Announcement Announcement Module
Collapse
No announcement yet.
Spring security 3 and Url Rewrite Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • eggsy84
    started a topic Spring security 3 and Url Rewrite

    Spring security 3 and Url Rewrite

    Hi all,

    I'm looking to secure my basic application with Spring security 3 however because I am using a Urlrewrite filter (required for RESTful urls) I cannot get the security to invoke.

    My web.xml looks like:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.4" 
    	  xmlns="http://java.sun.com/xml/ns/j2ee" 
    	  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
    	  xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
    	  
    	  
    	<display-name>MyApp</display-name>
    	
    	<filter>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    	</filter>
      
    	<filter-mapping>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	
    	<!-- Enables clean URLs with JSP views e.g. /welcome instead of /app/welcome -->
    	<filter>
    		<filter-name>UrlRewriteFilter</filter-name>
    		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
    	</filter>
    
    	<filter-mapping>
    		<filter-name>UrlRewriteFilter</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>   
    	
    	
    	<servlet>
    		<servlet-name>MyApp</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        	<load-on-startup>1</load-on-startup>
    	</servlet>
     
    	<servlet-mapping>
        	<servlet-name>MyApp</servlet-name>
        	<url-pattern>/app/*</url-pattern>
    	</servlet-mapping>
    	
    	<listener>
    		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
    	</listener>
    	<context-param>
    		<param-name>log4jConfigLocation</param-name>
    		<param-value>classpath:log4j.properties</param-value>
    	</context-param>
    	
    	<listener>
    		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    	</listener>
    	<context-param>
    		<param-name>contextConfigLocation</param-name>
    		<param-value>
    			classpath:applicationContext.xml
    			classpath:applicationContext-security.xml
    		</param-value>
    	</context-param>
    	
    	
    	
    	
    	<welcome-file-list>
    		<welcome-file>index.jsp</welcome-file>
    	</welcome-file-list>
    </web-app>
    Then I have used the following rewrite XML:

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.0//EN" "http://tuckey.org/res/dtds/urlrewrite3.0.dtd">
    <urlrewrite default-match-type="wildcard">
    	<rule>
    		<from>/**</from>
    		<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    		<from>/app/**</from>
    		<to>/$1</to>
    	</outbound-rule>
    </urlrewrite>
    And for the simple example I have used the following spring security beans:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
      			 xmlns:beans="http://www.springframework.org/schema/beans"
      			 xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
      			 xsi:schemaLocation="http://www.springframework.org/schema/beans 
               						 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
               						 http://www.springframework.org/schema/security 
               						 http://www.springframework.org/schema/security/spring-security-3.0.xsd">
               						 
    	<http auto-config='true'>
    		
    		<intercept-url pattern="/secure/**" access="ROLE_USER"/>
    		<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    		<form-login/>
    		<logout/>
    		<remember-me/>
      	</http>
      	
      	<authentication-manager>
    		<authentication-provider>
          		<user-service>
            		<user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
            		<user name="bob" password="bobspassword" authorities="ROLE_USER" />
          		</user-service>
        	</authentication-provider>
      </authentication-manager>
      	
        
    </beans:beans>
    So as you can see I'm trying to secure any URL's matching /secure/(anything) but if I use the UrlRewrite filter the security doesn't invoke. However if I turn the filter off the security works fine?

    Can anyone help shine a light on my misunderstanding??

    Many thanks

    eggsy

  • knkpchari
    replied
    Method Level Security

    Hi,

    The URL authentication done by Spring Security is very much impressive and good to implement. Now i am implementing the ACLs for method level security.

    I want to known can we do the ethod level security without touching the screen or code just using some implemented classes as we are doing in case of the URL. If it is possible please tell me.

    I saw the example of contacts given by spring security for ACL implementations and in this we have to use the tags in JSP page and also some changes in the controller. I am having a project with 1500 screens which i cant change for authorization.

    So kindly suggest me what is the best way to do?

    Thanks

    Leave a comment:


  • bennyn
    replied
    I have not set any default-target url. I had it before but then Spring Security redirected me to the default-target url everytime I logged in. But I want that the user stays on the page where the login was needed for.

