Spring MVC REST + Spring Security + Basic Authentication - spring

Environment :
Spring 4.1
Spring security 4.0
Issue :
I am developing a simple REST service using Spring 4.1. And using Spring security for authentication purpose.
I am using HTTP Basic Authentication.
The issue is , basic authentication is not working even after all configuration is correct.
I am using postman to send a request to server.
REST client can call the REST controller method without Authorization header.
The method gets executed successfully without any authentication error.
Since I am using Tomcat 6 , I am not using servlet 3.0 features , so web.xml does exist.
The method level security has been implemented using #Secured annotation on REST controller layer.
Can anybody please help as to where I am going wrong ?
Code :
web.xml :
<web-app>
<display-name>Archetype Created Web Application</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet-security.xml</param-value>
</context-param>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
</web-app>
mvc-servlet-dispatcher-security.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
<http use-expressions="true" create-session="stateless">
<http-basic/>
<csrf disabled="true"/>
</http>
<global-method-security secured-annotations="enabled"/>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="XYZ" password="12345" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
mvc-dispatcher-servlet.xml :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Specifying base package of the Components like Controller, Service, DAO -->
<context:component-scan base-package="org.ngo" />
<!-- Getting Database properties -->
<context:property-placeholder location="classpath:application.properties"/>
<mvc:annotation-driven/>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
<property name="packagesToScan" value="org.ngo.abhishek.entity"></property>
</bean>
<!-- Transaction -->
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
The REST controller :
#RestController
#RequestMapping("/abhishek")
public class AbhishekController {
#Autowired
private AbhisheskService abhishekService;
#RequestMapping(method=RequestMethod.POST,consumes="application/json")
#Secured("ROLE_USER")
public ResponseEntity<Boolean> getUserById(#RequestBody List<AbhishekDTO> abhishekDtoList) {
boolean flag = this.abhishekService.createAbhishek(abhishekDtoList);
return new ResponseEntity<Boolean>(flag, HttpStatus.OK);
}
}

I tried your setup and it worked for me. Since you did not provide all of your code, my best guess is either the component scan of your controller for Spring Security is not happening or maybe your browser is caching and sending the Basic Auth credentials without you realizing it.

After getting a clue from Stiletto , I removed #Secured("ROLE_USER") and used expression based security check. It worked (using intercept url). So the issue was with where #Secured has been placed.
Since #Secured was in dispatcher servlet context (child context as per Spring philosophy) and spring security scope was in applicationContext (parent context) , the spring security was getting ignored.
Putting <security:global-method-security secured-annotations="enabled"/> in mvc-dispatcher-servlet.xml resolved the issue.
Similar question on SO : Spring MVC, Method level security

Related

Spring CSRF multiparfilter breaks

I have a multipart form with a file upload which gets posted as seen below in Chrome developer tools -
------WebKitFormBoundaryUkhJ5180JIBYXzLm
Content-Disposition: form-data; name="_csrf"
8d7f28ad-f436-473c-964e-fe41c42c80e4
------WebKitFormBoundaryUkhJ5180JIBYXzLm
Content-Disposition: form-data; name="_csrf"
8d7f28ad-f436-473c-964e-fe41c42c80e4
------WebKitFormBoundaryUkhJ5180JIBYXzLm--
The data seems to have a proper multipart boundary and the _csrf token included. My Spring application is configured as below for CSRF and multipartfilter -
Beans -
<bean id="tokenRepo"
class="org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository">
</bean>
<bean id="accessDeniedHandler"
class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
<property name="errorPage"
value="/WEB-INF/files/AccessDenied.html" />
</bean>
<bean id="csrfFilter" class="org.springframework.security.web.csrf.CsrfFilter">
<constructor-arg ref="tokenRepo" />
<property name="accessDeniedHandler" ref="accessDeniedHandler" />
</bean>
<bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
<sec:filter-chain-map>
<sec:filter-chain pattern="/**" filters="
csrfFilter" />
</sec:filter-chain-map>
</bean>
<bean id="multipartFilter" class="org.springframework.web.multipart.support.MultipartFilter">
</bean>
web.xml -
<filter>
<filter-name>multipartFilter</filter-name>
<filter-class>org.springframework.web.multipart.support.MultipartFilter</filter-class>
</filter>
<filter>
<filter-name>filterChainProxy</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>multipartFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>filterChainProxy</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
security.xml -
<b:beans xmlns="http://www.springframework.org/schema/security"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<http />
</b:beans>
I am using Spring Framework version 4.1.6.RELEASE and Spring Security version 4.0.2.RELEASE and Tomcat 7.
With this setup, the request does not pass multipartfilter and/or CSRF filter - I do not see it entering the filter placed after these 2 in web.xml.
If I change my server's context.xml opening context tag to include allowCasualMultipartParsing="true", the request passes into the next filter after multipartfilter and CSRF filter but when it reaches my controller, Apache Commons FileUpload finds it empty. I have tried wrapping the request in HttpServletRequestWrapper in order to typecast it in different ways but I could not salvage the request.

