></pre>
which suppose to mean that the visitors can see all site at root path (/*), and users can see only (/user), admin can see only (/admin), and there are two login pages one for users and another for admin.
The code seems to work fine, except the admin section - it doesn't work but return access denied exception.

I am trying to build a springboot project I built with Spring Tools Suite.  I get the following error when I execute `$mvn spring-boot:run`

    Downloading: https://repo.maven.apache.org/maven2/org/codehaus/mojo/maven-metadata.xml
    Downloading: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-metadata.xml
    Downloaded: https://repo.maven.apache.org/maven2/org/apache/maven/plugins/maven-metadata.xml (13 KB at 14.0 KB/sec)
    Downloaded: https://repo.maven.apache.org/maven2/org/codehaus/mojo/maven-metadata.xml (20 KB at 21.8 KB/sec)
    [INFO] ------------------------------------------------------------------------
    [INFO] BUILD FAILURE
    [INFO] ------------------------------------------------------------------------
    [INFO] Total time: 2.032 s
    [INFO] Finished at: 2015-06-15T17:46:50-04:00
    [INFO] Final Memory: 11M/123M
    [INFO] ------------------------------------------------------------------------
    [ERROR] No plugin found for prefix &#39;spring-boot&#39; in the current project and in the plugin groups [org.apache.maven.plugins, org.codehaus.mojo] available from the repositories [local (/Users/admin/.m2/repository), central (https://repo.maven.apache.org/maven2)] -&gt; [Help 1]
    [ERROR] 
    [ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
    [ERROR] Re-run Maven using the -X switch to enable full debug logging.
    [ERROR] 
    [ERROR] For more information about the errors and possible solutions, please read the following articles:
    [ERROR] [Help 1]     http://cwiki.apache.org/confluence/display/MAVEN/NoPluginFoundForPrefixException`
       

Heres my pom.xml plugin

        &lt;build&gt;
        &lt;plugins&gt;
            &lt;plugin&gt;
                &lt;groupId&gt;org.springframework.boot&lt;/groupId&gt;
                &lt;artifactId&gt;spring-boot-maven-plugin&lt;/artifactId&gt;
                &lt;configuration&gt;
                	&lt;arguments&gt;
                		&lt;argument&gt;--spring.profiles.active=dev&lt;/argument&gt;
                	&lt;/arguments&gt;
                &lt;/configuration&gt;
            &lt;/plugin&gt;
        &lt;/plugins&gt;
    &lt;/build&gt;

I tried the jhipster plugin above and no change in the error.

Maven- No plugin found for prefix &#39;spring-boot&#39; in the current project and in the plugin groups

Background
==========

I am in the process of setting up a RESTful web application using Spring Boot (1.3.0.BUILD-SNAPSHOT) that includes a STOMP/SockJS WebSocket, which I intend to consume from an iOS app as well as web browsers. I want to use [JSON Web Tokens][1] (JWT) to secure the REST requests and the WebSocket interface but I’m having difficulty with the latter.

The app is secured with Spring Security:-

    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
        
        public WebSecurityConfiguration() {
            super(true);
        }
        
        @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth.inMemoryAuthentication()
                    .withUser(&quot;steve&quot;).password(&quot;steve&quot;).roles(&quot;USER&quot;);
        }
      
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http
                .exceptionHandling().and()
                .anonymous().and()
                .servletApi().and()
                .headers().cacheControl().and().and()
                
                // Relax CSRF on the WebSocket due to needing direct access from apps
                .csrf().ignoringAntMatchers(&quot;/ws/**&quot;).and()
                    
                .authorizeRequests()
    
                //allow anonymous resource requests
                .antMatchers(&quot;/&quot;, &quot;/index.html&quot;).permitAll()
                .antMatchers(&quot;/resources/**&quot;).permitAll()
    
                //allow anonymous POSTs to JWT
                .antMatchers(HttpMethod.POST, &quot;/rest/jwt/token&quot;).permitAll()

                // Allow anonymous access to websocket 
                .antMatchers(&quot;/ws/**&quot;).permitAll()
                    
                //all other request need to be authenticated
                .anyRequest().hasRole(&quot;USER&quot;).and()
    
                // Custom authentication on requests to /rest/jwt/token
                .addFilterBefore(new JWTLoginFilter(&quot;/rest/jwt/token&quot;, authenticationManagerBean()), UsernamePasswordAuthenticationFilter.class)
    
