Skip to main content

Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Eclipse Projects » Virgo » Spring Security on multiple bundles(Illegal access while using Spring Security Authentification manager service.)
Spring Security on multiple bundles [message #709866] Thu, 04 August 2011 12:12 Go to next message
TorTukiTu Mising name is currently offline TorTukiTu Mising nameFriend
Messages: 12
Registered: August 2011
Junior Member

I have got 3 modules (UI, business, DAO) for my application. I must use Spring security both in UI and Business. So I created another Spring security bundle like this :

<bean id="anonymousAuthenticationProvider" class="">
	<property name="key" value="BF93JFJ091N00Q7HF"/>
<bean id="_authenticationManager"
			<property name="providers">
				<ref local="anonymousAuthenticationProvider"/>


	<osgi:service id="authenticationManagerOsgi"
		interface="" />

So I try to use the service from my UI (web) bundle

	<osgi:reference id="_authenticationManager"

But I got an error when I start the UI bundle using the service of my Security Bundle :

NFO: Illegal access: this web application instance has been stopped already.  Could not load org.springframework.osgi.util.internal.PrivilegedUtils.  The eventual following stack trace is caused by an error thrown for debugging purposes as well as to attempt to terminate the thread which caused the illegal access, and has no functional impact.
	at org.eclipse.gemini.web.tomcat.internal.loading.BundleWebappClassLoader.loadClass(
	at java.lang.ClassLoader.loadClass(
	at org.eclipse.virgo.web.core.internal.WebAppClassLoaderDelegateHook.postFindClass(
	at org.eclipse.virgo.osgi.extensions.equinox.hooks.PluggableDelegatingClassLoaderDelegateHook.postFindClass(
	at org.eclipse.osgi.internal.loader.BundleLoader.searchHooks(
	at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(

The package org.springframework.osgi.util.internal seems no more exists in the latest Virgo release :

osgi> bundle 4org.springframework.osgi.core_1.2.1 [4]
  Id=4, Status=ACTIVE      Data Root=C:\Users\xxx\Desktop\icones\virgo-web-server-2.1.1.RELEASE\work\osgi\configuration\org.eclipse.osgi\bundles\36\data\store\org.eclipse.osgi\bundles\4\data...
  No registered services.
  No services in use.
  Exported packages
    org.springframework.osgi; version="1.2.1"[exported]
    org.springframework.osgi.bundle; version="1.2.1"[exported]; version="1.2.1"[exported]
    org.springframework.osgi.compendium.config; version="1.2.1"[exported]
    org.springframework.osgi.config; version="1.2.1"[exported]
    org.springframework.osgi.context; version="1.2.1"[exported]
    org.springframework.osgi.context.event; version="1.2.1"[exported]; version="1.2.1"[exported]
    org.springframework.osgi.service; version="1.2.1"[exported]
    org.springframework.osgi.service.exporter; version="1.2.1"[exported]; version="1.2.1"[exported]
    org.springframework.osgi.service.importer; version="1.2.1"[exported]
    org.springframework.osgi.service.importer.event; version="1.2.1"[exported]; version="1.2.1"[exported]
    org.springframework.osgi.util; version="1.2.1"[exported]
  Imported packages; version="3.0.0.REL

The latest release having that package seems to be Spring DM Core 1.1.3.RELEASE .

Is there a simple way to solve that ?


[Updated on: Thu, 04 August 2011 12:59]

Report message to a moderator

Re: Spring Security on multiple bundles [message #709897 is a reply to message #709866] Thu, 04 August 2011 13:04 Go to previous messageGo to next message
Glyn Normington is currently offline Glyn NormingtonFriend
Messages: 1222
Registered: July 2009
Senior Member
Please refer to the User Guide section "configuring serviceability" for information on how to configure trace. You'll need to read this in conjunction with the Logback manual.

