Announcement Announcement Module
Collapse
No announcement yet.
Jsut a quick one Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Jsut a quick one

    Guys,

    I was wondering if someone could figure what am I doing wrong here:

    I am using Spring MVC and Spring Security (3.1.0.RELEASE) with multiple http tag definitions:

    Code:
    <security:http use-expressions="true" authentication-manager-ref="supervisorAuthenticationManager" pattern="/supervisor/**">
    		<security:intercept-url pattern="/supervisor/maintenance/**" access="hasRole('supervisor')" />
    		<security:form-login login-page="/supervisor/login" login-processing-url="/supervisor/j_spring_security_check" 
    			default-target-url="/supervisor/maintenance" authentication-failure-url="/supervisor/login?authfailed=true"/>
    		<security:logout logout-success-url="/supervisor/logout" />
    	</security:http>
    
        <security:http use-expressions="true" authentication-manager-ref="clientAuthenticationManager">
    		<security:intercept-url pattern="/maintenance/**" access="hasRole('client')" />
    		<security:intercept-url pattern="/booking/**" access="hasRole('client')" />
    		<security:form-login login-page="/login" authentication-failure-url="/login?authfailed=true" default-target-url="/maintenance" />
    		<security:logout logout-success-url="/logout" />
    	</security:http>

    the problem is with a logout

    Code:
    http://localhost:8080/servlet/supervisor/j_spring_security_logout
    returns 404, while the root one

    Code:
    http://localhost:8080/servlet/j_spring_security_logout
    (used by the second definition below the one on top) works fine.

    Now what makes me curious is that login for supervisor works as intended for example:

    Code:
    login-processing-url="/supervisor/j_spring_security_check
    works fine (I have left out authentication provider definitions to minimise the clutter) so the setup is aware of the 'supervisor' portion, yet when it comes to logout, it cannot find it.

    my web.xml only has one filter defined

    Code:
     <filter>
            <filter-name>springSecurityFilter</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
    
        <filter-mapping>
          <filter-name>springSecurityFilter</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
    Any ideas are welcome.

    Regards, M.

  • #2
    Scratch that,

    I found the problem, it appears that I was missing logout-url tag with logout-url="/supervisor/j_spring_security_logout" which makes sense (everything that is 'nested' or in this case contained inside 'supervisor' has to be explicitly defined.
    Last edited by mushashi; Jan 27th, 2013, 10:39 PM.

    Comment

    Working...
    X