                // Custom JWT based authentication
                .addFilterBefore(new JWTTokenFilter(), UsernamePasswordAuthenticationFilter.class);
        }
    
    }

The WebSocket configuration is standard:-

    @Configuration
    @EnableScheduling
    @EnableWebSocketMessageBroker
    public class WebSocketConfiguration extends AbstractWebSocketMessageBrokerConfigurer {
    
        @Override
        public void configureMessageBroker(MessageBrokerRegistry config) {
            config.enableSimpleBroker(&quot;/topic&quot;);
            config.setApplicationDestinationPrefixes(&quot;/app&quot;);
        }
    
        @Override
        public void registerStompEndpoints(StompEndpointRegistry registry) {
            registry.addEndpoint(&quot;/ws&quot;).withSockJS();
        }

    }

I also have a subclass of `AbstractSecurityWebSocketMessageBrokerConfigurer` to secure the WebSocket:-

    @Configuration
    public class WebSocketSecurityConfiguration extends AbstractSecurityWebSocketMessageBrokerConfigurer {

        @Override
        protected void configureInbound(MessageSecurityMetadataSourceRegistry messages) {
            messages.anyMessage().hasRole(&quot;USER&quot;);
        }

        @Override
        protected boolean sameOriginDisabled() {
            // We need to access this directly from apps, so can&#39;t do cross-site checks
            return true;
        }
        
    }

There is also a couple of `@RestController` annotated classes to handle various bits of functionality and these are secured successfully via the `JWTTokenFilter` registered in my `WebSecurityConfiguration` class.

Problem
=======

However I can&#39;t seem to get the WebSocket to be secured with JWT. I am using [SockJS 1.1.0][2] and [STOMP 1.7.1][3] in the browser and can&#39;t figure out how to pass the token. It [would appear that][4] SockJS does not allow parameters to be sent with the initial `/info` and/or handshake requests.

The [Spring Security for WebSockets documentation states][5] that the `AbstractSecurityWebSocketMessageBrokerConfigurer` ensures that:

&gt; Any inbound CONNECT message requires a valid CSRF token to enforce Same Origin Policy

Which seems to imply that the initial handshake should be unsecured and authentication invoked at the point of receiving a STOMP CONNECT message. Unfortunately I can&#39;t seem to find any information with regards to implementing this. Additionally this approach would require additional logic to disconnect a rogue client that opens a WebSocket connection and never sends a STOMP CONNECT.

Being (very) new to Spring I&#39;m also not sure if or how Spring Sessions fits into this. While the documentation is very detailed there doesn&#39;t appear to a nice and simple (aka idiots) guide to how the various components fit together / interact with each other.

Question
========

How do I go about securing the SockJS WebSocket by providing a JSON Web Token, preferably at the point of handshake (is it even possible)?



[1]: http://jwt.io
[2]: https://github.com/sockjs/sockjs-client/releases/tag/v1.0.0
[3]: https://raw.githubusercontent.com/jmesnil/stomp-websocket/master/lib/stomp.js
[4]: https://github.com/sockjs/sockjs-client/issues/196
[5]: http://docs.spring.io/autorepo/docs/spring-security/4.0.x/reference/html/websocket.html

JSON Web Token (JWT) with Spring based SockJS / STOMP Web Socket

I&#39;m trying to get a cron job working within a legacy Java/Spring/Hibernate project, so I decided to use the spring scheduler.

I want myTask.doStuff to run at 12:00 on the first Sunday of every month. 

In my application-context.xml I&#39;ve configured my task scheduler like: 

    &lt;task:scheduled-tasks scheduler=&quot;MyTaskScheduler&quot;&gt;
		&lt;task:scheduled ref=&quot;myTask&quot; method=&quot;doStuff&quot; cron=&quot;0 0 12 ? 1/1 SUN#1 *&quot;/&gt; &lt;!-- Every first Sundy of the month --&gt;
	&lt;/task:scheduled-tasks&gt;

	&lt;task:scheduler id=&quot;MyTaskScheduler&quot; pool-size=&quot;10&quot;/&gt;

with the problem cron expression itself being the: **0 0 12 ? 1/1 SUN#1 ***

and &lt;code&gt;myTask&lt;/code&gt; is a bean, which has a method called &lt;code&gt;doStuff&lt;/code&gt; that works perfectly when run from unit tests. 


