Announcement Announcement Module
Collapse
No announcement yet.
Spring security 3 and Url Rewrite Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring security 3 and Url Rewrite

    Hi all,

    I'm looking to secure my basic application with Spring security 3 however because I am using a Urlrewrite filter (required for RESTful urls) I cannot get the security to invoke.

    My web.xml looks like:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.4" 
    	  xmlns="http://java.sun.com/xml/ns/j2ee" 
    	  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    	  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    	  
    	  
    	<display-name>MyApp</display-name>
    	
    	<filter>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
      
    	<filter-mapping>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	
    	<!-- Enables clean URLs with JSP views e.g. /welcome instead of /app/welcome -->
    	<filter>
    		<filter-name>UrlRewriteFilter</filter-name>
    		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>UrlRewriteFilter</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>   
    	
    	
    	<servlet>
    		<servlet-name>MyApp</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        	<load-on-startup>1</load-on-startup>
    	</servlet>
     
    	<servlet-mapping>
        	<servlet-name>MyApp</servlet-name>
        	<url-pattern>/app/*</url-pattern>
    	</servlet-mapping>
    	
    	<listener>
    		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    	</listener>
    	<context-param>
    		<param-name>log4jConfigLocation</param-name>
    		<param-value>classpath:log4j.properties</param-value>
    	</context-param>
    	
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			classpath:applicationContext.xml
    			classpath:applicationContext-security.xml
    		</param-value>
    	</context-param>
    	
    	
    	
    	
    	<welcome-file-list>
    		<welcome-file>index.jsp</welcome-file>
    	</welcome-file-list>
    </web-app>
    Then I have used the following rewrite XML:

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.0//EN" "http://tuckey.org/res/dtds/urlrewrite3.0.dtd">
    <urlrewrite default-match-type="wildcard">
    	<rule>
    		<from>/**</from>
    		<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    		<from>/app/**</from>
    		<to>/$1</to>
    	</outbound-rule>
    </urlrewrite>
    And for the simple example I have used the following spring security beans:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
      			 xmlns:beans="http://www.springframework.org/schema/beans"
      			 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      			 xsi:schemaLocation="http://www.springframework.org/schema/beans 
               						 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
               						 http://www.springframework.org/schema/security 
               						 http://www.springframework.org/schema/security/spring-security-3.0.xsd">
               						 
    	<http auto-config='true'>
    		
    		<intercept-url pattern="/secure/**" access="ROLE_USER"/>
    		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    		<form-login/>
    		<logout/>
    		<remember-me/>
      	</http>
      	
      	<authentication-manager>
    		<authentication-provider>
          		<user-service>
            		<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
            		<user name="bob" password="bobspassword" authorities="ROLE_USER" />
          		</user-service>
        	</authentication-provider>
      </authentication-manager>
      	
        
    </beans:beans>
    So as you can see I'm trying to secure any URL's matching /secure/(anything) but if I use the UrlRewrite filter the security doesn't invoke. However if I turn the filter off the security works fine?

    Can anyone help shine a light on my misunderstanding??

    Many thanks

    eggsy

  • #2
    Solved

    Hi all

    Just to let people know I have solved my incorrect setup.

    My security-context.xml intercept url should have read:

    Code:
    <http auto-config='true'>
    		
    		<intercept-url pattern="/secure/**" access="ROLE_USER"/>
    		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
      	</http>
    Many thanks to anyone that read the post

    Comment


    • #3
      Furthermore

      Also I had linked the secure page incorrectly!

      Comment


      • #4
        eggsy84,

        Not sure what you have solved here... you have just removed the following lines if I am not missing something. Please tell me how you have solved this, I have same issue.

        http://forum.springsource.org/showth...t=81035&page=2

        Code:
        <form-login/>
        		<logout/>
        		<remember-me/>
        thanks

        Comment


        • #5
          Setup

          Hi there,

          Unfortunately since writing that post I have had to further update my Spring security setup so that it allows to forms of authentication.

          Form based and Basic Http based for RESTful requests. For more info on this please see:

          http://forum.springsource.org/showth...stful+security

          Comment


          • #6
            hi,

            thanks, and I have solved the issue and it had to to with the way I have configured the filters(security, urlrewriter)

            http://forum.springsource.org/showth...t=81035&page=3

            Asad

            Thanks

            Comment


            • #7
              Hello there!

