I have a multipart form with a file upload which gets posted as seen below in Chrome developer tools -
------WebKitFormBoundaryUkhJ5180JIBYXzLm
Content-Disposition: form-data; name="_csrf"
8d7f28ad-f436-473c-964e-fe41c42c80e4
------WebKitFormBoundaryUkhJ5180JIBYXzLm
Content-Disposition: form-data; name="_csrf"
8d7f28ad-f436-473c-964e-fe41c42c80e4
------WebKitFormBoundaryUkhJ5180JIBYXzLm--
The data seems to have a proper multipart boundary and the _csrf token included. My Spring application is configured as below for CSRF and multipartfilter -
Beans -
<bean id="tokenRepo"
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
</bean>
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage"
value="/WEB-INF/files/AccessDenied.html" />
</bean>
<bean id="csrfFilter" class="org.springframework.security.web.csrf.CsrfFilter">
<constructor-arg ref="tokenRepo" />
<property name="accessDeniedHandler" ref="accessDeniedHandler" />
</bean>
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map>
<sec:filter-chain pattern="/**" filters="
csrfFilter" />
</sec:filter-chain-map>
</bean>
<bean id="multipartFilter" class="org.springframework.web.multipart.support.MultipartFilter">
</bean>
web.xml -
<filter>
<filter-name>multipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>multipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
security.xml -
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<http />
</b:beans>
I am using Spring Framework version 4.1.6.RELEASE and Spring Security version 4.0.2.RELEASE and Tomcat 7.
With this setup, the request does not pass multipartfilter and/or CSRF filter - I do not see it entering the filter placed after these 2 in web.xml.
If I change my server's context.xml opening context tag to include allowCasualMultipartParsing="true", the request passes into the next filter after multipartfilter and CSRF filter but when it reaches my controller, Apache Commons FileUpload finds it empty. I have tried wrapping the request in HttpServletRequestWrapper in order to typecast it in different ways but I could not salvage the request.
Related
Environment :
Spring 4.1
Spring security 4.0
Issue :
I am developing a simple REST service using Spring 4.1. And using Spring security for authentication purpose.
I am using HTTP Basic Authentication.
The issue is , basic authentication is not working even after all configuration is correct.
I am using postman to send a request to server.
REST client can call the REST controller method without Authorization header.
The method gets executed successfully without any authentication error.
Since I am using Tomcat 6 , I am not using servlet 3.0 features , so web.xml does exist.
The method level security has been implemented using #Secured annotation on REST controller layer.
Can anybody please help as to where I am going wrong ?
Code :
web.xml :
<web-app>
<display-name>Archetype Created Web Application</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet-security.xml</param-value>
</context-param>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
</web-app>
mvc-servlet-dispatcher-security.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
<http use-expressions="true" create-session="stateless">
<http-basic/>
<csrf disabled="true"/>
</http>
<global-method-security secured-annotations="enabled"/>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="XYZ" password="12345" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
mvc-dispatcher-servlet.xml :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Specifying base package of the Components like Controller, Service, DAO -->
<context:component-scan base-package="org.ngo" />
<!-- Getting Database properties -->
<context:property-placeholder location="classpath:application.properties"/>
<mvc:annotation-driven/>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
<property name="packagesToScan" value="org.ngo.abhishek.entity"></property>
</bean>
<!-- Transaction -->
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
The REST controller :
#RestController
#RequestMapping("/abhishek")
public class AbhishekController {
#Autowired
private AbhisheskService abhishekService;
#RequestMapping(method=RequestMethod.POST,consumes="application/json")
#Secured("ROLE_USER")
public ResponseEntity<Boolean> getUserById(#RequestBody List<AbhishekDTO> abhishekDtoList) {
boolean flag = this.abhishekService.createAbhishek(abhishekDtoList);
return new ResponseEntity<Boolean>(flag, HttpStatus.OK);
}
}
I tried your setup and it worked for me. Since you did not provide all of your code, my best guess is either the component scan of your controller for Spring Security is not happening or maybe your browser is caching and sending the Basic Auth credentials without you realizing it.
After getting a clue from Stiletto , I removed #Secured("ROLE_USER") and used expression based security check. It worked (using intercept url). So the issue was with where #Secured has been placed.
Since #Secured was in dispatcher servlet context (child context as per Spring philosophy) and spring security scope was in applicationContext (parent context) , the spring security was getting ignored.
Putting <security:global-method-security secured-annotations="enabled"/> in mvc-dispatcher-servlet.xml resolved the issue.
Similar question on SO : Spring MVC, Method level security
I'm following this tutorial to secure my GWT application with Spring Security.