When I build and deploy I get a bootime exception from spring: 

    Caused by: java.lang.IllegalArgumentException: cron expression must consist of 6 fields (found 7 in 0 0 12 ? 1/1 SUN#1 *)
	at org.springframework.scheduling.support.CronSequenceGenerator.parse(CronSequenceGenerator.java:233)
	at org.springframework.scheduling.support.CronSequenceGenerator.&lt;init&gt;(CronSequenceGenerator.java:81)
	at org.springframework.scheduling.support.CronTrigger.&lt;init&gt;(CronTrigger.java:54)
	at org.springframework.scheduling.support.CronTrigger.&lt;init&gt;(CronTrigger.java:44)
	at org.springframework.scheduling.config.ScheduledTaskRegistrar.afterPropertiesSet(ScheduledTaskRegistrar.java:129)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1477)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1417)


Given that i&#39;m using cron expressions for the first time, my first assumption was that I was doing something wrong, but I double checked using [cronmaker](http://www.cronmaker.com/) and it gave me the same result. 

All the documentations says: A cron expression is a string consisting of six or seven subexpressions (fields).[1](http://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm)

despite this I tried knocking off the 7th element(year) since it&#39;s not in any of the examples, and got a different error message: 

    org.springframework.beans.factory.BeanCreationException: Error creating bean with name &#39;org.springframework.scheduling.config.ScheduledTaskRegistrar#0&#39;: Invocation of init method failed; nested exception is java.lang.NumberFormatException: For input string: &quot;0#1&quot;

... does org.springframework.scheduling support a different flavor of cron from everything else? [the spring-specific documentation](http://docs.spring.io/spring/docs/current/spring-framework-reference/html/scheduling.html) just says &#39;cron expressions&#39;. 

**How can I get this cron expression to work as expected in this context? Any help at all would be appreciated.**

At the moment my solution would be to simplify this expression to just run every Sunday, and prepend some Java logic to calculate which Sunday of the month it is, and see if that works - but that sort of defeats the purpose of the configuration approach and seems like an antipattern. 

Spring cron vs normal cron?

My question is essentially a follow-up to [this][1] question.

    @RestController
    public class TestController
    {
        @RequestMapping(&quot;/getString&quot;)
        public String getString()
        {
            return &quot;Hello World&quot;;
        }
    }

In the above, Spring would add &quot;Hello World&quot; into the response body. How can I return a String as a JSON response?  I understand that I could add quotes, but that feels more like a hack.

Please provide any examples to help explain this concept.

&gt; **Note:** I don&#39;t want this written straight to the HTTP Response body, I want to return the String in JSON format (I&#39;m using my Controller
&gt; with [RestyGWT][2] which requires the response to be in valid JSON
&gt; format).


  [1]: https://stackoverflow.com/questions/23581619/simple-string-as-json-return-value-in-spring-rest-controller
  [2]: https://resty-gwt.github.io/

Spring MVC - How to return simple String as JSON in Rest Controller

Spring boot have some properties to config web port and SSL settings, but once a SSL certificate is set the http port turns into https port.

So, how can I keep both ports running on it, for example: 80 an 443 at the same time? 

As you can see, there only properties for one port, in this case &quot;server.ssl&quot; is enabled, what makes http port be disabled automatically.

    ##############
    ### Server ###
    ##############
    server.port=9043
    server.session-timeout=1800
    server.ssl.key-store=file:///C:/Temp/config/localhost.jks
    server.ssl.key-store-password=localhost
    server.ssl.key-password=localhost
    server.ssl.trust-store=file:///C:/Temp/config/localhost.jks
    server.ssl.trust-store-password=localhost

I am trying to use even Tomcat or Undertow. I&#39;d appreciate any help!

How set up Spring Boot to run HTTPS / HTTP ports

I want to make my RESTful API very predictable. What is the best practice for deciding when to make a segmentation of data using the URI rather than by using query params.

It makes sense to me that system parameters that support pagination, sorting, and grouping be after the &#39;?&#39; But what about fields like &#39;status&#39; and &#39;region&#39; or other attributes that segment your collection? If those are to be query params as well, what is the rule of thumb on knowing when to use path params? 




When do I use path params vs. query params in a RESTful API?

What is the right way to add HttpRequest interceptors in spring boot application? What I want to do is log requests and responses for every http request.

Spring boot documentation does not cover this topic at all. (http://docs.spring.io/spring-boot/docs/current/reference/htmlsingle/)

I found some web samples on how to do the same with older versions of spring, but those work with applicationcontext.xml. Please help.

