Announcement Announcement Module
Collapse
No announcement yet.
custom login with spring security set to permitted() not working Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • custom login with spring security set to permitted() not working

    I have created a custom login web service (additional things are done upon login) and have set the path to be allowed to bypass security <intercept-url pattern="/app/juser/login" access="permitAll()"/>

    This works fine and I have not had any issues with it. However, so far I have only accessed my app via explicit ip

    Now, I have set up a domain name for my app and when I try to access this call it does not bypass security. It tries to find the user from the session (as with any secured calls) and then fails with since the user is not yet authenticated (it's the login call).

    So to be clear- if I access http://the.server.ip/myapp/app/juser/login, it works fine. If I access http://my_domain_name/myapp/app/juser/login it does not bypass security.

    What could be the issue here?

  • #2
    Some more data

    I added degug logging and the same servletpath and pathinfo are set for both calls (using domain and ip)

    servletPath:/app
    pathInfo:/juser/login

    But when using the domain I get 2012-03-15 18:33:05,486 [TP-Processor3] DEBUG com.pluggedin.auth.AjaxAuthenticationFailureHandle r: No failure URL set, sending 401 Unauthorized error
    (it is not recognizing that you can access the url without being authenticated)

    while when using the ip it allows it through

    What's the issue here?

    Comment


    • #3
      issue due to no webapp name in path

      I have narrowed down the issue.

      When I include my web app name in my path it works, but when I leave it out (which is possible since my web app is the default one for the virtual host) it does not work.

      So- www.mydomainname.com/mywebapp/app/juser/login -- works
      www.mydomainname.com/app/juser/login --- doesn't work

      Remember, that it actually goes to the web app, the thing that doesn't work is the security setting of permitAll() For some reason when it does not have the web app name in the path it's not getting matched correctly.

      Is this a bug in spring?

      Comment

      Working...
      X