almost identical webapps behave differently in serving static content

I'm having a 'weird' issue in serving static content from my webapp using a Spring-Hibernate setup.
I have a (small) webapp that uses the DispatcherServlet to serve any url like this: /coverpage/* .The default servlet mapping is set to /static/*
Example:
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/coverpage/*</url-pattern>
</servlet-mapping>
In my jsp's the static content (images/js/css) is written like this:
<spring:url value="/static/styles/js/jquery-1.4.2.min.js" />
I have 4 pages in the webapp: index.jsp, new.jsp, error.jsp and includes.jsp (which isn't an actual page, duh) and a mapping for /process which returns PDF content or validation-errors when entered incorrect data.
This setup seems to work fine in my webapp.
Now for the weird part:
I have deployed the same webapp on another Tomcat instance and changed the ports so they can run simultaneously and now the references to static content are only working half the time. Only the mapping for /new (aka new.jsp) can find the static content. The rest fails to load it.
Differences between the 2 instances
Tomcat version (original runs on 6.0.29, second instance runs on 6.0.33)
Tomcat ports
Database connection (original goes to PROD db, second instance goes to TEST db - both databases are the same)
Here's my web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Coverpage creator</display-name>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<servlet-mapping>
<servlet-name>default</servlet-name>
<url-pattern>/static/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/coverpage/*</url-pattern>
</servlet-mapping>
<filter>
<filter-name>SetUTF8EncodingFilter</filter-name>
<filter-class>be.coverpagecreator.filter.SetUTF8EncodingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SetUTF8EncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Coverpage creator</web-resource-name>
<url-pattern>/coverpage/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>cpcreator</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Coverpage creator</realm-name>
</login-config>
<security-role>
<description>The role that is required to create coverpages</description>
<role-name>cpcreator</role-name>
</security-role>
</web-app>
And dispatcher-servlet config
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<import resource="application-context.xml"/>
<mvc:annotation-driven />
<mvc:interceptors>
<bean name="openSessionInViewInterceptor" class="org.springframework.orm.hibernate3.support.OpenSessionInViewInterceptor">
<property name="sessionFactory" ref="sessionFactory" />
<property name="singleSession" value="false" />
</bean>
</mvc:interceptors>
<context:component-scan base-package="be.coverpagecreator" />
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
<property name="prefix" value="/WEB-INF/jsp/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="defaultEncoding" value="UTF-8" />
<property name="useCodeAsDefaultMessage" value="false" />
<property name="basenames">
<list>
<value>/WEB-INF/messages/global</value>
<value>/WEB-INF/messages/messages</value>
</list>
</property>
</bean>
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver" />
</beans>
The problem was with the Tomcat version. I tried to run the second instance on a newly downloaded 6.0.29 Tomcat instead 6.0.33 and it seems to work fine. I'm gonna go through the Tomcat changelogs to try and find what caused this... If I find anything, I'll report back here.

