Announcement Announcement Module
Collapse
No announcement yet.
springSecurityFilterChain does not work in other Appserver Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • springSecurityFilterChain does not work in other Appserver

    Dear all,

    I've tried inserting:
    Code:
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>
                org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    But it only works in Tomcat and Jetty. I've tried it in JBoss and Geronimo but it doesn't work.

    Here are the stacktrace:
    Code:
    2008-04-02 12:56:32,595 ERROR [org.apache.catalina.core.ContainerBase.[jboss.web].[localhost].[/ivrweb]] Exception starting filter springSecurityFilterChain
    org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
    	at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanDefinition(DefaultListableBeanFactory.java:378)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getMergedLocalBeanDefinition(AbstractBeanFactory.java:1012)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:227)
    	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:168)
    	at org.springframework.context.support.AbstractApplicationContext.getBean(AbstractApplicationContext.java:892)
    	at org.springframework.web.filter.DelegatingFilterProxy.initDelegate(DelegatingFilterProxy.java:163)
    	at org.springframework.web.filter.DelegatingFilterProxy.initFilterBean(DelegatingFilterProxy.java:123)
    	at org.springframework.web.filter.GenericFilterBean.init(GenericFilterBean.java:179)
    	at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:275)
    ...
    Is there any way for me to call the springSecurityFilterChain bean to avoid these error? Or what class/bean implementation does springSecurityFilterChain refer to?

    Thanks in advance

  • #2
    That's strange, because it is just a bean alias for the FilterChainProxy which is created in the application context. There isn't anything non-Spring going on there.

    Comment


    • #3
      I just tried the latest tutorial sample application (from RC1) in JBoss 4.2.2-GA and it appears to work fine.

      Comment


      • #4
        I am getting the same error in Tomcat 6 with spring-security 2 RC1. The spring-security-samples-contacts-2.0.0-RC1 war works. I am not sure what I am missing in my configuration to stop this from working. My web.xml is as follows

        Code:
        	<filter>
        		<filter-name>springSecurityFilterChain</filter-name>
        		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        	</filter>
        
        	<filter-mapping>
        		<filter-name>springSecurityFilterChain</filter-name>
        		<url-pattern>/*</url-pattern>
        	</filter-mapping>
        The following is my spring-security config.

        Code:
        	<security:http auto-config="true">
        		<!-- restrict URLs based on role -->
        		<security:intercept-url pattern="/login*" access="ROLE_ANONYMOUS" />
        		<security:intercept-url pattern="/logoutSuccess*" access="ROLE_ANONYMOUS" />
        		<security:intercept-url pattern="/logout*" access="ROLE_USER" />
        		
        		<!-- override default login and logout pages -->
        		<security:form-login login-page="/login" authentication-failure-url="/login?login_error=1" />
        		<security:logout logout-url="/logout" logout-success-url="/logoutSuccess" />
        		
        	</security:http>
        	
        	
        	<security:authentication-provider user-service-ref="userDetailsService">
        		<security:password-encoder ref="passwordEncoder">
        			<security:salt-source user-property="salt"/>
        		</security:password-encoder>
        	</security:authentication-provider>
        The following appears in my log but does not for the spring-security-samples-contacts-2.0.0-RC1 app.

        Code:
        2008-04-09 12:51:55,760 DEBUG [org.springframework.web.filter.DelegatingFilterProxy] - Initializing filter 'springSecurityFilterChain'
        The only real difference that I can see from the sample app is the authentication-provider. Any ideas what could be causing this? Any help would be appreciated.

        Comment


        • #5
          I have this working now. The issue appeared to be due to the user-service-ref definition being in a separate configuration file from the main security configuration.

          Comment


          • #6
            Is this a bug that the security configuration must have the bean that implements UserDetailsService defined it its file? Isn't a configuration file that is also on the classpath and loaded by the WebApplicationContext sufficient? Kinda kills pluggability by discovery otherwise.

            Comment

            Working...
            X