Spring Boot Adding Http Request Interceptors

I used maven to do the tutorial https://spring.io/guides/gs/uploading-files/  
All the codes I used was copied.

The Application can run, but I get the error:


&gt;Whitelabel Error Page This application has no explicit mapping for /error, so you are seeing this as a fallback. 
Tue Jun 30 17:24:02 CST 2015 There was an unexpected error (type=Not Found, status=404). 
No message available

How can I fix it?



This application has no explicit mapping for /error

I am setting up Spring Security to handle logging users in. I have logged in as a user, and am taken to an Access Denied error page upon successful login. I don&#39;t know what roles my user has actually been assigned, or the rule that causes access to be denied, because I can&#39;t figure out how to enable debugging for the Spring Security library.

My security xml:

&lt;!-- language: lang-xml --&gt;

    &lt;?xml version=&quot;1.0&quot; encoding=&quot;UTF-8&quot;?&gt;
    &lt;beans ... &gt;
        &lt;!-- security --&gt;
    	
    	&lt;security:debug/&gt;&lt;!-- doesn&#39;t seem to be working --&gt;
    	
    	&lt;security:http auto-config=&quot;true&quot;&gt;
    		
    		&lt;security:intercept-url pattern=&quot;/Admin**&quot; access=&quot;hasRole(&#39;PROGRAMMER&#39;) or hasRole(&#39;ADMIN&#39;)&quot;/&gt;
    		&lt;security:form-login login-page=&quot;/Load.do&quot;
    			default-target-url=&quot;/Admin.do?m=loadAdminMain&quot;
    			authentication-failure-url=&quot;/Load.do?error=true&quot;
    			username-parameter=&quot;j_username&quot;
    			password-parameter=&quot;j_password&quot;
    			login-processing-url=&quot;/j_spring_security_check&quot;/&gt;
    		&lt;security:csrf/&gt;&lt;!-- enable Cross Site Request Forgery protection --&gt;
    	&lt;/security:http&gt;
    	
    	&lt;security:authentication-manager&gt;
    		&lt;security:authentication-provider&gt;
    			&lt;security:jdbc-user-service data-source-ref=&quot;loginDataSource&quot;
    				users-by-username-query=&quot;SELECT username, password, active FROM userinformation WHERE username = ?&quot;
    				authorities-by-username-query=&quot;
    					SELECT ui.username, r.rolename 
    					FROM role r, userrole ur, userinformation ui 
    					WHERE ui.username=? 
    					AND ui.userinformationid = ur.userinformationid 
    					AND ur.roleid = r.roleid &quot;
    			/&gt;
    			&lt;security:password-encoder hash=&quot;md5&quot;/&gt;
    		&lt;/security:authentication-provider&gt;
    	&lt;/security:authentication-manager&gt;
    &lt;/beans&gt;

I&#39;ve also tried adding `log4j.logger.org.springframework.security=DEBUG` to my log4j.properties

How can I get debug output for Spring Security?

How do I enable logging for Spring Security?

As far as I can understand when you want custom authentication in Spring Security you can either implement a custom `AuthenticationProvider` or custom `UserDetailsService`.

    @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
            auth	
                //.authenticationProvider(authProvider)  // option 1
                .userDetailsService(userDetailsService); // option 2
    
        }


In the AuthenticationProvider you can check the username and password and return `Authentication` with your custom object in it. 


    public Authentication authenticate(Authentication authentication){
            if (checkUsernameAndPassword(authentication)) {
                CustomUserDetails userDetails = new CustomUserDetails();
                //add whatever you want to the custom user details object
                return new UsernamePasswordAuthenticationToken(userDetails, password, grantedAuths);
            } else {
                throw new BadCredentialsException(&quot;Unable to auth against third party systems&quot;);
            }
        }


In the `UserDetailsService` you get only the username and when you return the custom UserDeatails, the framework performs a check on the password.

	

    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    		CustomUserDetails user = new CustomUserDetails();
    		//add whatever you want to the custom user details object
    		return user;
    	}


Looks like both can produce similar results. So the question is what is the difference? When to user one vs the other? 

Spring Security Custom Authentication - AuthenticationProvider vs UserDetailsService

I&#39;m trying to add spring-security to my rest app.
I followed the tutorial (https://spring.io/guides/tutorials/spring-security-and-angular-js/) on spring website to do it but there it uses spring-boot component which I don&#39;t want to use, maybe problem is here.