              Could someone please post demo app?

              I can't get it working Tried for 5-6 hours.

              Comment


              • #8
                Try to change the filterīs position

                In section 7.4 of the spring security documentation (7.4 Use with other Filter-Based Frameworks):

                "...If you're using some other framework that is also filter-based, then you need to make sure that the Spring Security filters come first..."

                Example:

                Code:
                <?xml version="1.0" encoding="UTF-8"?>
                <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
                	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
                
                
                	<context-param>
                		<param-name>contextConfigLocation</param-name>
                		<param-value>/WEB-INF/spring/*.xml </param-value>
                	</context-param>
                
                	<filter>
                		<filter-name>springSecurityFilterChain</filter-name>
                		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                	</filter>
                	<filter-mapping>
                		<filter-name>springSecurityFilterChain</filter-name>
                		<url-pattern>/*</url-pattern>
                	</filter-mapping>
                
                	<!--
                		Enables clean URLs with JSP views e.g. /welcome instead of
                		/app/welcome
                	-->
                	<filter>
                		<filter-name>UrlRewriteFilter</filter-name>
                		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
                	</filter>
                
                	<filter-mapping>
                		<filter-name>UrlRewriteFilter</filter-name>
                		<url-pattern>/*</url-pattern>
                	</filter-mapping>
                
                
                	<!-- Handles all requests into the application -->
                	<servlet>
                		<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
                		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                
                		<init-param>
                			<param-name>contextConfigLocation</param-name>
                			<param-value> /WEB-INF/spring/*.xml </param-value>
                		</init-param>
                
                		<load-on-startup>1</load-on-startup>
                	</servlet>
                
                
                	<!-- Maps all /app requests to the DispatcherServlet for handling -->
                	<servlet-mapping>
                		<servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
                		<url-pattern>/app/*</url-pattern>
                	</servlet-mapping>
                
                
                	<!--
                		- Publishes events for session creation and destruction through the
                		application - context. Optional unless concurrent session control is
                		being used.
                	-->
                
                	<listener>
                		<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
                	</listener>
                
                
                	<!--
                		- Loads the root application context of this web app at startup. - The
                		application context is then available via -
                		WebApplicationContextUtils.getWebApplicationContext(servletContext).
                	-->
                
                	<listener>
                		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
                	</listener>
                
                
                </web-app>

                Comment


                • #9
                  I have similar problem, spring security seems not working if i put the filter
                  after UrlRewriteFilter.
                  My console log:
                  [...]
                  [INFO,DefaultAnnotationHandlerMapping] Mapped URL path [/centrali/getByIdbre/]
                  [INFO,SimpleUrlHandlerMapping] Mapped URL path [/Menu] onto handler [org.springframework.web.servlet.mvc.Parameterizabl eViewController@1c220eb]
                  [...]
                  [INFO,SimpleUrlHandlerMapping] Root mapping to handler [org.springframework.web.servlet.mvc.Parameterizabl eViewController@1ff5c98]
                  [INFO,MethodSecurityInterceptor] Validated configuration attributes
                  [DEBUG,ExpressionBasedFilterInvocationSecurityMetad ataSource] Adding web access control expression 'permitAll', for [/]
                  [DEBUG,ExpressionBasedFilterInvocationSecurityMetad ataSource] Adding web access control expression 'ROLE_USER', for [/**]
                  [DEBUG,ExpressionBasedFilterInvocationSecurityMetad ataSource] Added URL pattern: /; attributes: [permitAll]
                  [DEBUG,ExpressionBasedFilterInvocationSecurityMetad ataSource] Added URL pattern: /**; attributes: [ROLE_USER]
                  if i point the browser at
                  http://localhost:8080/ProvisioningWe...ali/getByIdbre
                  or http://localhost:8080/ProvisioningWebInterface2/Menu
                  i get the page but no login screen is prompted...

