I'm newbie at spring security it's my first use to spring security at me APP
My application has developed using jsf2 , primefaces , spring , hibernate
after developing it I'm trying to integrate it with Spring security framework
there are two problems
1- when access any URL from app , my app isn't navigate him to login page
2- when one user logged in and someone else tried to access the application in the same time , he see that someone is logged in and conflicts are happenned and at end throw exceptions meaning there is no new created session for the second user
My applicationContext-Security.xml is
<context:property-placeholder location="classpath:resources/jdbc.properties" />
<!-- For Spring auto wiring -->
<tx:annotation-driven />
<context:annotation-config />
<context:component-scan base-package="main.com.zc.attSys" />
<tx:annotation-driven transaction-manager="hibernateTransactionManager" />
<http use-expressions="true">
<form-login login-page="/pages/courseFeedBack/ask/login.xhtml"
authentication-failure-url="/pages/courseFeedBack/ask/login.xhtml" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="userDetailsService">
</authentication-provider>
</authentication-manager>
</beans:beans>
my web.xml is :
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<!-- Add Support for Spring -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>com.sun.faces.conf
ig.ConfigureListener</listener-class>
</listener>
<listener>
<listener-class>
org.springframework.security.web.session.HttpSessionEventPublisher
</listener-class>
</listener>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.jsf</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<!-- <context-param> <param-name>primefaces.THEME</param-name> <param-value>none</param-value>
</context-param> -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<session-config>
<session-timeout>1</session-timeout>
</session-config>
</web-app>
any help please ?
Related
I have configured Spring Security but it can't work.
My web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcherServlet-servlet.xml
/WEB-INF/security-config.xml
</param-value>
</context-param>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/spring/*</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security filter -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
When I defined DispatcherServlet's url-pattern / , it works fine .
But when I change it to /spring/* , although I configed filter-mapping's url-pattern both of /* and /spring/* , it can't work
In this case what can I do ? Please tell me
I'm failing to integrate an existing custom Single-sign-on service (for the authentication of my spring mvc application -aka. myApp-).
Once I map the spring DispatcherServlet to "/", myApp skips the authentication process against the SSO application, no matter if there's session or not.
Web.xml (Spring Configuration)
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</context-param>
<!-- Spring MVC DispatcherServlet -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Here is the configuration that I need to integrate in myApp web.xml, to integrate the SSO authentication:
Web.xml (Custom SSO Configuration)
<filter>
<filter-name>SSOAuthenticationFilter</filter-name>
<filter-class>custom.sso.SSOAuthenticationFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SSOAuthenticationFilter</filter-name>
<url-pattern>/WEB-INF/views/*</url-pattern>
</filter-mapping>
<!-- Context Params -->
<context-param>
<param-name>myAppId</param-name>
<param-value>65asd5a4sd65asd65a4sd65asd4</param-value>
</context-param>
<context-param>
<param-name>loginPath</param-name>
<param-value>login.jsp</param-value>
</context-param>
<context-param>
<param-name>ssoAppPath</param-name>
<param-value>http://localhost:8080/SSO_AuthenticationApp</param-value>
</context-param>
<!-- SSO Login Servlet -->
<servlet>
<servlet-name>SSOloginServlet</servlet-name>
<servlet-class>custom.sso.SSOLoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>SSOloginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<!-- SSO properties (myAppId, ssoAppPath, loginPath) -->
<listener>
<listener-class>custom.sso.SSOPropertiesRetriever</listener-class>
</listener>
How can I configurate spring to let the SSO servlet to do the authentication process?
I was thinking if there's a way of declaring the customSSO servlet as a bean in the spring dispatcher-servlet-config.xml?
Or maybe implementing it in a #Controller?
(My hands are tied about the sso, I'm forced to use it for the authentication, cause myApp will be just another in a family of applications login through this custom sso... I would prefer to use spring security instead).
Thanks.
EDITED:
I finally opted for a migration to Spring Boot, seems way more clear to configure a project that way.
For the filter you can use a SpringFilter and implement the logic in a bean:
<filter>
<filter-name>springFilter</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>targetBeanName</param-name>
<param-value>authenticationFilter</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springFilter</filter-name>
<url-pattern>/some-url</url-pattern>
</filter-mapping>
For the servlet I guess you may have to change your mappings to something that looks like the following:
<servlet>
<servlet-name>loginServlet</servlet-name>
<servlet-class>my.package.LoginServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>loginServlet</servlet-name>
<url-pattern>/login</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
Here I'm assuming that everything goes in the same WEB.xml file
I created a spring application and deployed it in tomcat server (Tomcat v5.5 Server). I checked in tomcat manager and found my application is listed.But while i try to run my application,i am getting a page showing
**This program cannot display the webpage
Most likely causes:
You are not connected to the Internet.