I noticed that there is a typo at least in your post but possibly also in the application as the interface names in the XML files do not match.
Re: Spring Security on multiple bundles [message #709919 is a reply to message #709897] Thu, 04 August 2011 13:30 Go to previous messageGo to next message
Dmitry Sklyut is currently offline Dmitry SklyutFriend
Messages: 279
Registered: January 2010
Senior Member
Check that your web bundle code is not using either org.springframework.osgi.util.internal.PrivilegedUtils or some class that depends on org.springframework.osgi.util.internal.PrivilegedUtils.
Re: Spring Security on multiple bundles [message #713366 is a reply to message #709919] Mon, 08 August 2011 11:52 Go to previous messageGo to next message
TorTukiTu Mising name is currently offline TorTukiTu Mising nameFriend
Messages: 12
Registered: August 2011
Junior Member
Ok, Finally solved the problem. This happends when I add a service reference in my applicationContext.xml. It was a namespace problem.
For un unknown reason, Virgo was looking for PrivilegedUtils which was raising an Illegal access exception.

Thanks for your help.

[Updated on: Mon, 08 August 2011 11:52]

Report message to a moderator

Re: Spring Security on multiple bundles [message #798845 is a reply to message #709866] Wed, 15 February 2012 06:18 Go to previous message
Groovy Groovy is currently offline Groovy GroovyFriend
Messages: 2
Registered: February 2012
Junior Member

I'm trying the same way to expose authenticationManager using OSGI, here is my spring security xml in business:
<bean id="_authenticationManager"
		<property name="providers">
				<ref bean="daoAuthenticationProvider" />
				<ref bean="anonymousAuthenticationProvider" />

	<bean id="daoAuthenticationProvider"
		<property name="passwordEncoder">
				class="" />
		<property name="userDetailsService" ref="userService" />
		<property name="hideUserNotFoundExceptions" value="false" />

	<bean id="anonymousAuthenticationProvider"
		<property name="key" value="SomeUniqueKeyForThisApplication" />
	<!-- Usernames/Passwords are rod/koala dianne/emu scott/wombat peter/opal -->
	<sec:user-service id="userService">
		<sec:user name="rod" password="a564de63c2d0da68cf47586ee05984d7"
		<sec:user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e"
			authorities="ROLE_USER,ROLE_TELLER" />
		<sec:user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a"
			authorities="ROLE_USER" />
		<sec:user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8"
			authorities="ROLE_USER" />

<osgi:service ref="_authenticationManager"
		interface="" />

here is in the web:
<beans:beans xmlns=""
	xmlns:beans="" xmlns:osgi=""

	<global-method-security pre-post-annotations="enabled">
		<!-- AspectJ pointcut expression that locates our "post" method and applies 
			security that way <protect-pointcut expression="execution(* bigbank.**(..))" 
			access="ROLE_TELLER"/> -->

	<http use-expressions="true">
		<intercept-url pattern="/secure/extreme/**" access="hasRole('ROLE_SUPERVISOR')" />
		<intercept-url pattern="/secure/**" access="isAuthenticated()" />
		<intercept-url pattern="/images/**" access="permitAll" />
		<intercept-url pattern="/login.jsp" access="permitAll" />
		<intercept-url pattern="/**" access="isAuthenticated()" />

		<remember-me />


<osgi:reference id="_authenticationManager"
		interface="" />

But I always get this error:
[2012-02-15 13:35:09.195] ERROR Thread-128                   org.springframework.web.context.ContextLoader                     Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name '': Cannot create inner bean '(inner bean)' of type [] while setting bean property 'parent'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)#6': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named '' is defined: Did you forget to add an <authentication-manager> element to your configuration (with child <authentication-provider> elements) ?

Any idea why this problem happens? It seems that I need to provide authentication-manager in my web bundle xml, but I do not want that since I want to have multiple web bundle to use the same authentication-manager, such that user would not be prompted to login again and again..

I've tried everything including changing the bean id into "authenticationManager".
I also tried to change the bean id into ""
but I will get another error:
nested exception is java.lang.NoSuchMethodException: $Proxy225.isEraseCredentialsAfterAuthentication()

Which I know because AuthenticationManager interface does not have that method.

Any idea on how I can solve this problem?
Is it an existing problem in Spring Security 3.0?

Really appreciate any reply
Previous Topic:Remote Virgo server sending a 404
Next Topic:Using config artifacts for multiple envs
Goto Forum:

Current Time: Wed May 23 03:34:59 GMT 2018

Powered by FUDForum. Page generated in 0.01735 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top