I've tried the example provided by official reference Spring Session. After login via http://localhost:8080/login it seems session data is still stored in memory, and no redis interactions(observed through redis-cli monitor command). Only JSESSIONID stored in cookies
Settings below:
web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring.xml:
<context:annotation-config/>
<beans:bean class="org.springframework.session.data.redis.config.annotation.web.http.RedisHttpSessionConfiguration"/>
<beans:bean class="org.springframework.data.redis.connection.jedis.JedisConnectionFactory"
p:hostName="192.168.1.230"
p:port="6379"
/>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="root" password="123456" authorities="ROLE_ADMIN"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<security:global-method-security secured-annotations="enabled"/>
<security:http auto-config="true">
<security:intercept-url pattern="/ping" access="hasRole('ROLE_ADMIN')"/>
<security:form-login default-target-url="/ping"/>
<security:csrf disabled="true"/>
</security:http>
<mvc:annotation-driven/>
<context:component-scan base-package="io.hbprotoss.demo.controller"/>
You need to declare the session repository filter, like this:
<filter>
<filter-name>springSessionRepositoryFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSessionRepositoryFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Since you are using spring security make sure that session repository filter is declared before security filter (and any other filter(s) that might want to access the session otherwise you might end up with two session one provided by the servlet container and one by spring session.
More details can be found here
https://docs.spring.io/spring-session/docs/current/reference/html5/#xml-servlet-container-initialization
Related
I have a spring web application which runs fine when I run it via jetty using maven and deploying it in tomcat 7 in my local environment, but gives me the "No Spring WebApplicationInitializer types detected on classpath" when I try to deploy it in my prod server.
I know that the web.xml is being read because I have a sitemesh filter defined on the web.xml and everytime I hit a static .html file, the sitemesh filter is being invoked. But when I try to hit a spring configured url (defined with #RequestMapping), it displays a blank page.
My local environment setup is running in Linux mint + oracle jdk 1.7. My prod server is running in Ubuntu + oracle jdk 1.7. I have a similar app that runs just fine in prod but not this one. The apps are deployed in the same tomcat instance using different Hosts.
So, here's my web.xml file:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
version="2.5"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>app2</display-name>
<description>app2</description>
<!-- Enable escaping of form submission contents -->
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Handles Spring requests -->
<servlet>
<servlet-name>app2</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/webmvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app2</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>com.opensymphony.sitemesh.webapp.SiteMeshFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/uncaughtException</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/resourceNotFound</location>
</error-page>
And here's the webmvc-config.xml residing under WEB-INF/spring directory:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:component-scan base-package="app2" use-default-filters="false">
<context:include-filter expression="org.springframework.stereotype.Controller" type="annotation"/>
</context:component-scan>
<mvc:annotation-driven>
<mvc:argument-resolvers>
<bean class="org.springframework.data.web.SortHandlerMethodArgumentResolver">
</bean>
<bean class="org.springframework.data.web.PageableHandlerMethodArgumentResolver">
<constructor-arg>
<bean class="org.springframework.data.web.SortHandlerMethodArgumentResolver">
</bean>
</constructor-arg>
</bean>
</mvc:argument-resolvers>
</mvc:annotation-driven>
<mvc:resources location="/, classpath:/META-INF/web-resources/" mapping="/resources/**"/>
<mvc:default-servlet-handler/>
<mvc:view-controller path="/" view-name="index"/>
<mvc:view-controller path="/404" view-name="404"/>
<bean class="org.springframework.context.support.ReloadableResourceBundleMessageSource" id="messageSource" p:basenames="WEB-INF/i18n/messages,WEB-INF/i18n/application" p:fallbackToSystemLocale="false"/>
<bean class="org.springframework.web.multipart.commons.CommonsMultipartResolver" id="multipartResolver"/>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
Please help. I've been banging my head on the wall for 2 days now and still don't know why it's failing.
I am getting this problem. Spring security 3.1.3.RELEASEE. This is a simple Spring form based login security. I am getting an exception No bean named 'springSecurityFilterChain' is defined whenever the server is getting started.
WEB.XML -
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring/appServlet/servlet-context.xml,
/WEB-INF/spring/appServlet/login-security.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
LOGIN--SECURITY.XML -
<security:http auto-config="true">
<security:intercept-url pattern="/welcome*" access="ROLE_USER" />
<security:form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" />
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="mkyong" password="123456" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
I do not get any warnings either. Can somebody please have a look ?