The website is encountering problems.
There might be a typing error in the address.
What you can try:
Check your Internet connection. Try visiting another website to make sure you are connected.
Retype the address.**
I don't know where i am missing out.Please help me in sorting out this issue.
My web.xml file as follows
<?xml version="1.0"?>
<web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<context-param>
<description>Log4j configuration file used by spring to initialize logging</description>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:pricingLog4j.properties</param-value>
</context-param>
<context-param>
<description>By default myfaces serializes the current view and saves it in session after view is rendered.
In Pricing UI, values on the Page tags are bound to UIComponents on backing bean using "binding" attribute. Most of the components are created
in the backing bean. When myfces serializes, it serializes the wrapped object under UIComponents, i.e HtmlDataTabl's value attribute, which are in Pricing UI case
business objects which have a big graphs attached to it and you start getting "serialization" error
Keep this pram-value to false to avoid serialization.</description>
<param-name>org.apache.myfaces.SERIALIZE_STATE_IN_SESSION</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>Comma separated list of URIs of (additional) faces config
files. (e.g. /WEB-INF/my-config.xml) See JSF 1.0 PRD2,
10.3.2.
DONOT ADD DEFAULT faces-config.xml HERE. IT IS AUTOMATICALLY LOADED BY FACES. IF GIVEN HERE, IT WILL BE LOADED TWICE</description>
<param-name>javax.faces.CONFIG_FILES</param-name>
<param-value>/WEB-INF/faces-navigation.xml</param-value>
</context-param>
<context-param>
<param-name>facelets.LIBRARIES</param-name>
<param-value>
/WEB-INF/taglib/tomahawk-taglib.xml;
/WEB-INF/taglib/tomahawk-sandbox-taglib.xml;
/WEB-INF/taglib/jcp-pricing-ui-taglib.xml;
/WEB-INF/taglib/acegijsf-taglib.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.DEFAULT_SUFFIX</param-name>
<param-value>.xhtml</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:/config/pricingEngineContext-caching.xml
classpath:/config/pricingEngineContext-messaging.xml
classpath:/config/pricingEngineContext-service.xml
classpath:/config/pricingEngineContext.xml
classpath:/config/pricingWebApplicationContext.xml
classpath:/config/securityContext.xml</param-value>
</context-param>
<context-param>
<description>State saving method: "client" or "server" (= default) See
JSF Specification 2.5.2</description>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>server</param-value>
</context-param>
<context-param>
<description>This parameter tells MyFaces if javascript code should be
allowed in the rendered HTML output. If javascript is
allowed, command_link anchors will have javascript code that
submits the corresponding form. If javascript is not
allowed, the state saving info and nested parameters will be
added as url parameters. Default: "true"</description>
<param-name>org.apache.myfaces.ALLOW_JAVASCRIPT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<description>If true, rendered HTML code will be formatted, so that it is
"human readable". i.e. additional line separators and
whitespace will be written, that do not influence the HTML
code. Default: "true"</description>
<param-name>org.apache.myfaces.PRETTY_HTML</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>org.apache.myfaces.DETECT_JAVASCRIPT</param-name>
<param-value>false</param-value>
</context-param>
<context-param>
<description>If true, a javascript function will be rendered that is able
to restore the former vertical scroll on every request.
Convenient feature if you have pages with long lists and you
do not want the browser page to always jump to the top if
you trigger a link or button action that stays on the same
page. Default: "false"</description>
<param-name>org.apache.myfaces.AUTO_SCROLL</param-name>
<param-value>true</param-value>
</context-param>
<!-- Special Debug Output for Development -->
<context-param>
<param-name>facelets.DEVELOPMENT</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>facelets.REFRESH_PERIOD</param-name>
<param-value>2</param-value>
</context-param>
<context-param>
<param-name>org.ajax4jsf.SKIN</param-name>
<param-value>DEFAULT</param-value>
</context-param>
<filter>
<filter-name>Acegi Channel Processing Filter</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.securechannel.ChannelProcessingFilter</param-value>
</init-param>
</filter>
<filter>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<filter-class>org.acegisecurity.util.FilterToBeanProxy</filter-class>
<init-param>
<param-name>targetClass</param-name>
<param-value>org.acegisecurity.util.FilterChainProxy</param-value>
</init-param>
</filter>
<!-- Spring Open Session In View Pattern filter -->
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<!-- Extensions Filter -->
<filter>
<description>Set the size limit for uploaded files. Format: 10 - 10 bytes
10k - 10 KB 10m - 10 MB 1g - 1 GB</description>
<filter-name>extensionsFilter</filter-name>
<filter-class>org.apache.myfaces.webapp.filter.ExtensionsFilter</filter-class>
<init-param>
<param-name>uploadMaxFileSize</param-name>
<param-value>100m</param-value>
</init-param>
<init-param>
<description>Set the threshold size - files below this limit are
stored in memory, files above this limit are stored on
disk.