                  if i move up the filter as hallisson suggest and point the browser to the same pages i have an exception and cant see the page:
                  Code:
                  GRAVE: Servlet.service() for servlet default threw exception
                  java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
                  	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:159)
                  	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
                  	at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
                  	at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
                  	at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
                  	at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
                  	at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
                  	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
                  	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:298)
                  	at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:852)
                  	at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:588)
                  	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:489)
                  	at java.lang.Thread.run(Unknown Source)

                  my web.xml:
                  Code:
                  <?xml version="1.0" encoding="UTF-8"?>
                  <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" version="2.5">
                  	
                  <context-param>
                          <param-name>log4jConfigLocation</param-name>
                          <param-value>/WEB-INF/log4j.properties</param-value>
                  </context-param>
                  
                  <filter>
                      <filter-name>characterEncodingFilter</filter-name>
                      <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
                      <init-param>
                        <param-name>encoding</param-name>
                        <param-value>UTF-8</param-value>
                      </init-param>
                      <init-param>
                        <param-name>forceEncoding</param-name>
                        <param-value>true</param-value>
                      </init-param>
                  </filter>
                  <filter-mapping>
                      <filter-name>characterEncodingFilter</filter-name>
                      <url-pattern>/*</url-pattern>
                  </filter-mapping>
                  
                  
                  <filter>
                      <filter-name>UrlRewriteFilter</filter-name>
                      <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
                  </filter>
                  <filter-mapping>
                      <filter-name>UrlRewriteFilter</filter-name>
                      <url-pattern>/*</url-pattern>
                  </filter-mapping>
                  
                  <filter>
                      <filter-name>springSecurityFilterChain</filter-name>
                      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                  </filter>
                  <filter-mapping>
                      <filter-name>springSecurityFilterChain</filter-name>
                      <url-pattern>/*</url-pattern>
                  </filter-mapping>
                  
                   <servlet>
                      <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
                      <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                      <init-param>
                        <param-name>contextConfigLocation</param-name>
                        <param-value>
                        		/WEB-INF/spring/app-config.xml
                        		/WEB-INF/applicationContext-security.xml
                        </param-value>
                      </init-param>
                      <load-on-startup>1</load-on-startup>
                    </servlet>
                    <servlet-mapping>
                      <servlet-name>Spring MVC Dispatcher Servlet</servlet-name>
                      <url-pattern>/app/*</url-pattern>
                    </servlet-mapping>
                  
                  <listener>
                          <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
                  </listener>
                  
                  
                  </web-app>
                  my app-config
                  Code:
                  <?xml version="1.0" encoding="UTF-8"?>
                  <beans xmlns="http://www.springframework.org/schema/beans"
                  	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                  	xmlns:context="http://www.springframework.org/schema/context"
                  	xmlns:aop="http://www.springframework.org/schema/aop"
                  	xmlns:p="http://www.springframework.org/schema/p"
                  	xsi:schemaLocation="
                  		http://www.springframework.org/schema/beans	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                  		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
                  
                  	<!-- Scans the classpath of this application for @Components to deploy as beans -->
                  	<context:component-scan base-package="provisioningWebInterface2" />
                  
                  	<!-- Application Message Bundle -->
                  	<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
                  		<property name="basename" value="/WEB-INF/messages/messages" />
                  		<property name="cacheSeconds" value="0" />
                  	</bean>
                  
                  	<bean id="propertyPlaceholderConfigurer" class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
                    		<property name="locations">
                      		<list>
                        			<value>/WEB-INF/app.properties</value>
                      		</list>
                    		</property>
                  	</bean>
                  
                  	<bean id="costanti" class="utils.Costanti">
                  		<property name="APPLICATION" value="${application}"/>
                  		<property name="CARTELLA_UPLOAD" value="${file_upload_dir}"/>
                  		<property name="SERVER_URI" value="${server_uri}"/>		
                  	</bean>
                  
                  	<!-- Configures Spring MVC -->
                  	<import resource="mvc-config.xml" />
                  	
                  	<!-- Configures Spring DATASOURCES -->
                  	<import resource="dataSources-config.xml" />
                  	
                  	<import resource="dao.xml" />
                  </beans>
                  app-security.xml
                  Code:
                  <?xml version="1.0" encoding="UTF-8"?>
                  
                  <!--
                    - Sample namespace-based configuration
                    -
                    -->
                  