The DelegatingFilterProxy only has access to the, so called, root application context. Which is the file loaded by the ContextLoaderListener.
So instead of letting the DispatcherServlet load the /WEB-INF/spring/appServlet/login-security.xml move it to the configuration of the ContextLoaderListener.
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml,/WEB-INF/spring/appServlet/login-security.xml</param-value>
</context-param>
Trying to link a css stylesheet to one of my jsp files, but I seem to be missing something because the stylesheet is never found.
mvc-config.xml:
<bean class="org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping" />
<mvc:resources mapping="/resources/**" location="/resources/" />
<mvc:annotation-driven />
</beans>
my link tag in jsp file
<link rel="stylesheet" type="text/css" href="http://localhost/testing/resources/css/common.css">
web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/datasource.xml,
/WEB-INF/spring-security.xml,
/WEB-INF/mvc-config.xml
</param-value>
</context-param>
<!-- Spring Security Filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
My folder structure is webapp/resources/css
What am I missing?
When I try to access the css file directly through the browser, it just redirects me to my jsp file.
I noticed you are including a security configuration file in your web.xml. Make sure you disable security for your assets / resources:
<http pattern="/resources/**" security="none" />
I am new to Spring Security and trying to figure out the exact flow of Spring-Security module,
Please suggest the right flow.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>OnlineTestProject</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security/applicationContext-security.xml
/WEB-INF/db/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>jsp/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
applicationContext-security.xml
<http use-expressions="true">
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
<intercept-url pattern="/jsp/login.jsp" access="permitAll" />
<logout logout-url="/j_spring_security_logout"
invalidate-session="true" />
<remember-me />
<session-management invalid-session-url="/jsp/login.jsp?loggedout=true">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<anonymous enabled='false'/>
</http>
What I know is, when the request comes for the application it will go in welcome-file-list for opening the jsp/login.jsp in my case, so it will directly open jsp/login.jsp page, but as we keep security, so it will go inside applicationContext-security.xml and check whether jsp/login.jsp needs to be filter or not and so on....then where does
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
will come in picture, also as per I know is it should go to "/jsp/login.jsp" page for login and if the credentials succes then it should go to /jsp/index.jsp, but it is opening /jsp/index.jsp page first....
can some one please guide me the correct flow.
thanks
i am developing on two different machines with almost the same specs (Win 7, eclipse juno, tomcat 7) and the source checked out from github.
But on my laptop i have a different url behaviour than on my workstation.
Entering
http://localhost:8080/jeiwomisa/auth/login.xhtml
works on my laptop but not my workstation.
On my workstation i have to use:
http://localhost:8080/jeiwomisa/faces/auth/login.xhtml
The difference is the "/faces/" part. This is the same for all links.
I dont understand that as i think i have the same configuration on both machines.
I am not sure which configuration exactly is needed for this problem, so i just post my web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<!-- -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/app/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- pretty faces -->
<filter>
<filter-name>Pretty Filter</filter-name>
<filter-class>com.ocpsoft.pretty.PrettyFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>Pretty Filter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
<dispatcher>ERROR</dispatcher>
</filter-mapping>
<context-param>
<param-name>com.ocpsoft.pretty.BASE_PACKAGES</param-name>
<param-value>de.sveri.jeiwomisa.managed</param-value>
</context-param>
<!-- Project Stage Level -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<!-- JSF Servlet is defined to container -->
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
And this is my security-app-context.xml where the login.xhtml is defined:
<http use-expressions="true" auto-config="true">
<intercept-url pattern="/test/**" access="permitAll" />
<intercept-url pattern="/tasks/**" access="isAuthenticated()" />
<!-- <intercept-url pattern="/**" access="denyAll" /> -->
<form-login login-page="/auth/login.xhtml" />
</http>
<context:annotation-config />
<b:bean id="userRepositoryImpl" class="de.sveri.jeiwomisa.model.UserRepositoryImpl"
autowire="byType">
</b:bean>
<b:bean id="passwordEncoder"
class="org.springframework.security.crypto.password.StandardPasswordEncoder">
</b:bean>
<authentication-manager>
<authentication-provider user-service-ref="userRepositoryImpl">
<password-encoder hash="md5" />
</authentication-provider>
</authentication-manager>
If you need to you can find the complete code at: github code
Best Regards,
Sven
you should add servlet mapping for both applications. try to add following code to youe web.xml file.
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
Strange. Try clearing your browser cache? Your configuration certainly appears correct.