Spring Security 4无法在Tomcat 7上创建bean FilterChain

Question

A project which I downloaded from a repository fails to run on Apache Tomcat 7. It is a Spring 4.1.6 application with Spring security 4.0.1 and OpenAM version 10.0.0. The run process fails on my local Apache Tomcat 7 instance with an error stating

SEVERE: Exception sending context initialized event to listener instance of class org.springframework.web.context.ContextLoaderListener
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChains':
...

The nested exception is

org.springframework.beans.BeanInstantiationException: Could not instantiate bean class
[org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy]: Constructor threw exception;
nested exception is java.lang.IllegalStateException: HttpServletRequest.changeSessionId is undefined. Are you using a Servlet 3.1+ environment?

The pom.xml file is set up with

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

I know this is a build environment configuration issue because the source code has been run successfully on another machine. What needs to change to get the filterChains bean to be created successfully

Answer 1

The key thing to note in the log was the:

HttpServletRequest.changeSessionId is undefined. Are you using a Servlet 3.1+ environment?

By upgrading to Tomcat 8 and using Java EE 7 Web, I was able to get the project to run successfully.