                  <beans:beans xmlns="http://www.springframework.org/schema/security"
                      xmlns:beans="http://www.springframework.org/schema/beans"
                      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
                      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                                          http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
                  
                      <global-method-security pre-post-annotations="enabled">
                          <!-- AspectJ pointcut expression that locates our "post" method and applies security that way
                          <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/>
                          -->
                      </global-method-security>
                  
                          
                     <http use-expressions="true">
                          <intercept-url pattern="/" access="permitAll"/>
                          <intercept-url pattern="/**" access="ROLE_USER" />
                          <form-login />
                          <logout />
                      </http>
                  
                  
                      <!--
                      Usernames/Passwords are
                          rod/koala
                          dianne/emu
                          scott/wombat
                          peter/opal
                      -->
                      <authentication-manager>
                          <authentication-provider>
                              <password-encoder hash="md5"/>
                              <user-service>
                                  <user name="rod" password="a564de63c2d0da68cf47586ee05984d7" authorities="ROLE_SUPERVISOR, ROLE_USER, ROLE_TELLER" />
                                  <user name="dianne" password="65d15fe9156f9c4bbffd98085992a44e" authorities="ROLE_USER,ROLE_TELLER" />
                                  <user name="scott" password="2b58af6dddbd072ed27ffc86725d7d3a" authorities="ROLE_USER" />
                                  <user name="peter" password="22b5c9accc6e1ba628cedc63a72d57f8" authorities="ROLE_USER" />
                              </user-service>
                          </authentication-provider>
                      </authentication-manager>
                  
                  </beans:beans>
                  Any hint will be appreciate, thanks in advance

                  Comment


                  • #10
                    in the console i have also this infos:
                    Code:
                    [INFO,XmlWebApplicationContext] Bean 'org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler#0' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
                    [INFO,XmlWebApplicationContext] Bean '(inner bean)' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
                    [INFO,XmlWebApplicationContext] Bean '(inner bean)' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
                    [INFO,XmlWebApplicationContext] Bean 'org.springframework.security.access.method.DelegatingMethodSecurityMetadataSource#0' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
                    [INFO,XmlWebApplicationContext] Bean 'org.springframework.security.methodSecurityMetadataSourceAdvisor' is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)

                    Comment


                    • #11
                      ContextLoaderListener

                      The filter uses WebApplicationContext, becouse of that you have to put the ContextLoaderListener:

                      Code:
                      	<listener>
                      		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
                      	</listener>
                      And dont forget the contextConfigLocation:
                      Code:
                      	<context-param>
                      		<param-name>contextConfigLocation</param-name>
                      		<param-value>/WEB-INF/spring/*.xml </param-value>
                      	</context-param>
                      Thatīs all

                      Comment


                      • #12
                        It works! Thank you very much.

                        Bug.

                        Comment


                        • #13
                          How to configure Spring Security Filter Chain with Tuckey ?

                          I also have some problems to get Spring Security work with Spring 3 and Tuckey 3.0.4.

                          Here is my: web.xml
                          Code:
                          <?xml version="1.0" encoding="UTF-8"?>
                          <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
                              <context-param>
                                  <param-name>contextConfigLocation</param-name>
                                  <param-value>
                                      /WEB-INF/applicationContext.xml
                                      /WEB-INF/applicationContext-security.xml
                                  </param-value>
                              </context-param>
                              <!-- Begin of Spring Security -->
                              <filter>
                                <filter-name>springSecurityFilterChain</filter-name>
                                <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                              </filter>
                              <filter-mapping>
                                <filter-name>springSecurityFilterChain</filter-name>
                                <url-pattern>/*</url-pattern>
                              </filter-mapping>
                              <!-- End of Spring Security -->
                          	<!-- Tuckey -->
                          	<filter>
                          		<filter-name>UrlRewriteFilter</filter-name>
                          		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
                          	</filter>
                          	<filter-mapping>
                          		<filter-name>UrlRewriteFilter</filter-name>
                          		<url-pattern>/*</url-pattern>
                          	</filter-mapping>
                          	<!-- End of Tuckey -->
                              <listener>
                                  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
                              </listener>
                          	<!-- Dispatcher Servlet -->
                              <servlet>
                                  <servlet-name>dispatcher</servlet-name>
                                  <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
                                  <load-on-startup>2</load-on-startup>
                              </servlet>
                              <servlet-mapping>
                                  <servlet-name>dispatcher</servlet-name>
                          		<url-pattern>/app/*</url-pattern>
                              </servlet-mapping>
                          	<!-- End of Dispatcher Servlet -->
                              <session-config>
                                  <session-timeout>
                                      30
                                  </session-timeout>
                              </session-config>
                              <welcome-file-list>
                                  <welcome-file>redirect.jsp</welcome-file>
                              </welcome-file-list>
                          </web-app>
                          And my applicationContext-security.xml:

