Accessing OSGI service from Spring - spring

I would like to access OSGI service from Spring bean without DM. Currently I have 2 bundles bundle A is just exposing service, and bundle B is a web application with JSF and Spring Security. The following is the project structure:
-webapp
|
-OSGI-INF/blueprint/blueprint.xml
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0">
<bean id="sampleBean" class="com.test.bundleb.bean.SampleBean" init-method="create" activation="eager">
<property name="bundleAService" ref="bundleAService"></property>
</bean>
<reference id="bundleAService" interface="com.test.bundlea.service.BundleAService"/>
</blueprint>
|
-WEB-INF/faces-config.xml
<faces-config
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd"
version="2.1">
<application>
<message-bundle>messages</message-bundle>=
<el-resolver>com.test.bundleb.listener.OsgiELResolver</el-resolver>
<el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>
</faces-config>
Note that for accessing osgi beans from jsf bean, the following solution taken as-is and it is working.
Injecting blueprint OSGi service into JSF/PrimeFaces bean
|
-WEB-INF/web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="3.0">
<description>Test Web Application</description>
<context-param>
<param-name>facelets.VIEW_MAPPINGS</param-name>
<param-value>*.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<!-- FIXME This should not be required, but Jetty does not pick up the
listener from a TLD at the moment. -->
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener
</listener-class>
</listener>
<!-- For Spring Security. -->
<listener>
<listener-class>com.bundleb.listener.ServiceLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
|
-WEB-INF/spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/secured" access="ROLE_USER"/>
<intercept-url pattern="/scripts" access="isAuthenticated()"/>
<form-login login-page="/login.xhtml" default-target-url="/secured/welcome.xhtml"
authentication-failure-url="/login.xhtml?status=error"/>
<logout logout-success-url="/login.xhtml?status=logout"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abc" password="ABC" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I can access OSGI service from JSF bean, the spring context can also be initialized and the security works fine. However, I couldn't access OSGI service from Spring bean. Is there a way to access it from spring bean without using Spring DM?

Related

Spring security blocking access to GWT services

I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.
POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)
Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>
</security:http>
<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>
</web-app>
Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.
Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.

I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>

How do I create a generic page for all my Spring controller exceptions?

I’m using Spring 3.2.11.RELEASE. I’m trying to set up a JSP as a catch-all page for any exceptions originating from my controllers. However, the mechanism isn’t kicking in. I have added this to my web.xml file
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
metadata-complete="true">
<display-name>subco Application</display-name>
<session-config>
<cookie-config>
<path>/myproject</path>
</cookie-config>
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/META-INF/spring/applicationContext-myproject.xml,
classpath:/META-INF/spring/infrastructure.xml
</param-value>
</context-param>
<context-param>
<param-name>Owasp.CsrfGuard.Config</param-name>
<param-value>csrfguard.properties</param-value>
</context-param>
<context-param>
<param-name>Owasp.CsrfGuard.Config.Print</param-name>
<param-value>true</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CSRFGuard</filter-name>
<filter-class>org.owasp.csrfguard.CsrfGuardFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CSRFGuard</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardServletContextListener</listener-class>
</listener>
<listener>
<listener-class>org.owasp.csrfguard.CsrfGuardHttpSessionListener</listener-class>
</listener>
<listener>
<listener-class>org.mainco.subco.myproject.mvc.listener.SbSessionAttributeListener</listener-class>
</listener>
<servlet>
<servlet-name>JavaScriptServlet</servlet-name>
<servlet-class>org.owasp.csrfguard.servlet.JavaScriptServlet</servlet-class>
<init-param>
<param-name>source-file</param-name>
<param-value>WEB-INF/csrfguard.js</param-value>
</init-param>
<init-param>
<param-name>inject-into-forms</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>inject-into-attributes</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>domain-strict</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>JavaScriptServlet</servlet-name>
<url-pattern>/csrfjs</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>MyprojectDispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/jboss-as-spring-mvc-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>MyprojectDispatcher</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>MyprojectDispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<error-page>
<exception-type>java.lang.Throwable</exception-type>
<location>/WEB-INF/error.jsp</location>
</error-page>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
and created the error.jsp in my WEB-INF directory. However, when exceptions are generated from within my controllers, e.g. NullPointerExceptions, I do not see the error.jsp page, but rather a generic spring message that reads, ‘{“status":"failure","exception":"NullPointerException”}’. What other configurations do I need to do to engage my generic error page? I’m using JBoss 7.1.3.Final if that matters.
Edit:
Here is the application context file, referenced in the web.xml file from above:
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd">
<context:component-scan base-package="org.mainco.subco.assessment.mvc"/>
<context:component-scan base-package="org.mainco.subco.myproject.mvc"/>
<context:component-scan base-package="org.mainco.subco.myproject.validator"/>
<context:component-scan base-package="org.mainco.subco.standards.mvc"/>
<context:component-scan base-package="org.mainco.subco.resource.mvc"/>
<context:component-scan base-package="org.mainco.subco.registration"/>
<context:component-scan base-package="org.mainco.subco.section.mvc" />
<context:component-scan base-package="org.mainco.subco.user.mvc" />
<context:component-scan base-package="org.mainco.subco.util.mvc" />
<context:component-scan base-package="org.mainco.subco.security" />
<context:component-scan base-package="org.springframework.security.saml"/>
<context:component-scan base-package="org.mainco.subco.myproject.lti" />
<mvc:annotation-driven />
<context:property-placeholder location="classpath:core.properties,classpath:application.properties"/>
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:MyprojectUserMessages"/>
</bean>
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
<property name="maxUploadSize" value="10000000"/>
<property name="maxInMemorySize" value="10000000" />
</bean>
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" p:order="3" p:defaultErrorView="error" />
</beans>