However, putting
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/app</url-pattern>
</filter-mapping>
<!-- END FILTERS -->
<!-- BEGIN Listeners -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- END Listeners -->
<context-param>
<param-name>
contextConfigLocation
</param-name>
<param-value>
classpath:/**/spring-config.xml
</param-value>
</context-param>
into my web.xml file results in an org.springframework.beans.factory.NoSuchBeanDefinitionException exception. Stack trace:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:660)
at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1157)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:280)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:198)
at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:962)
at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:324)
at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:235)
at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:199)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
...
I don't understand why I'm getting this exception - what am I missing?
DelegatingFilterProxy is a Spring Framework class which delegates to a filter implementation which is defined as a Spring bean in your application context. In this case, the bean is named “springSecurityFilterChain”, which is an internal infrastructure bean created by the namespace to handle web security. Note that you should not use this bean name yourself. Once you've added this to your web.xml, you're ready to start editing your application context file. Web security services are configured using the element.
You should check your spring configuration, dependencies...
Also here is good example of simple Spring security
http://www.mkyong.com/spring-security/spring-security-hello-world-example/
Have you defined context-param in your web.xml? for e.g,
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath*:/META-INF/spring/applicationContext-security.xml
classpath*:/META-INF/spring/applicationContext.xml
classpath*:/META-INF/spring/applicationContext-gwt-dispatch.xml
</param-value>
</context-param>
And in your Spring application context, you have to declare a Spring beans XML file "applicationContext-security.xml" in this case as below,
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<context:property-placeholder location="classpath*:/META-INF/spring/gwtsecurity.properties" />
<security:user-service id="userService">
<security:user name="user" password="user" authorities="ROLE_USER" />
<security:user name="admin" password="admin" authorities="ROLE_USER, ROLE_ADMIN" />
</security:user-service>
...
<alias name="filterChainProxy" alias="springSecurityFilterChain" />
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<security:filter-chain-map path-type="ant">
<security:filter-chain
filters="securityContextFilter, logoutFilter, formLoginFilter, requestCacheFilter,
servletApiFilter, rememberMeFilter, anonFilter, sessionMgmtFilter, exceptionTranslator, filterSecurityInterceptor"
pattern="/**" />
</security:filter-chain-map>
</bean>
<bean
...
</bean>
...
</beans>
Ref: https://github.com/dmartinpro/gwt-security/tree/master/gwt-security-sample
The application works perfectly with the following config files:
My Web.XML is as follows
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/spring/mvc-dispatcher-servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/spring/spring-context.xml,
/WEB-INF/classes/spring/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
My mvc-dispatcher-servlet
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<context:component-scan base-package="biz.canisrigel.slapMe" />
<!-- enable autowire -->
<context:annotation-config />
My spring-context.xml is
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<context:component-scan base-package="biz.canisrigel.slapMe" />
<!-- enable autowire -->
<context:annotation-config />
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost/slapMe" />
<property name="username" value="root" />
<property name="password" value="adminadmin" />
</bean>
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="typeAliasesPackage" value="biz.canisrigel.slapMe.bean" />
</bean>
<!-- scan for mappers and let them be autowired -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="biz.canisrigel.slapMe.mapper" />
</bean>
I couldn't run spring security properly cause earlier spring-context.xml was the xml config file for dispatcher servlet for MVC. So I moved spring-context to contextConfigLocation. But then I had to provide something to dispatcher servlet.
My problem is that mvc-dispatcher-servlet.xml and spring-context is having same data. If I remove mvc-dispatcher its an error. If I don't place the contents of mvc-dispatcher in spring context then also error occurs.
Where am I going wrong in my understanding of concepts.
A few things:
Your web.xml looks correct
The InternalResourceViewResolver should only exist in your mvc-dispatcher-servlet.xml since it is directly related to MVC -- remove it from your spring-context.xml
You can have context:component-scan in both configuration files, but they should be scanning different packages. The one in your servlet xml will generally be component scanning your controller packages (and anything else directly related to MVC), and the one in your parent spring context xml will generally be scanning your services, DAOs, etc. In general, your component scan packages should be very specific; you should never point it towards the base package of your entire application!
You can remove context:annotation-config -- it is redundant if you have context:component-scan
Your MVC context should have only configuration related to MVC which generally includes ViewResolvers, FileUpload, PropertyFiles, Message/Theme Resolvers etc. Your applicationContext will have beans related to DAO, Service and other utils. The security file should have security configuration. To understand better and to know good/recommended practices, check out the spring greehouse code.
I am using Spring MVC to write a client application that will authenticate against a Spring Security CAS server.
