I have been trying to solve this problem for several days now and I also couldn't find any posts in forums with a similar problem. I have Spring Theme working well when I have the servlet mapping url-pattern as *.html in the web.xml file. However, if I change the url-pattern in the web.xml file to forward slash, so that the default servlet handles all requests and that the URLs can look like REST URLs, then I use to get NO MAPPING error, which results in not able to display the css settings for web pages. The NO MAPPING warning that I get use to get is as follows:
WARN http-apr-8080-exec-6 (DispatcherServlet.java:947) - No mapping found for HTTP request with URI [/MyApp/themes/default.css] in DispatcherServlet with name 'spring'.
But upon the mapping issue being solved by adding to my Spring servlet configuration file:
<mvc:default-servlet-handler />
another problem has arisen: Now, upon the application being started and prior to any operations, the use of clicking the Theme choice prior to any REST operation works well. It all works fine displaying the correct Theme. In fact, if I go via the normal Controllers (without REST) and do non-REST operations, everything continues to work as normal and I can switch between Themes. However, upon going via REST, and upon clicking on a Theme and even though it returns the same view name as the normal Controller would return, I get the following error in the browser and strangely with no console (debug) messages being reported:
HTTP Status 405 - Request method 'GET' not supported
type Status report
message Request method 'GET' not supported
description The specified HTTP method is not allowed for the requested resource (Request method 'GET' not supported).
Apache Tomcat/7.0.29
Here is my UPDATED web.xml files is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
<display-name>LiveAppSpring</display-name>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>encodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>liveAppSpring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>liveAppSpring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
and my UPDATED Spring servlet configuration is:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<mvc:annotation-driven />
<mvc:default-servlet-handler />
<mvc:interceptors>
<beans:bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<beans:property name="paramName" value="lang" />
</beans:bean>
<beans:bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor">
<beans:property name="paramName" value="theme" />
</beans:bean>
</mvc:interceptors>
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<mvc:resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory -->
<!--
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
View Classes:
<beans:property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<beans:property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView" />
-->
<!--
<beans:bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<beans:property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jsp" />
</beans:bean>
-->
<!-- This attribute could also be added to viewResolver bean below...
<beans:property name="requestContextAttribute" value="requestContext"/>
-->
<beans:bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<beans:property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView" />
</beans:bean>
<beans:bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
<beans:property name="definitions">
<beans:list>
<beans:value>/WEB-INF/tiles.xml</beans:value>
</beans:list>
</beans:property>
</beans:bean>
<!-- Application Message Bundle -->
<beans:bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<beans:property name="basename" value="classpath:messages" />
<beans:property name="defaultEncoding" value="UTF-8"/>
</beans:bean>
<beans:bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
<beans:property name="defaultLocale" value="en"/>
</beans:bean>
<!-- Theme setup -->
<beans:bean id="themeSource" class="org.springframework.ui.context.support.ResourceBundleThemeSource">
<beans:property name="basenamePrefix" value="theme-" />
</beans:bean>
<beans:bean id="themeResolver" class="org.springframework.web.servlet.theme.CookieThemeResolver">
<beans:property name="defaultThemeName" value="default" />
</beans:bean>
<!--
The 2 bean declarations below are NOT compatible with 3.0.5 as it conflicts with the mvc tag library (as defined in header).
Work around is to have the mvc:interceptors tag declared as done near the top of this configuration file.
-->
<!--
<beans:bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
<beans:property name="paramName" value="lang" />
</beans:bean>
-->
<!--
<beans:bean id="handlerMapping" class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping">
<beans:property name="interceptors">
<beans:ref bean="localeChangeInterceptor" />
</beans:property>
</beans:bean>
-->
<context:component-scan base-package="com.liveapp.spring" />
</beans:beans>
And finally, my Theme properties files are location in
LiveAppSpring\src\main\resources
with the contents of all Theme properties files having the following pattern:
css=themes/default.css
AND to be safe, I have my css files duplicated in all 3 directories:
LiveAppSpring\src\main\webapp\resources
LiveAppSpring\src\main\webapp\resources\themes
LiveAppSpring\src\main\webapp\themes
Any directions would be appreciated.
I expect that /MyApp/themes/default.css should deliver default.css. But this is a resource file, and you mapped them by
<mvc:resources mapping="/resources/**" location="/resources/" />
So the right request url would be /MyApp/resources/default.css (assuming that the default.css is located in webapp/resources/default.css)
Related
I have one application that is using Spring framework version 3.2.9.RELEASE and upgraded to 5.3.22 and With this, I have not made any configuration changes so far.
