Spring Security needs ContextLoaderListener but I'm using annotated configuration, what to do?

Question

I was using annotated configuration for my Spring web app and then had to mix XML with it so that I could use Spring Security. I annotated one of my configuration classes with @ImportResource("security-config.xml") to load the security config. The configuration beans are being created just fine. My web.xml looks like so:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="com-timbuk2-webapp-compositor" 
         version="3.0"
         xmlns="http://java.sun.com/xml/ns/javaee" 
         xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" 
         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
                             http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" >

    <!-- Spring Security Chain -->
    <filter>
         <filter-name>springSecurityFilterChain</filter-name>
         <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
       <filter-name>springSecurityFilterChain</filter-name>
       <url-pattern>/*</url-pattern>
    </filter-mapping>

     <!--  Character Encoding -->
    <filter>
        <filter-name>characterEncodingFilter</filter-name>
        <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
        <init-param>
            <param-name>encoding</param-name>
            <param-value>UTF-8</param-value>
        </init-param>
        <init-param>
            <param-name>forceEncoding</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>characterEncodingFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!--  URL Rewrite -->
    <filter>
        <filter-name>urlRewriteFilter</filter-name>
        <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
        <init-param>
            <param-name>logLevel</param-name>
            <param-value>commons</param-value>
        </init-param>
        <init-param>
            <param-name>confPath</param-name>
            <param-value>/WEB-INF/conf/urlrewrite-config.xml</param-value>
        </init-param>
    </filter>

    <filter-mapping>
        <filter-name>urlRewriteFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <!-- Listeners -->
    <listener>
        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    </listener>

    <!-- Context Parameters -->
    <context-param>
        <param-name>log4jConfigLocation</param-name>
        <param-value>/WEB-INF/conf/log4j-config.xml</param-value>
    </context-param>

    <!-- Servlets -->
    <servlet>
        <servlet-name>app-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>contextClass</param-name>
            <param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
        </init-param>
        <init-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>com.website.config</param-value>
        </init-param>
        <load-on-startup>0</load-on-startup>
    </servlet>

    <!-- Servlet mappings -->
    <servlet-mapping>
        <servlet-name>app-dispatcher</servlet-name>
        <url-pattern>/app/*</url-pattern>
    </servlet-mapping>


</web-app>

From what I understand the springSecurityFilterChain needs ContextLoaderListener. However, because of how my app is configured, if I add:

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

to my web.xml my app doesn't initialize. Is there a way to manually create a ContextLoaderListener in my annotated configuration?

Answer 1

I believe it works with the following additions under web-app

<context-param>
  <param-name>contextClass</param-name>
  <param-value>
    org.springframework.config.java.context.JavaConfigWebApplicationContext
  </param-value>
</context-param>
<context-param>
  <param-name>contextConfigLocation</param-name>
  <param-value>com.website.config</param-value>
</context-param>

source : http://blog.springsource.com/2008/03/26/spring-java-configuration-whats-new-in-m3/

Answer 2

Just create a root application context by using the ContextLoaderListener.

<context-param>
    <description>The Spring configuration files.</description>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring/application.xml</param-value>
</context-param>

<listener>
    <description>The Spring context listener.</description>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

Inside the application.xml, you also can define the annotation based config. It will be inherited by the WebApplicationContext of your DispatcherServlet definition.

Then you import your security configuration inside the application.xml. So security will apply to all ApplicationContexts in your configuration.