Announcement Announcement Module
Collapse
No announcement yet.
spring security in the root context app (tomcat) not persisting Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring security in the root context app (tomcat) not persisting

    I have an app that I recently migrated to the root context of tomcat and since doing so, spring security will no longer persist the session. I noticed also that the every secured url appends a different jsessionid.
    Here is the last few lines of the relevant logs:


    Code:
    2013-05-07 22:06:58,603 DEBUG [org.springframework.security.access.vote.AffirmativeBased]:53 - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@39887339, returned: 1
    2013-05-07 22:06:58,603 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor]:213 - Authorization successful
    2013-05-07 22:06:58,604 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor]:223 - RunAsManager did not change Authentication object
    2013-05-07 22:06:58,604 DEBUG [org.springframework.security.web.FilterChainProxy]:362 - /public/contact/address/[email protected] reached end of additional filter chain; proceeding with original chain
    2013-05-07 22:06:58,619 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter]:100 - Chain processed normally
    2013-05-07 22:06:58,625 DEBUG [org.springframework.security.web.context.HttpSessionSecurityContextRepository]:338 - SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    2013-05-07 22:06:58,626 DEBUG [org.springframework.security.web.context.SecurityContextPersistenceFilter]:89 - SecurityContextHolder now cleared, as request processing completed
    Here is my spring security XML:
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<!-- HTTP security configurations -->
        <http auto-config="true" use-expressions="true" create-session="always">
        	<form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t"/>
            <logout logout-url="/logout" invalidate-session="true"/>
            
            <!-- Open to Everyone -->
            <intercept-url pattern="/" access="permitAll" />
            <intercept-url pattern="/login" access="permitAll" />
            <intercept-url pattern="/public/**" access="permitAll" />
            <intercept-url pattern="/document-resources/**" access="permitAll" />
            <intercept-url pattern="/static/**" access="permitAll" />
            
            <!-- Admins Only -->
            <intercept-url pattern="/admin/**" access="hasRole('ADMIN')"/>
            
            <!-- Must Be Logged in -->
            <intercept-url pattern="/**" access="isAuthenticated()" />
    
        </http>	
    	
    	<!-- Configure Authentication mechanism -->
       <authentication-manager alias="authenticationManager">
       		<authentication-provider ref="itxJPAAuthenticationProviderService"/>
       </authentication-manager> 
    
    </beans:beans>
    Here is the RELEVANT tomcat server.xml
    Code:
    <?xml version='1.0' encoding='utf-8'?>
    
    <Server port="8005" shutdown="SHUTDOWN">
    
      <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
      <Listener className="org.apache.catalina.core.JasperListener" />
      <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
      <Listener className="org.apache.catalina.mbeans.ServerLifecycleListener" />
      <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
    
      <GlobalNamingResources>
     <Resource name="UserDatabase" auth="Container"
                  type="org.apache.catalina.UserDatabase"
                  description="User database that can be updated and saved"
                  factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
                  pathname="conf/tomcat-users.xml" />
                    <Resource auth="Container" driverClassName="org.postgresql.Driver" maxActive="20" name="jdbc/sanddollarDataSource" 
                    password="853trgc19rtqaht" type="javax.sql.DataSource" 
                    url="jdbc:postgresql://127.0.0.1:5432/sanddollar_towne" 
                    username="sanddollar" />
    
                            <Resource auth="Container" driverClassName="org.postgresql.Driver" maxActive="20" name="jdbc/myDataSource" 
                    password="xxxxxxxxxxxxxxx" type="javax.sql.DataSource" 
                    url="jdbc:postgresql://127.0.0.1:5432/myapp" 
                    username="xxxx" />
            
     </GlobalNamingResources>
      <Service name="Catalina">
      
        <Connector port="80" protocol="HTTP/1.1" 
                   connectionTimeout="20000" 
                   redirectPort="8443" />
       <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    
    
    
        <Engine name="Catalina" defaultHost="localhost">
    
          <Realm className="org.apache.catalina.realm.UserDatabaseRealm"
                 resourceName="UserDatabase"/>
    
        <Host name="localhost"  appBase="webapps"
                unpackWARs="true" autoDeploy="true"
                xmlValidation="false" xmlNamespaceAware="false">
            <Context path="" docBase="/usr/local/tomcat/wars/ROOT.war" reloadable="true" debug="0" cookies="false" >
                    <ResourceLink name="jdbc/applicationDatasource" global="jdbc/myDataSource"
                            type="javax.sql.DataSource"/>
    
            </Context>
          </Host>
        </Engine>
      </Service>
    </Server>

    Please someone help. I am racking my brain for the last 2 days with no solution in sight. I am desperate to fix this.

  • #2
    I solved this. Turned out I had cookies turned on in the context configuration. Sorry for the false alarm

    Comment

    Working...
    X