Announcement Announcement Module
Collapse
No announcement yet.
Have two auth-method for a web application Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Have two auth-method for a web application

    Hi,

    I'm trying to put 2 auth-method using spring security on a web-application. Indeed, I'd like that the servlet A to be authentified using BASIC auth and servlet B using FORM auth.

    I try to do this kind of thing in the applicationContext.xml file :

    Code:
        <http use-expressions="true">
            <intercept-url pattern="/A" access="user"/>
    	<http-basic/>
        </http>
    
        <http use-expressions="true">
    	    <intercept-url pattern="/B" access="user"/>
                <form-login />	
        </http>
    ...
    However when I start tomcat I've got the error
    Code:
    16:22:13.202 [localhost-startStop-1] ERROR o.s.web.context.ContextLoader - Context initialization failed
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init metho
    d failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causi
    ng them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1422) ~[spring-be
    ans-3.0.7.RELEASE.jar:3.0.7.RELEASE]
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:518) ~[spring-beans
    -3.0.7.RELEASE.jar:3.0.7.RELEASE]
            at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:455) ~[spring-beans-3
    .0.7.RELEASE.jar:3.0.7.RELEASE]
            at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:293) ~[spring-beans-3.0.7.RELEASE.jar:3.0.7.RELEAS
    E]
    Do you know if what I'm trying to do is ok with Spring or should I put the differents servlet in differents WAR files ?

    Regards,
    Blured.

  • #2
    Try to copy your url patterns from <intercept-url> tags up to <http> tags. In both cases or at least in the first one.
    Then it'll look like:
    Code:
        <http pattern="/A" use-expressions="true">
            <intercept-url pattern="/A" access="user"/>
    	<http-basic/>
        </http>
    
        <http pattern="/B" use-expressions="true">
    	    <intercept-url pattern="/B" access="user"/>
                <form-login />	
        </http>
    As you can see in your logs: "A universal match pattern ('/**') is defined before other patterns in the filter chain". That's because you didn't set any pattern in the first <http> tag, so it means the default pattern "/**". Then, every single request will match the first pattern ( for A servlet ) and the second one will always be ignored.
    In my opinion that is the problem here.

    Comment


    • #3
      Thanks a lot for this info

      Comment

      Working...
      X