My DispatcherServlet.xml and all the web.xml configurations are as is.
But before this upgrade, I have a controller with #RequestMapping("/ssoLogin") and if I use the URL "ssoLogin.html", it was able to find the controller, but after this upgrade it is not able to do so.
Below is my web.xml dispatcher server config
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
<url-pattern>/auth/*</url-pattern>
<url-pattern>/api/*</url-pattern>
</servlet-mapping>
Below is the view resolver configuration
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
<!--To maintain HTTPS state -->
<property name="redirectHttp10Compatible" value="false" />
</bean>
Till now no config change and the URL ending with .html extension was working fine and after upgrade it is not working and getting 404 not found error in browser.
Thank you #M. Deinum
Your comment helped me.
To solve this problem, I went though the below links
https://github.com/spring-projects/spring-framework/issues/24179
https://github.com/lamsfoundation/lams/commit/7ff6d4b34cd71ac45741cb7c8d0c3ef6909eadf4
https://github.com/spring-projects/spring-framework/issues/23915#issuecomment-563987147
And based on this I made below change in my dispatcher-servlet.xml file
<mvc:annotation-driven>
<mvc:path-matching suffix-pattern="true" />
</mvc:annotation-driven>
And this has solved my problem.
Environment :
Spring 4.1
Spring security 4.0
Issue :
I am developing a simple REST service using Spring 4.1. And using Spring security for authentication purpose.
I am using HTTP Basic Authentication.
The issue is , basic authentication is not working even after all configuration is correct.
I am using postman to send a request to server.
REST client can call the REST controller method without Authorization header.
The method gets executed successfully without any authentication error.
Since I am using Tomcat 6 , I am not using servlet 3.0 features , so web.xml does exist.
The method level security has been implemented using #Secured annotation on REST controller layer.
Can anybody please help as to where I am going wrong ?
Code :
web.xml :
<web-app>
<display-name>Archetype Created Web Application</display-name>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet-security.xml</param-value>
</context-param>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>FORWARD</dispatcher>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
</web-app>
mvc-servlet-dispatcher-security.xml :
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.1.xsd">
<http use-expressions="true" create-session="stateless">
<http-basic/>
<csrf disabled="true"/>
</http>
<global-method-security secured-annotations="enabled"/>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="XYZ" password="12345" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
mvc-dispatcher-servlet.xml :
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Specifying base package of the Components like Controller, Service, DAO -->
<context:component-scan base-package="org.ngo" />
<!-- Getting Database properties -->
<context:property-placeholder location="classpath:application.properties"/>
<mvc:annotation-driven/>
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${jdbc.driverClassName}" />
<property name="url" value="${jdbc.url}" />
<property name="username" value="${jdbc.username}" />
<property name="password" value="${jdbc.password}" />
</bean>
<bean id="sessionFactory"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource">
<ref bean="dataSource" />
</property>
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="hibernate.show_sql">true</prop>
</props>
</property>
<property name="packagesToScan" value="org.ngo.abhishek.entity"></property>
</bean>
<!-- Transaction -->
<bean id="transactionManager"
class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager" />
</beans>
The REST controller :
#RestController
#RequestMapping("/abhishek")
public class AbhishekController {
#Autowired
private AbhisheskService abhishekService;
#RequestMapping(method=RequestMethod.POST,consumes="application/json")
#Secured("ROLE_USER")
public ResponseEntity<Boolean> getUserById(#RequestBody List<AbhishekDTO> abhishekDtoList) {
boolean flag = this.abhishekService.createAbhishek(abhishekDtoList);
return new ResponseEntity<Boolean>(flag, HttpStatus.OK);
}
}
I tried your setup and it worked for me. Since you did not provide all of your code, my best guess is either the component scan of your controller for Spring Security is not happening or maybe your browser is caching and sending the Basic Auth credentials without you realizing it.
After getting a clue from Stiletto , I removed #Secured("ROLE_USER") and used expression based security check. It worked (using intercept url). So the issue was with where #Secured has been placed.
Since #Secured was in dispatcher servlet context (child context as per Spring philosophy) and spring security scope was in applicationContext (parent context) , the spring security was getting ignored.
Putting <security:global-method-security secured-annotations="enabled"/> in mvc-dispatcher-servlet.xml resolved the issue.
