Announcement Announcement Module
Collapse
No announcement yet.
Websphere 7 - universal match pattern ('/**') is defined before other patterns Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Websphere 7 - universal match pattern ('/**') is defined before other patterns

    I have generated a spring project using Roo, and used the security setup addon to add in the spring security. The security works fine on Tomcat 7, but am running into the following problem when trying to deploy to Websphere 7.0.0.19. I'm currently using Spring Security 3.1.0.RELEASE. I've seen other projects use the Spring DelegatingFilterProxy just fine within Websphere. Anybody have any ideas?

    Error from StackTrace:
    Code:
    E org.springframework.web.context.ContextLoader initWebApplicationContext Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
    applicationContext-security.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security" 
        xmlns:beans="http://www.springframework.org/schema/beans" 
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> 
    
        <!-- HTTP security configurations -->
        <http auto-config="true" use-expressions="true" >
            <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" />
            <logout logout-url="/resources/j_spring_security_logout" />
            <!-- Configure these elements to secure URIs in your application -->
            <intercept-url pattern="/login" access="permitAll" />
            <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
            <intercept-url pattern="/jobtypes/**" access="isAuthenticated()" />
            <intercept-url pattern="/tests/**" access="permitAll" />
            <!-- Websphere Problem: IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain -->
            <intercept-url pattern="/resources/**" access="permitAll" />
            <intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
        </http>
        
        <!-- Configure Authentication mechanism -->
    	<beans:bean name="myCompanyAuthenticationProvider" class="edu.mycompany.project.security.MyCompanyAuthenticationProvider" />
    	<authentication-manager alias="authenticationManager">
    		<authentication-provider ref="myCompanyAuthenticationProvider" />
    	</authentication-manager>   
    </beans:beans>

    UPDATE:

    I have confirmed the security config is getting loaded twice. I have uploaded my web.xml

    Still not exactly sure why it is loading twice though. Will work in the forums on this. Thanks!
    Last edited by iojohnso; Aug 17th, 2012, 01:31 PM. Reason: Confirmed security config is getting loaded twice

  • #2
    For others that land on this thread. This was logged as SEC-2034 and determined to be invalid. The cause is that the configuration is being loaded twice (exact reasons still under investigation by the reporter).

    Comment


    • #3
      Are you importing the other configurations in an XML file in addition to having it being picked up in the web.xml (i.e. are you using <import /> within any of your configuration files)?

      PS: Editing a post does not send a notification on the forums so it is best to make a new post (this way I know you have updated the thread)

      Comment


      • #4
        I have found the culprit of the multiple config files loading twice. It has to do with how Spring Roo initially creates the web.xml file - an extra asterisk is added after classpath. I have opened a spring roo ticket here.

        When the "web mvc setup" command is run, the web.xml is setup with the following path to the spring context files...

        Code:
        <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
        </context-param>
        The first asterisk is the culprit for the spring config files (-spring.xml specifically) being picked up multiple times when running on Websphere 7.0.0.19 (The app deploys fine on Tomcat however). After I remove that asterisk, then the application loads fine

        <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>classpath:META-INF/spring/applicationContext*.xml</param-value>
        </context-param>
        Is there a reason for the first asterisk? If not, please remove. Thanks!

        Comment


        • #5
          I would enable debug logging and see what files are getting loaded. Perhaps you have an XML file in a jar that is getting picked up.

          Comment


          • #6
            Here are the two locations they are being picked up from.

            org.springframework.beans.factory.xml.XmlBeanDefin itionReader loadBeanDefinitions Loading XML bean definitions from file...

            Code:
            C:\app_workspace_sts_workload\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\workload\WEB-INF\classes\META-INF\spring\applicationContext-security.xml
            Code:
            C:\app_workspace_sts_workload\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\workload\META-INF\spring\applicationContext-security.xml
            So when the app is deploying it is pushing the applicationContext-security.xml to two different locations?

            Comment


            • #7
              It would appear that you either have the file in your project twice or it is being deployed twice. It appears you are using Eclipse to deploy your project to WAS. One thing that looks weird to me is that the file would normally be something like this:

              Code:
              C:\app_workspace_sts_workload\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\wtpwebapps\workload\META-INF\spring\applicationContext-security.xml
              Can you try building the web application (i.e. converting it to a WAR) and seeing if the resulting war contains the xml file twice? Since you are using Roo I assume it is a Maven project so you can just run mvn clean package to get the war. If the XML file is not in the resulting war twice it is probably an issue with the WAS WTP integration with Eclipse.
              Last edited by Rob Winch; Aug 20th, 2012, 11:59 AM.

              Comment


              • #8
                PS: You can then try running the packaged war on WAS without Eclipse to see if that works

                Comment


                • #9
                  After running mvn clean package there are two files generated into the war...

                  Code:
                  \WEB-INF\classes\META-INF\spring\applicationContext-security.xml
                  
                  \META-INF\spring\applicationContext-security.xml
                  Any ideas on how to avoid having both of those created?

                  Comment


                  • #10
                    Originally posted by iojohnso View Post
                    After running mvn clean package there are two files generated into the war...

                    Code:
                    \WEB-INF\classes\META-INF\spring\applicationContext-security.xml
                    
                    \META-INF\spring\applicationContext-security.xml
                    Any ideas on how to avoid having both of those created?
                    It is difficult to say without seeing your pom.xml and your project structure. When I run the Spring Roo vote sample script and then package it with Maven it works properly (i.e. the security file is found in WEB-INF only) so it is likely something that has been modified. I would try the sample and see if that works and then do a diff on your project and the sample to see what is different.

                    Comment


                    • #11
                      I have also confirmed the vote sample script does not produce a \META-INF\spring\ folder. Our project was initially started back with Spring Roo 1.1 i believe, and has been upgraded since, so it is likely that over time some config changed on our end. I'm not going to run a diff, but will keep an eye out for this same behavior when we start up a new project.

                      Thanks for your help!

                      Comment

                      Working...
                      X