Announcement Announcement Module
Collapse
No announcement yet.
Spring security on traditionnal servlet Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security on traditionnal servlet

    Hi all, I am quite new to all this spring security thing and i am struggling with a problem for three days now. I have a simple servlet implementing tomcat CometProcessor and i want to secure the access to it using spring security, but with no luck. If looking to the here under configuration files something pops to your mind please drop me a line i am completely stuck .

    applicationContext-security.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="XXXXX"
        xmlns:beans="XXXXX"
        xmlns:xsi="XXXXX"
        xsi:schemaLocation="XXXXXXX">
     
            <authentication-provider user-service-ref="wsAuthentificationService"/>
            <http auto-config="true">
                <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/>
            </http>
    </beans:beans>
    web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="2.5" xmlns="XXXXX" xmlns:xsi="XXXXX" xsi:schemaLocation="XXXXX">
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/applicationContext.xml
                /WEB-INF/applicationContext-security.xml
            </param-value>
        </context-param>
        <listener>
          <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
        <!-- hibernate settings -->
        <filter>
            <filter-name>hibernateFilter</filter-name>
            <filter-class>
                org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
            </filter-class>
        </filter>
        <filter-mapping>
            <filter-name>hibernateFilter</filter-name>
            <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
            <dispatcher>FORWARD</dispatcher>
        </filter-mapping>
        <!-- spring security settings -->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
            <dispatcher>REQUEST</dispatcher>
            <dispatcher>FORWARD</dispatcher>
            </filter-mapping>
        <!-- message sender setting -->
        <servlet>
            <servlet-name>CMan</servlet-name>
            <servlet-class>xxx.servlets.CMan</servlet-class>
        </servlet>
        <servlet-mapping>
            <servlet-name>CMan</servlet-name>
            <url-pattern>/cman</url-pattern>
        </servlet-mapping>
        <session-config>
            <session-timeout>
                30
            </session-timeout>
        </session-config>
        <welcome-file-list>
            <welcome-file>index.jsp</welcome-file>
        </welcome-file-list>
        </web-app>
    One thing to say is that the configuration is working like a charm in another project based on jax-ws webservices.

    Tell me if you need any other information to be able to help me.

    Nicolas

  • #2
    Ok guys, forget about it, re-reading for 20th time tomcat documentation I saw something that i didn't noticed on the 19 other times
    Similar to regular filters, a filter chain is invoked when comet events are processed. These filters should implement the CometFilter interface (which works in the same way as the regular Filter interface), and should be declared and mapped in the deployment descriptor in the same way as a regular filter. The filter chain when processing an event will only include filters which match all the usual mapping rules, and also implement the CometFiler interface.
    So my question is now how to wrap org.springframework.web.filter.DelegatingFilterPro xy inside a CometFilter but i am sure that the spring security documentation will help me on that .

    Comment

    Working...
    X