Announcement Announcement Module
Collapse
No announcement yet.
spring security in a web module Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring security in a web module

    Hello,

    I'm trying to configure spring security to be used in a web module in s2ap. If I just configure the filterChainProxy, the application complains that there is no contextLoaderListener defined.

    When I add the contextLoaderListener it tries to load the application context files, but my app context files are stored in /META-INF/spring/*.xml. OSGi already takes care of loading those files, so it shouldn't have to load it again right? Should I be using something other than org.springframework.web.context.ContextLoaderListe ner?

    Are there any examples of spring-security being used in s2ap?

  • #2
    spring security in a web module

    It turns out the DelegatingFilterProxy needs to be overridden to retrieve the correct WebApplicationContext from the OSGi bundle.

    Comment


    • #3
      spring security in a web module

      Hi,

      actually you don't have to do override or use Delegating Filter Proxy. The only thing I had to
      add to a standard SSAP web module is this field in the MANIFEST.MF:

      Web-FilterMappings: filterChainProxy;url-patterns:="/*"

      and after that configure all the Spring security beans as usual. No further configuration in
      web.xml or any other file is necessary.

      So, you were on the right track, but you must have missed a small detail somewhere that resulted in
      your contextLoaderListener error. If you provide more details about that error and your configuration
      (the contents of manifest, web.xml and security beans file) I think the problem should be easy to spot
      and solve.

      Comment


      • #4
        spring security in a web module

        Hi aznboarder,

        > Are there any examples of spring-security being used in s2ap?

        Yes, the Spring Travel PAR sample application uses Spring Security in a Web Module within a PAR. You can download Spring Travel from the "Downloads" link on this page. Take special notice of the web module specific manifest headers in MANIFEST.MF:

        Platform-ModuleType: Web
        Web-ContextPath: springtravel-faces
        Web-DispatcherServletUrlPatterns: /spring/*
        Web-FilterMappings: springSecurityFilterChain;url-patterns:="/*"

        Regards,

        Sam
        SpringSource

        Comment

        Working...
        X