                          Code:
                          ...
                          <http access-denied-page="/accessDenied.jsp">
                          	<intercept-url pattern="/erstellen.html" access="ROLE_USER" />
                          	<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
                          	<http-basic />
                          	<form-login login-page='/login.html' authentication-failure-url="/login.html?error=1" />
                          	<logout />
                          </http>
                          ...
                          For Request-Mapping I use: DefaultAnnotationHandlerMapping
                          Code:
                          <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />
                          My urlrewrite.xml is:
                          Code:
                          <?xml version="1.0" encoding="utf-8"?>
                          <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
                                  "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
                          <urlrewrite default-match-type="wildcard">
                          	<rule>
                          		<from>/**</from>
                          		<to>/app/$1</to>
                          	</rule>
                          	<outbound-rule>
                          		<from>/app/**</from>
                          		<to>/$1</to>
                          	</outbound-rule>
                          </urlrewrite>
                          And my Controller has the following code in it:
                          Code:
                          @RequestMapping(value="/app/mypage.html/{code}", method=RequestMethod.GET)
                          public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
                          {
                          	ModelAndView mv = new ModelAndView("mypage");
                          	return mv;
                          }
                          If I want to open http://localhost:8080/project/mypage.html I'm getting:
                          Code:
                          HTTP Status 405 - Request method 'GET' not supported
                          And if I want to open http://localhost:8080/project/ I get:
                          Code:
                          HTTP Status 404
                          Can anybody help?

                          Greetings

                          Benny

                          Comment


                          • #14
                            Originally posted by bennyn View Post
                            I also have some problems to get Spring Security work with Spring 3 and Tuckey 3.0.4.
                            You should have your Tuckey Urlrewrite Filter before Spring Security Filter in web.xml, because otherwise it cannot work. Also version 3.2 is stable version of Tuckey, why cannot you use it? And then you should add following to your Spring Security filter:

                            Code:
                                <filter>
                                    <filter-name>springSecurityFilterChain</filter-name>
                                    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                                </filter>
                                <filter-mapping>
                                    <filter-name>springSecurityFilterChain</filter-name>
                                    <url-pattern>/*</url-pattern> 
                                    <dispatcher>REQUEST</dispatcher>
                                    <dispatcher>FORWARD</dispatcher>
                                    <dispatcher>INCLUDE</dispatcher>
                                    <dispatcher>ERROR</dispatcher>
                                </filter-mapping>
                            And also mapping @RequestMapping(value="/app/mypage.html/{code} is wrong, unless you don't want your controller real url to be app/app/mypage.html/.
                            Last edited by __dev18; Sep 20th, 2010, 03:56 AM.

                            Comment


                            • #15
                              Update controller

                              Hi there,

                              As suggested your URL mappings on the controller seem incorrect.

                              You should replace

                              Code:
                              @RequestMapping(value="/app/mypage.html/{code}", method=RequestMethod.GET)
                              public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
                              {
                              	ModelAndView mv = new ModelAndView("mypage");
                              	return mv;
                              }
                              With

                              Code:
                              @RequestMapping(value="/app/{code}/mypage.html", method=RequestMethod.GET)
                              public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
                              {
                              	ModelAndView mv = new ModelAndView("mypage");
                              	return mv;
                              }
                              Then you can hit the URL like so (assuming you have Tuckey setup):
                              Code:
                              http://localhost:8080/app/*/mypage.html
                              Eggsy

                              Comment

                              Working...
                              X