My security configuration is here:

    @Configuration
    @Order(2147483636)
    public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.httpBasic().and().authorizeRequests()
                .antMatchers(&quot;/rest&quot;, &quot;/&quot;).permitAll().anyRequest()
                .authenticated().and().csrf()
                .csrfTokenRepository(csrfTokenRepository()).and()
                .addFilterAfter(csrfHeaderFilter(), CsrfFilter.class);
    }

    private Filter csrfHeaderFilter() {
        return new OncePerRequestFilter() {
            @Override
            protected void doFilterInternal(HttpServletRequest request,
                                            HttpServletResponse response, FilterChain filterChain)
                    throws ServletException, IOException {
                CsrfToken csrf = (CsrfToken) request.getAttribute(CsrfToken.class
                        .getName());
                if (csrf != null) {
                    Cookie cookie = WebUtils.getCookie(request, &quot;XSRF-TOKEN&quot;);
                    String token = csrf.getToken();
                    if (cookie == null || token != null
                            &amp;&amp; !token.equals(cookie.getValue())) {
                        cookie = new Cookie(&quot;XSRF-TOKEN&quot;, token);
                        cookie.setPath(&quot;/&quot;);
                        response.addCookie(cookie);
                    }
                }
                filterChain.doFilter(request, response);
            }
        };
    }

    private CsrfTokenRepository csrfTokenRepository() {
        HttpSessionCsrfTokenRepository repository = new HttpSessionCsrfTokenRepository();
        repository.setHeaderName(&quot;X-XSRF-TOKEN&quot;);
        return repository;
        }
    }
Stack trace: 

    ERROR ContextLoader:353 - Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name &#39;securityConfiguration&#39;: Injection of autowired dependencies failed; nested exception is org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:334)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1214)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:543)
	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:482)
	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:305)
	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:230)
	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:301)
	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:196)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:772)
	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:834)
	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:537)
	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:446)
	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:328)
	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:107)
	at weblogic.servlet.internal.EventsManager$FireContextListenerAction.run(EventsManager.java:678)
	at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
	at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:120)
	at weblogic.servlet.provider.WlsSubjectHandle.run(WlsSubjectHandle.java:57)
	at weblogic.servlet.internal.EventsManager.executeContextListener(EventsManager.java:243)
	at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:200)
	at weblogic.servlet.internal.EventsManager.notifyContextCreatedEvent(EventsManager.java:185)
	at weblogic.servlet.internal.WebAppServletContext.preloadResources(WebAppServletContext.java:1838)
	at weblogic.servlet.internal.WebAppServletContext.start(WebAppServletContext.java:2876)
	at weblogic.servlet.internal.WebAppModule.startContexts(WebAppModule.java:1661)
	at weblogic.servlet.internal.WebAppModule.start(WebAppModule.java:823)
	at weblogic.application.internal.ExtensibleModuleWrapper$StartStateChange.next(ExtensibleModuleWrapper.java:360)
	at weblogic.application.internal.ExtensibleModuleWrapper$StartStateChange.next(ExtensibleModuleWrapper.java:356)
	at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42)
	at weblogic.application.internal.ExtensibleModuleWrapper.start(ExtensibleModuleWrapper.java:138)
	at weblogic.application.internal.flow.ModuleListenerInvoker.start(ModuleListenerInvoker.java:124)
	at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:216)
	at weblogic.application.internal.flow.ModuleStateDriver$3.next(ModuleStateDriver.java:211)
	at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42)
	at weblogic.application.internal.flow.ModuleStateDriver.start(ModuleStateDriver.java:73)
	at weblogic.application.internal.flow.StartModulesFlow.activate(StartModulesFlow.java:24)
	at weblogic.application.internal.BaseDeployment$2.next(BaseDeployment.java:729)
	at weblogic.application.utils.StateMachineDriver.nextState(StateMachineDriver.java:42)
	at weblogic.application.internal.BaseDeployment.activate(BaseDeployment.java:258)
	at weblogic.application.internal.SingleModuleDeployment.activate(SingleModuleDeployment.java:48)
	at weblogic.application.internal.DeploymentStateChecker.activate(DeploymentStateChecker.java:165)
	at weblogic.deploy.internal.targetserver.AppContainerInvoker.activate(AppContainerInvoker.java:80)
	at weblogic.deploy.internal.targetserver.operations.AbstractOperation.activate(AbstractOperation.java:587)
	at weblogic.deploy.internal.targetserver.operations.ActivateOperation.activateDeployment(ActivateOperation.java:150)
	at weblogic.deploy.internal.targetserver.operations.ActivateOperation.doCommit(ActivateOperation.java:116)
	at weblogic.deploy.internal.targetserver.operations.AbstractOperation.commit(AbstractOperation.java:339)
	at weblogic.deploy.internal.targetserver.DeploymentManager.handleDeploymentCommit(DeploymentManager.java:846)
	at weblogic.deploy.internal.targetserver.DeploymentManager.activateDeploymentList(DeploymentManager.java:1275)
	at weblogic.deploy.internal.targetserver.DeploymentManager.handleCommit(DeploymentManager.java:442)
	at weblogic.deploy.internal.targetserver.DeploymentServiceDispatcher.commit(DeploymentServiceDispatcher.java:176)
	at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.doCommitCallback(DeploymentReceiverCallbackDeliverer.java:195)
	at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer.access$100(DeploymentReceiverCallbackDeliverer.java:13)
	at weblogic.deploy.service.internal.targetserver.DeploymentReceiverCallbackDeliverer$2.run(DeploymentReceiverCallbackDeliverer.java:68)
	at weblogic.work.SelfTuningWorkManagerImpl$WorkAdapterImpl.run(SelfTuningWorkManagerImpl.java:548)
	at weblogic.work.ExecuteThread.execute(ExecuteThread.java:311)
	at weblogic.work.ExecuteThread.run(ExecuteThread.java:263)
       