Need help creating "successful authentication" page for spring security cas client

I am using Spring MVC to write a client application that will authenticate against a Spring Security CAS server.
The problem that I am running into is, after a user authenticates successfully, the browser shows a 404 error. I am not sure how to set up a "success" page in my application. Or do I need to define a callback url somewhere in the CAS server properties? Here is my code so far:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/applicationContext-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
applicationContext-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Enable security, let the casAuthenticationEntryPoint handle all intercepted
urls. The CAS_FILTER needs to be in the right position within the filter
chain. -->
<security:http entry-point-ref="casAuthenticationEntryPoint"
auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
<security:custom-filter position="CAS_FILTER"
ref="casAuthenticationFilter"></security:custom-filter>
</security:http>
<!-- Required for the casProcessingFilter, so define it explicitly set and
specify an Id Even though the authenticationManager is created by default
when namespace based config is used. -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="casAuthenticationProvider"></security:authentication-provider>
</security:authentication-manager>
<!-- This section is used to configure CAS. The service is the actual redirect
that will be triggered after the CAS login sequence. -->
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="https://localhost:8443/cas/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<!-- The CAS filter handles the redirect from the CAS server and starts
the ticket validation. -->
<bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- The entryPoint intercepts all the CAS authentication requests. It redirects
to the CAS loginUrl for the CAS login page. -->
<bean id="casAuthenticationEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<!-- Handles the CAS ticket processing. -->
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://localhost:8443/cas">
</constructor-arg>
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<!-- The users available for this application. -->
<security:user-service id="userService">
<security:user name="user" password="user" authorities="ROLE_USER"></security:user>
</security:user-service>
I would appreciate any help!
The above code was used from the following tutorial: http://www.oudmaijer.com/2009/12/28/spring-3-spring-security-3-cas-3-3-4-integration/
Update: Here is the network flow (taken from Firebug):
User clicks on https://localhost:8443/SpringMVC_CAS/secure/index.jsp
Browser performs a "302 Moved Temporarily" from /myapp/secure/index.jsp
CAS prompts log-in https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fcas%2Fj_spring_cas_security_check
https://localhost:8443/cas/j_spring_cas_security_check?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas
Browser shows https://localhost:8443/cas/login?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas
You can do that by adding an AuthenticationSuccessHandler like this:
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed.jsp"/>
</bean>
</property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
</property>
</bean>
If you set alwaysUseDefaultTargetUrl property to true also, then the defaultTargetUrl will be used for the destination otherwise a redirect to the the original destination before the authentication process commenced will tke place.
See also:
SavedRequestAwareAuthenticationSuccessHandler
SimpleUrlAuthenticationSuccessHandler

Spring MVC: I set the default page but the spring always should me the configuration files do not find

I try run a basic Java EE Spring project on eclipse(jboss 7.1.1 server, Spring 3.1.2 released), but when it always print that the configuration file do not find but I Actually put the configuration file in right place. I do not configure the welcome-file, but mvc:view-controller instead.
this is the web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee /web-app_3_0.xsd">
<display-name>springupload</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/web-application-config.xml</param-value>
</context-param>
<!-- Loads the Spring web application context -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value/>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map all *.spring requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
This is the web-application-config.xml file
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- Scans for application #Components to deploy -->
<context:component-scan base-package="com.pack" />
<!-- Imports the configurations of the different infrastructure systems of the application -->
<import resource="webmvc-config.xml" />
<!-- <import resource="webflow-config.xml" /> -->
<!-- <import resource="data-access-config.xml" /> -->
<bean class="org.springframework.web.multipart.commons.CommonsMultipartResolver" id="multipartResolver">
<property name="maxUploadSize" value="1000000"></property>
</bean>
</beans>
This is webmvc-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- Enables controllers mapped with #RequestMapping annotations, formatting annotations #NumberFormat #DateTimeFormat, and JSR 303 style validation -->
<mvc:annotation-driven/>
<mvc:resources mapping="/res/**" location="/, classpath:/META-INF/web-resources/" />
<mvc:view-controller path="/" view-name="hello"/>
<mvc:default-servlet-handler />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="jspre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
</beans>
The error you can see in the picture:
HTTP Status 404 - /springupload/WEB-INF/webmvc-config.xml
type Status report
message /springupload/WEB-INF/webmvc-config.xml
description The requested resource (/springupload/WEB-INF/webmvc-config.xml) is not available.
JBoss Web/7.0.13.Final
I really do not know why I configure the html and jsp page, while it should some configuration file as my start page?
Your configuration is not far from being OK.
One thing I notice is that the hello.html file is in your root WebContent folder. I suppose this is the view you want rendered when you access http://localhost:8080/springupload/ because of this line in the configuration:
<mvc:view-controller path="/" view-name="hello"/>
If this is so, then Spring is trying to resolve to /WEB-INF/hello.html because of the prefix and suffix on this viewResolver :
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
However, you have two view resolvers with no order in them, and Spring is taking only the first one which resolves to /WEB-INF/hello.jsp, hence the 404 Not found
To wrap it up your solution is to move hello.html to /WEB-INF/ and to change your viewResolver configuration in webmvc-config.xml like so
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="jspre">
<property name="order" value="2" />
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="order" value="1" />
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
Last, you're not supposed to access directly content in the http://localhost:8080/WEB-INF/* URL, so everything you try here will result in a 404 Not found.
change your configuration file name to [dispatcher servlet name]-servlet.xml
http://static.springsource.org/spring/docs/3.0.x/reference/mvc.html