Similar question on SO : Spring MVC, Method level security
The application works perfectly with the following config files:
My Web.XML is as follows
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/classes/spring/mvc-dispatcher-servlet.xml</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>*.do</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/classes/spring/spring-context.xml,
/WEB-INF/classes/spring/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
My mvc-dispatcher-servlet
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<context:component-scan base-package="biz.canisrigel.slapMe" />
<!-- enable autowire -->
<context:annotation-config />
My spring-context.xml is
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<context:component-scan base-package="biz.canisrigel.slapMe" />
<!-- enable autowire -->
<context:annotation-config />
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost/slapMe" />
<property name="username" value="root" />
<property name="password" value="adminadmin" />
</bean>
<bean id="sqlSessionFactory" class="org.mybatis.spring.SqlSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="typeAliasesPackage" value="biz.canisrigel.slapMe.bean" />
</bean>
<!-- scan for mappers and let them be autowired -->
<bean class="org.mybatis.spring.mapper.MapperScannerConfigurer">
<property name="basePackage" value="biz.canisrigel.slapMe.mapper" />
</bean>
I couldn't run spring security properly cause earlier spring-context.xml was the xml config file for dispatcher servlet for MVC. So I moved spring-context to contextConfigLocation. But then I had to provide something to dispatcher servlet.
My problem is that mvc-dispatcher-servlet.xml and spring-context is having same data. If I remove mvc-dispatcher its an error. If I don't place the contents of mvc-dispatcher in spring context then also error occurs.
Where am I going wrong in my understanding of concepts.
A few things:
Your web.xml looks correct
The InternalResourceViewResolver should only exist in your mvc-dispatcher-servlet.xml since it is directly related to MVC -- remove it from your spring-context.xml
You can have context:component-scan in both configuration files, but they should be scanning different packages. The one in your servlet xml will generally be component scanning your controller packages (and anything else directly related to MVC), and the one in your parent spring context xml will generally be scanning your services, DAOs, etc. In general, your component scan packages should be very specific; you should never point it towards the base package of your entire application!
You can remove context:annotation-config -- it is redundant if you have context:component-scan
Your MVC context should have only configuration related to MVC which generally includes ViewResolvers, FileUpload, PropertyFiles, Message/Theme Resolvers etc. Your applicationContext will have beans related to DAO, Service and other utils. The security file should have security configuration. To understand better and to know good/recommended practices, check out the spring greehouse code.
I am using Spring MVC to write a client application that will authenticate against a Spring Security CAS server.
The problem that I am running into is, after a user authenticates successfully, the browser shows a 404 error. I am not sure how to set up a "success" page in my application. Or do I need to define a callback url somewhere in the CAS server properties? Here is my code so far:
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/applicationContext-security.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
applicationContext-security.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:sec="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Enable security, let the casAuthenticationEntryPoint handle all intercepted
urls. The CAS_FILTER needs to be in the right position within the filter
chain. -->
<security:http entry-point-ref="casAuthenticationEntryPoint"
auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER"></security:intercept-url>
<security:custom-filter position="CAS_FILTER"
ref="casAuthenticationFilter"></security:custom-filter>
</security:http>
<!-- Required for the casProcessingFilter, so define it explicitly set and
specify an Id Even though the authenticationManager is created by default
when namespace based config is used. -->
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider
ref="casAuthenticationProvider"></security:authentication-provider>
</security:authentication-manager>
<!-- This section is used to configure CAS. The service is the actual redirect
that will be triggered after the CAS login sequence. -->
<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
<property name="service"
value="https://localhost:8443/cas/j_spring_cas_security_check"></property>
<property name="sendRenew" value="false"></property>
</bean>
<!-- The CAS filter handles the redirect from the CAS server and starts
the ticket validation. -->
<bean id="casAuthenticationFilter"
class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"></property>
</bean>
<!-- The entryPoint intercepts all the CAS authentication requests. It redirects
to the CAS loginUrl for the CAS login page. -->
<bean id="casAuthenticationEntryPoint"
class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
<property name="loginUrl" value="https://localhost:8443/cas/login"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
</bean>
<!-- Handles the CAS ticket processing. -->
<bean id="casAuthenticationProvider"
class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
<property name="userDetailsService" ref="userService"></property>
<property name="serviceProperties" ref="serviceProperties"></property>
<property name="ticketValidator">
<bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
<constructor-arg index="0" value="https://localhost:8443/cas">
</constructor-arg>
</bean>
</property>
<property name="key" value="cas"></property>
</bean>
<!-- The users available for this application. -->
<security:user-service id="userService">
<security:user name="user" password="user" authorities="ROLE_USER"></security:user>
</security:user-service>
I would appreciate any help!