The problem that I am running into is, after a user authenticates successfully, the browser shows a 404 error. I am not sure how to set up a "success" page in my application. Or do I need to define a callback url somewhere in the CAS server properties? Here is my code so far:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/applicationContext-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
applicationContext-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Enable security, let the casAuthenticationEntryPoint handle all intercepted
urls. The CAS_FILTER needs to be in the right position within the filter
chain. -->
<security:http entry-point-ref="casAuthenticationEntryPoint"
auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
<security:custom-filter position="CAS_FILTER"
ref="casAuthenticationFilter"></security:custom-filter>
</security:http>
<!-- Required for the casProcessingFilter, so define it explicitly set and
specify an Id Even though the authenticationManager is created by default
when namespace based config is used. -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="casAuthenticationProvider"></security:authentication-provider>
</security:authentication-manager>
<!-- This section is used to configure CAS. The service is the actual redirect
that will be triggered after the CAS login sequence. -->
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="https://localhost:8443/cas/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<!-- The CAS filter handles the redirect from the CAS server and starts
the ticket validation. -->
<bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- The entryPoint intercepts all the CAS authentication requests. It redirects
to the CAS loginUrl for the CAS login page. -->
<bean id="casAuthenticationEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<!-- Handles the CAS ticket processing. -->
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://localhost:8443/cas">
</constructor-arg>
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<!-- The users available for this application. -->
<security:user-service id="userService">
<security:user name="user" password="user" authorities="ROLE_USER"></security:user>
</security:user-service>
I would appreciate any help!
The above code was used from the following tutorial: http://www.oudmaijer.com/2009/12/28/spring-3-spring-security-3-cas-3-3-4-integration/
Update: Here is the network flow (taken from Firebug):
User clicks on https://localhost:8443/SpringMVC_CAS/secure/index.jsp
Browser performs a "302 Moved Temporarily" from /myapp/secure/index.jsp
CAS prompts log-in https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fcas%2Fj_spring_cas_security_check
https://localhost:8443/cas/j_spring_cas_security_check?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas
Browser shows https://localhost:8443/cas/login?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas
You can do that by adding an AuthenticationSuccessHandler like this:
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed.jsp"/>
</bean>
</property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
</property>
</bean>
If you set alwaysUseDefaultTargetUrl property to true also, then the defaultTargetUrl will be used for the destination otherwise a redirect to the the original destination before the authentication process commenced will tke place.
See also:
SavedRequestAwareAuthenticationSuccessHandler
SimpleUrlAuthenticationSuccessHandler
I try run a basic Java EE Spring project on eclipse(jboss 7.1.1 server, Spring 3.1.2 released), but when it always print that the configuration file do not find but I Actually put the configuration file in right place. I do not configure the welcome-file, but mvc:view-controller instead.
this is the web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee /web-app_3_0.xsd">
<display-name>springupload</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/web-application-config.xml</param-value>
</context-param>
<!-- Loads the Spring web application context -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value/>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map all *.spring requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
This is the web-application-config.xml file
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- Scans for application #Components to deploy -->
<context:component-scan base-package="com.pack" />
<!-- Imports the configurations of the different infrastructure systems of the application -->
<import resource="webmvc-config.xml" />
<!-- <import resource="webflow-config.xml" /> -->
<!-- <import resource="data-access-config.xml" /> -->
<bean class="org.springframework.web.multipart.commons.CommonsMultipartResolver" id="multipartResolver">
<property name="maxUploadSize" value="1000000"></property>
</bean>
</beans>
This is webmvc-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- Enables controllers mapped with #RequestMapping annotations, formatting annotations #NumberFormat #DateTimeFormat, and JSR 303 style validation -->
<mvc:annotation-driven/>
<mvc:resources mapping="/res/**" location="/, classpath:/META-INF/web-resources/" />
<mvc:view-controller path="/" view-name="hello"/>
<mvc:default-servlet-handler />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="jspre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
</beans>
The error you can see in the picture:
HTTP Status 404 - /springupload/WEB-INF/webmvc-config.xml
type Status report
message /springupload/WEB-INF/webmvc-config.xml
description The requested resource (/springupload/WEB-INF/webmvc-config.xml) is not available.
JBoss Web/7.0.13.Final
I really do not know why I configure the html and jsp page, while it should some configuration file as my start page?
Your configuration is not far from being OK.
One thing I notice is that the hello.html file is in your root WebContent folder. I suppose this is the view you want rendered when you access http://localhost:8080/springupload/ because of this line in the configuration:
<mvc:view-controller path="/" view-name="hello"/>
If this is so, then Spring is trying to resolve to /WEB-INF/hello.html because of the prefix and suffix on this viewResolver :
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
However, you have two view resolvers with no order in them, and Spring is taking only the first one which resolves to /WEB-INF/hello.jsp, hence the 404 Not found
To wrap it up your solution is to move hello.html to /WEB-INF/ and to change your viewResolver configuration in webmvc-config.xml like so
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="jspre">
<property name="order" value="2" />
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="order" value="1" />
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
Last, you're not supposed to access directly content in the http://localhost:8080/WEB-INF/* URL, so everything you try here will result in a 404 Not found.
change your configuration file name to [dispatcher servlet name]-servlet.xml
http://static.springsource.org/spring/docs/3.0.x/reference/mvc.html