configure BasicDataSource as bean in web.xml

I'm trying to configure org.apache.commons.dbcp.BasicDataSource as bean in web.xml under a tomcat project using tomcat 6. (it's red5 with tomcat, we can ignore that the main server is actually red5 because i actually run jsp files under port 5080 and don't connect to the red5 directly using RTMP protocol)
my web.xml:
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/ j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>gamesisland-login-red5</display-name>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>/[myapp]</param-value>
</context-param>
<listener>
<listener-class>org.red5.logging.ContextLoggingListener</listener-class>
</listener>
<filter>
<filter-name>LoggerContextFilter</filter-name>
<filter-class>org.red5.logging.LoggerContextFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>LoggerContextFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>rtmpt</servlet-name>
<servlet-class>org.red5.server.net.rtmpt.RTMPTServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>rtmpt</servlet-name>
<url-pattern>/fcs/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>rtmpt</servlet-name>
<url-pattern>/open/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>rtmpt</servlet-name>
<url-pattern>/close/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>rtmpt</servlet-name>
<url-pattern>/send/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>rtmpt</servlet-name>
<url-pattern>/idle/*</url-pattern>
</servlet-mapping>
<security-constraint>
<web-resource-collection>
<web-resource-name>Forbidden</web-resource-name>
<url-pattern>/streams/*</url-pattern>
</web-resource-collection>
<auth-constraint/>
</security-constraint>
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="/WEB-INF/red5-web.properties" />
</bean>
<bean id="idDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName"><value>${db.driver}</value></property>
<property name="url"><value>${db.url}</value></property>
<property name="username"><value>${db.username}</value></property>
<property name="password"><value>${db.password}</value></property>
<property name="poolPreparedStatements"><value>true</value></property>
<property name="maxActive"><value>10</value></property>
<property name="maxIdle"><value>10</value></property>
</bean>
</web-app>
my red5-web.properties:
webapp.contextPath=/myapp
webapp.virtualHosts=*
db.driver=com.mysql.jdbc.Driver
db.url=jdbc:mysql://127.0.0.1:3306/dbname
db.username=user
db.password=pass
does tomcat automatically searches for WEB-INF/web.xml for configuration?
why don't I get any relevant errors to the creation of idDataSource ?
I really don't have any clue how to pinpoint or debug the problem.
any assistance would be greatly appreciated.
thank you!
kfir
I don't know nothing about Red5, but it seems like you trying to put Spring beans directly inside web.xml, which is wrong. You are suppose to create a separate Spring configuration file that will be picked up by Springs' ContextLoaderListener. First, add this to your web.xml:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Than create applicationContext.xml file under /WEB-INF:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="placeholderConfig" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
<property name="location" value="/WEB-INF/red5-web.properties" />
</bean>
<bean id="idDataSource" class="org.apache.commons.dbcp.BasicDataSource" destroy-method="close">
<property name="driverClassName"><value>${db.driver}</value></property>
<property name="url"><value>${db.url}</value></property>
<property name="username"><value>${db.username}</value></property>
<property name="password"><value>${db.password}</value></property>
<property name="poolPreparedStatements"><value>true</value></property>
<property name="maxActive"><value>10</value></property>
<property name="maxIdle"><value>10</value></property>
</bean>
</beans>
Of course all the <bean/> declarations should go away from web.xml.
Second thought: looking at this document it seems like Red5 uses a file named red5-web.xml, please go through this documentation carefully.

Resources