Format: 10 - 10 bytes 10k - 10 KB 10m - 10 MB 1g - 1 GB</description>
<param-name>uploadThresholdSize</param-name>
<param-value>100k</param-value>
</init-param>
<init-param>
<description>Set the path where the intermediary files will be
stored.</description>
<param-name>uploadRepositoryPath</param-name>
<param-value>/tmp</param-value>
</init-param>
</filter>
<filter>
<filter-name>orchestraFilter</filter-name>
<filter-class>org.apache.myfaces.orchestra.conversation.jsf.filter.OrchestraServletFilter</filter-class>
</filter>
<filter>
<filter-name>promotionFilter</filter-name>
<filter-class>com.jcpenney.web.servlet.PromotionFilter</filter-class>
</filter>
<filter>
<display-name>Ajax4jsf Filter</display-name>
<filter-name>ajax4jsf</filter-name>
<filter-class>org.ajax4jsf.Filter</filter-class>
</filter>
<filter-mapping>
<filter-name>Acegi Channel Processing Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Acegi Filter Chain Proxy</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<filter-mapping>
<filter-name>orchestraFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<!-- Spring/Hibernate filter mappings -->
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>*.remoting</url-pattern>
</filter-mapping>
<!-- Filter Mappings necessary to run myfaces -->
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>/faces/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>extensionsFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>promotionFilter</filter-name>
<url-pattern>*.faces</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ajax4jsf</filter-name>
<servlet-name>Faces Servlet</servlet-name>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Myfaces JSF Listener, that does all the startup work (configuration, init). -->
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<listener>
<listener-class>org.apache.myfaces.orchestra.conversation.servlet.ConversationManagerSessionListener</listener-class>
</listener>
<listener>
<listener-class>com.jcpenney.pricing.web.listeners.SessionLoggingListener</listener-class>
</listener>
<listener>
<listener-class>com.jcpenney.pricing.audit.LogoutLogger</listener-class>
</listener>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- This servlet is needed to workaround a websphere bug (http://issues.apache.org/jira/browse/TOMAHAWK-663)
Another workaround is on Websphere set com.ibm.ws.webcontainer.invokefilterscompatibility=true as container
property, but that is one more step for server configuration team
-->
<servlet>
<servlet-name>Tomahawk-663 Websphere Workaround Servlet</servlet-name>
<servlet-class>com.jcpenney.web.Tomahawk663Servlet</servlet-class>
</servlet>
<servlet>
<servlet-name>dwr-invoker</servlet-name>
<servlet-class>org.directwebremoting.servlet.DwrServlet</servlet-class>
<init-param>
<param-name>debug</param-name>
<param-value>false</param-value>
</init-param>
</servlet>
<!-- Mapping for MyFaces components -->
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.faces</url-pattern>
</servlet-mapping>
<!-- This mapping is needed to back the MyFaces Extention Filter to workaround a websphere bug -->
<servlet-mapping>
<servlet-name>Tomahawk-663 Websphere Workaround Servlet</servlet-name>
<url-pattern>/faces/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>dwr-invoker</servlet-name>
<url-pattern>/dwr/*</url-pattern>
</servlet-mapping>
<!-- pricingUi Monitoring Simple Spring Servlet-->
<servlet>
<servlet-name>pricingUi-monitoring</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>pricingUi-monitoring</servlet-name>
<url-pattern>/ping</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pricingUi-monitoring</servlet-name>
<url-pattern>/services/ping</url-pattern>
</servlet-mapping>
<!-- Spring Message Dispatcher Servlet for WebServices Call -->
<servlet>
<servlet-name>pricingEngine</servlet-name>
<servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
<init-param>
<param-name>transformWsdlLocations</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:config/pricingEngineContext-webservice.xml</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>sale-price-upload</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>sale-price-upload</servlet-name>
<url-pattern>/services/salePriceFileUpload</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pricingEngine</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>pricingEngine</servlet-name>
<url-pattern>*.wsdl</url-pattern>
</servlet-mapping>
<!-- Session Configuration -->
<session-config>
<!-- the time until the session expires in min (60min)-->
<session-timeout>60</session-timeout>
</session-config>
<!-- Welcome files -->
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
</web-app>
I cannot see the exact log messages that is generated for this Error here in the question. Not enough information.
It is also not mentioned how you are building your application and whether the application build is successful or not. I assuming the build is successful.
For a workaround suggestion, if you are using pom.xml in your application and maven to build, can you please check the <source> and <target> of your application?