Try use in your web.xml like this:
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/WEB-INF/error.jsp</location>
</error-page>
Are you using Spring MVC? If so, try config an exception resolver in your mvc application context, something like this:
<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver" p:order="3" p:defaultErrorView="error" />
Your error.jsp must be in the path of your viewResolver (e.g. "WEB-INF/pages", "WEB-INF/views", etc.).
PS.: to use p:* you have add xmlns:p="http://www.springframework.org/schema/p" in your beans, something like this:
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xmlns:p="http://www.springframework.org/schema/p" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans classpath:org/springframework/beans/factory/xml/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd">
<!-- your configs go here -->
</beans>
You can also use #ExceptionHandler and/or a #ControllerAdvice with Spring MVC.

Spring security: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored.

I am trying to configure spring security on my simple app, but I keep getting this error.
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
I have seen other similar posts, but could not figure out why I am getting this error. I don't seems to have duplicate security:http namespace configured.
Here goes my web.xml
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>sampler</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:**/sampler-context.xml
classpath:**/sampler-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>sampler</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>sampler</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring security config:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Add Authentication Manager -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" authorities="ROLE_USER" password="test"/>
</user-service>
</authentication-provider>
</authentication-manager>
<!-- This would add login screen -->
<http auto-config="true">
<intercept-url pattern="/admin/*" access="ROLE_USER"/>
</http>
Its just a simple login functionality that I wanted to provide as of now. Any help around this issue would be really appreciated.

The problem was in the regex of classpath in the context-param.
<param-value>
classpath:**/sampler-context.xml
classpath:**/sampler-security.xml
</param-value>
Changing it to
<param-value>
classpath*:sampler-context.xml
classpath*:sampler-security.xml
</param-value>
solves this problem.

Exception starting filter springSecurityFilterChain - org.springframework.beans.factory.NoSuchBeanDefinitionException

I am new with spring. I am trying to use Spring Security to have authentication using MySQL, I get this error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
By judging from similar questions I think the security config file is not loaded.
my config file is in src/main/resources/spring-security.xml and I include it in awt.project.init.WebAppConfig:
#Configuration
#EnableWebMvc
#EnableTransactionManagement
#ComponentScan("awt.project")
#ImportResource("classpath:spring-security.xml")
public class WebAppConfig {
....
}
Here is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- Serves static resource content from .jar files such as spring-faces.jar -->
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.springframework.js.resource.ResourceServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<!-- Map all /resources requests to the Resource Servlet for handling -->
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<!-- Java-based Spring container definition -->
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<!-- Location of Java #Configuration classes that configure the components that makeup this application -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
awt.project.init
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Secures the application -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I tried to also include the spring-security.xml in contexConfiguration as classpath:spring-security.xml but still I get the same problem.
Here is the spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/sec/moderation.html" access="ROLE_MODERATOR" />
<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
<form-login login-page="/user-login.html"
default-target-url="/success-login.html" authentication-failure-url="/error-login.html" />
<logout logout-success-url="/index.html" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>

I might be wrong, but if you use AnnotationConfigWebApplicationContext and specify only a package name in contextConfigLocation, Spring will scan that package only for classes with a stereotype annotation (#Component, #Controller, #Service, etc), so your WebAppConfig is basically ignored. Try giving the fully qualified name of WebAppConfig as contextConfigLocation.

Spring Security Configuration and web.xml mapping

I am new to Spring Security and trying to figure out the exact flow of Spring-Security module,
Please suggest the right flow.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>OnlineTestProject</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security/applicationContext-security.xml
/WEB-INF/db/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>jsp/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
applicationContext-security.xml
<http use-expressions="true">
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
<intercept-url pattern="/jsp/login.jsp" access="permitAll" />
<logout logout-url="/j_spring_security_logout"
invalidate-session="true" />
<remember-me />
<session-management invalid-session-url="/jsp/login.jsp?loggedout=true">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<anonymous enabled='false'/>
</http>
What I know is, when the request comes for the application it will go in welcome-file-list for opening the jsp/login.jsp in my case, so it will directly open jsp/login.jsp page, but as we keep security, so it will go inside applicationContext-security.xml and check whether jsp/login.jsp needs to be filter or not and so on....then where does
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
will come in picture, also as per I know is it should go to "/jsp/login.jsp" page for login and if the credentials succes then it should go to /jsp/index.jsp, but it is opening /jsp/index.jsp page first....
can some one please guide me the correct flow.
thanks

Resources