The above code was used from the following tutorial: http://www.oudmaijer.com/2009/12/28/spring-3-spring-security-3-cas-3-3-4-integration/
Update: Here is the network flow (taken from Firebug):
User clicks on https://localhost:8443/SpringMVC_CAS/secure/index.jsp
Browser performs a "302 Moved Temporarily" from /myapp/secure/index.jsp
CAS prompts log-in https://localhost:8443/cas/login?service=https%3A%2F%2Flocalhost%3A8443%2Fcas%2Fj_spring_cas_security_check
https://localhost:8443/cas/j_spring_cas_security_check?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas
Browser shows https://localhost:8443/cas/login?ticket=ST-17-RHf3OTJXAWePgzVGP2nc-cas
You can do that by adding an AuthenticationSuccessHandler like this:
<bean id="casAuthenticationFilter" class="org.springframework.security.cas.web.CasAuthenticationFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="authenticationFailureHandler">
<bean class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
<property name="defaultFailureUrl" value="/casfailed.jsp"/>
</bean>
</property>
<property name="authenticationSuccessHandler">
<bean class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
<property name="defaultTargetUrl" value="/"/>
</bean>
</property>
</bean>
If you set alwaysUseDefaultTargetUrl property to true also, then the defaultTargetUrl will be used for the destination otherwise a redirect to the the original destination before the authentication process commenced will tke place.
See also:
SavedRequestAwareAuthenticationSuccessHandler
SimpleUrlAuthenticationSuccessHandler
I try run a basic Java EE Spring project on eclipse(jboss 7.1.1 server, Spring 3.1.2 released), but when it always print that the configuration file do not find but I Actually put the configuration file in right place. I do not configure the welcome-file, but mvc:view-controller instead.
this is the web.xml file:
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="3.0"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee /web-app_3_0.xsd">
<display-name>springupload</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/web-application-config.xml</param-value>
</context-param>
<!-- Loads the Spring web application context -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value/>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Map all *.spring requests to the DispatcherServlet for handling -->
<servlet-mapping>
<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
This is the web-application-config.xml file
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<!-- Scans for application #Components to deploy -->
<context:component-scan base-package="com.pack" />
<!-- Imports the configurations of the different infrastructure systems of the application -->
<import resource="webmvc-config.xml" />
<!-- <import resource="webflow-config.xml" /> -->
<!-- <import resource="data-access-config.xml" /> -->
<bean class="org.springframework.web.multipart.commons.CommonsMultipartResolver" id="multipartResolver">
<property name="maxUploadSize" value="1000000"></property>
</bean>
</beans>
This is webmvc-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
<!-- Enables controllers mapped with #RequestMapping annotations, formatting annotations #NumberFormat #DateTimeFormat, and JSR 303 style validation -->
<mvc:annotation-driven/>
<mvc:resources mapping="/res/**" location="/, classpath:/META-INF/web-resources/" />
<mvc:view-controller path="/" view-name="hello"/>
<mvc:default-servlet-handler />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="jspre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
</beans>
The error you can see in the picture:
HTTP Status 404 - /springupload/WEB-INF/webmvc-config.xml
type Status report
message /springupload/WEB-INF/webmvc-config.xml
description The requested resource (/springupload/WEB-INF/webmvc-config.xml) is not available.
JBoss Web/7.0.13.Final
I really do not know why I configure the html and jsp page, while it should some configuration file as my start page?
Your configuration is not far from being OK.
One thing I notice is that the hello.html file is in your root WebContent folder. I suppose this is the view you want rendered when you access http://localhost:8080/springupload/ because of this line in the configuration:
<mvc:view-controller path="/" view-name="hello"/>
If this is so, then Spring is trying to resolve to /WEB-INF/hello.html because of the prefix and suffix on this viewResolver :
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
However, you have two view resolvers with no order in them, and Spring is taking only the first one which resolves to /WEB-INF/hello.jsp, hence the 404 Not found
To wrap it up your solution is to move hello.html to /WEB-INF/ and to change your viewResolver configuration in webmvc-config.xml like so
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="jspre">
<property name="order" value="2" />
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".jsp"/>
</bean>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver" id="htmlre">
<property name="order" value="1" />
<property name="prefix" value="/WEB-INF/"/>
<property name="suffix" value=".html"/>
</bean>
Last, you're not supposed to access directly content in the http://localhost:8080/WEB-INF/* URL, so everything you try here will result in a 404 Not found.
change your configuration file name to [dispatcher servlet name]-servlet.xml
http://static.springsource.org/spring/docs/3.0.x/reference/mvc.html