<source>1.8</source>
<target>1.8</target>
If the java version that is mentioned in your pom is mis-matched with your system's java version, the error may appear. That is, your server may startup but your application maynot.
Also you can check your system's java version by using below commands like:
java -version
javac -version
Both the versions should be matched. If you see any difference, change the necessary and rebuild your application and restart the server.
I have a problem when trying to introduce Spring Security to my webapp. Here's my web.xml:
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:application-context.xml
classpath:web-context.xml
classpath:security-context.xml
</param-value>
</context-param>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/services/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/admin</url-pattern>
</servlet-mapping>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
<!-- Spring Security config -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
security-context.xml:
<security:http auto-config='true'>
<security:intercept-url pattern="/admin.html" />
<security:http-basic />
</security:http>
<security:http pattern="/services/**" security="none" />
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="admin" password="analyzer4321"
authorities="ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
When I'm trying to run server I have this exception on start:
java.lang.IllegalArgumentException: A universal match pattern ('/**')
is defined before other patterns in the filter chain, causing them to be ignored.
Please check the ordering in your <security:http> namespace or
FilterChainProxy bean configuration.
I have no idea what I'm doing wrong. Any suggestions?
This section in your security-context.xml file:
<security:http auto-config='true'>
<security:intercept-url pattern="/admin.html" />
<security:http-basic />
</security:http>
is processed before this (the second) one (because of their order):
<security:http pattern="/services/**" security="none" />
The first section says: restrict access to /admin.html and allow free access to any other page.
The second section is useless. It says: allow access to all pages that match /services/**. But this has already been allowed by the first section.
You can remove the second section, or put it before the first.
See the Spring Security Reference for more details on using multiple <http> tags.
BTW, <intercept-url> tag usually has an access attribute. I am not sure whether <intercept-url> can be used without access. See here for details.
The first pattern Spring security takes up is from the http tag in the pattern attribute. If no pattern attribute is declared in the http tag, it defaults to <security:http pattern="/**">
the intercept-url tag attribute is allways taken up in second place ie after de http pattern tag.
If you have two or more http tags, you should allways declare the pattern attribute with values so no conflicts occur
1.From searching the web i understand that to use spring with gwt i would have to replace the default DispatcherServlet with org.spring4gwt.server.SpringGwtRemoteServiceServlet . But all the geomajas ( which uses spring + gwt ) examples i have seen use in fact the supposed-to-be-replaced DispatcherServlet. How could i do that too? .
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<display-name>Geomajas application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
<!-- framework context -->
classpath:org/geomajas/spring/geomajasContext.xml
<!-- use rasterizing -->
classpath:org/geomajas/plugin/rasterizing/DefaultRasterizedPipelines.xml
<!-- application context -->
WEB-INF/applicationContext.xml
WEB-INF/layerOsm.xml
WEB-INF/mapOsm.xml
</param-value>
</context-param>
<filter>
<filter-name>CacheFilter</filter-name>
<filter-class>org.geomajas.servlet.CacheFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CacheFilter</filter-name>
<url-pattern>*</url-pattern>
</filter-mapping>
<!-- only needed for direct GWT -->
<listener>
<listener-class>org.geomajas.servlet.PrepareScanningContextListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:META-INF/geomajasWebContext.xml</param-value>
<description>Spring Web-MVC specific (additional) context files.</description>
</init-param>
<load-on-startup>3</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/d/*</url-pattern>
<url-pattern>/${artifactId}/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
</web-app>
What modifications must i make to the above file so that i can add another spring managed servlet ?
Here is how I integrated Spring with GWT via |SpringGwtRemoteServiceServlet:
Inweb.xml`:
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatch</servlet-name>
<servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>dispatch</servlet-name>
<url-pattern>/dispatch/*</url-pattern>
</servlet-mapping>
<servlet>
<servlet-name>springGwtRemoteServiceServlet</servlet-name>
<servlet-class>org.spring4gwt.server.SpringGwtRemoteServiceServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>springGwtRemoteServiceServlet</servlet-name>
<url-pattern>/nameOfYourApp/springGwtServices/*</url-pattern>
</servlet-mapping>
Than, whenever you wish to define a Spring managed service, use springGwtServices in the RemoteServiceRelativePath:
import com.google.gwt.user.client.rpc.RemoteServiceRelativePath;
import com.google.gwt.user.client.rpc.RemoteService;
#RemoteServiceRelativePath("springGwtServices/userService")
public interface UserService extends RemoteService{
}
For an implementation example:
import com.google.gwt.user.server.rpc.RemoteServiceServlet;
#Service("userService")
public class UserServiceImpl extends RemoteServiceServlet implements UserService{
}
I hope this is what you needed