    Caused by: org.springframework.beans.factory.BeanCreationException: Could not autowire method: public void org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter.setObjectPostProcessor(org.springframework.security.config.annotation.ObjectPostProcessor); nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:659)
	at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:88)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotationBeanPostProcessor.java:331)
	... 54 more

    Caused by: org.springframework.beans.factory.NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found for dependency: expected at least 1 bean which qualifies as autowire candidate for this dependency. Dependency annotations: {}
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.raiseNoSuchBeanDefinitionException(DefaultListableBeanFactory.java:1326)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:1072)
	at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:967)
	at org.springframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredMethodElement.inject(AutowiredAnnotationBeanPostProcessor.java:616)
	... 56 more

spring security: NoSuchBeanDefinitionException: No qualifying bean of type [org.springframework.security.config.annotation.ObjectPostProcessor] found

I know that securing REST API is widely commented topic but I&#39;m not able to create a small prototype that meets my criteria (and I need to confirm that these criteria are realistic). There are so many options how to secure resources and how work with Spring security, I need to clarify if my needs are realistic.

**My requirements**

 - Token based authenticator - users will provide its credentials and get unique and time limited access token. I would like to manage token creation, checking validity, expiration in my own implementation.
 - Some REST resources will be public - no need to authenticate at all,
 - Some resources will be accessible only for users with administrator rights,
 - Other resource will be accessible after authorization for all users.
 - I don&#39;t want to use Basic authentication
 - Java code configuration (not XML)

**Current status**

My REST API works very well, but now I need to secure it. When I was looking for a solution I created a `javax.servlet.Filter` filter:

      @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
    
            HttpServletRequest request = (HttpServletRequest) req;
    
            String accessToken = request.getHeader(AUTHORIZATION_TOKEN);
            Account account = accountDao.find(accessToken);
    
            if (account == null) {    
                throw new UnauthorizedException();    
            }
    
            chain.doFilter(req, res);
    
        }

But this solution with `javax.servlet.filters` doesn&#39;t work as I need because there is an issue with exception handling via `@ControllerAdvice` with Spring `servlet dispatcher`.

**What I need**

I would like to know if these criteria are realistic and get any help, how to start  securing REST API with Spring Security. I read many tutorials (e.g. [Spring Data REST + Spring Security] [1]) but all work in very basic configuration - users with **their credentials are stored in memory** in configuration and I need to work with DBMS and create own authenticator.

**Please give me some ideas how to start.**

  [1]: https://github.com/spring-projects/spring-data-examples/tree/master/rest/security

Content Type	Original Author	Original Content on Stackoverflow
Question	Bashar Abutarieh	View Question on Stackoverflow
Solution 1 - Spring	Bohuslav Burghardt	View Answer on Stackoverflow

Multiple antMatchers in Spring security

Spring Problem Overview

Spring Solutions

Solution 1 - Spring

hide placeholder with css

(Smooth)ScrollToPosition doesn't work properly with RecyclerView

Attributions