    My <http> configuration is just:
    <http>
    <intercept-url pattern="/app/page" access="ROLE_USER" />
    <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <http-basic />
    <form-login login-page="/login" authentication-failure-url="/login/error" />
    <logout />
    </http>

    Leave a comment:


  • __dev18
    replied
    Originally posted by bennyn View Post
    Today I played a bit around with securing my webpages. If want to access http://localhost:8080/ksw/page then Spring Security blocks me and wants me to login (yeah!). After a successful login, Spring Security redirects me to http://localhost:8080/ksw/app/page with status code 200, so the page is ok and can be seen. :-) The only problem I have with it is that the URL is http://localhost:8080/ksw/app/page and not http://localhost:8080/ksw/page.

    My controller:
    Code:
    @RequestMapping("/page")
    { ... }
    My applicationContext-security.xml:
    Code:
    <intercept-url pattern="/app/page" access="ROLE_USER" />
    My urlrewrite.xml is:

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
    "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">
    
    	<!-- Static Web Content -->
    	<rule>
    		<from>/js**</from>
    		<to last="true">/js$1</to>
    	</rule>
    	<rule>
    		<from>/images**</from>
    		<to last="true">/images$1</to>
    	</rule>
    
    	<!-- Spring Security -->
    	<rule>
    		<from>/j_spring_security_check**</from>
    		<to last="true">/j_spring_security_check$1</to>
    	</rule>
    	<rule>
    		<from>/j_spring_security_logout**</from>
    		<to last="true">/j_spring_security_logout$1</to>
    	</rule>
    	
    	<!-- Secured Web Pages -->
    	<rule>
    		<from>/app/page**</from>
    		<to>/page$1</to>
    	</rule>
    
    	<!-- Spring Web MVC -->
    	<rule>
    		<from>/**</from>
    		<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    		<from>/app/**</from>
    		<to>/$1</to>
    	</outbound-rule>
    </urlrewrite>
    Do I need an extra outbound-rule for "/app/page"? I tried different constellations but nothing has helped.
    What is your default-target-url in applicationContext-security.xml?

    Leave a comment:


  • bennyn
    replied
    Today I played a bit around with securing my webpages. If want to access http://localhost:8080/ksw/page then Spring Security blocks me and wants me to login (yeah!). After a successful login, Spring Security redirects me to http://localhost:8080/ksw/app/page with status code 200, so the page is ok and can be seen. :-) The only problem I have with it is that the URL is http://localhost:8080/ksw/app/page and not http://localhost:8080/ksw/page.

    My controller:
    Code:
    @RequestMapping("/page")
    { ... }
    My applicationContext-security.xml:
    Code:
    <intercept-url pattern="/app/page" access="ROLE_USER" />
    My urlrewrite.xml is:

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
    "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">
    
    	<!-- Static Web Content -->
    	<rule>
    		<from>/js**</from>
    		<to last="true">/js$1</to>
    	</rule>
    	<rule>
    		<from>/images**</from>
    		<to last="true">/images$1</to>
    	</rule>
    
    	<!-- Spring Security -->
    	<rule>
    		<from>/j_spring_security_check**</from>
    		<to last="true">/j_spring_security_check$1</to>
    	</rule>
    	<rule>
    		<from>/j_spring_security_logout**</from>
    		<to last="true">/j_spring_security_logout$1</to>
    	</rule>
    	
    	<!-- Secured Web Pages -->
    	<rule>
    		<from>/app/page**</from>
    		<to>/page$1</to>
    	</rule>
    
    	<!-- Spring Web MVC -->
    	<rule>
    		<from>/**</from>
    		<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    		<from>/app/**</from>
    		<to>/$1</to>
    	</outbound-rule>
    </urlrewrite>
    Do I need an extra outbound-rule for "/app/page"? I tried different constellations but nothing has helped.

    Leave a comment:


  • bennyn
    replied
    You are fantastic! Logout seems to work now.

    My urlrewrite.xml is:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
    "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">

    <!-- Static Web Content -->
    <rule>
    <from>/js**</from>
    <to last="true">/js$1</to>
    </rule>
    <rule>
    <from>/images**</from>
    <to last="true">/images$1</to>
    </rule>

    <!-- Spring Security -->
    <rule>
    <from>/j_spring_security_check**</from>
    <to last="true">/j_spring_security_check$1</to>
    </rule>
    <rule>
    <from>/j_spring_security_logout**</from>
    <to last="true">/j_spring_security_logout$1</to>
    </rule>

    <!-- Spring Web MVC -->
    <rule>
    <from>/**</from>
    <to>/app/$1</to>
    </rule>
    <outbound-rule>
    <from>/app/**</from>
    <to>/$1</to>
    </outbound-rule>
    </urlrewrite>
    To secure http://localhost:8080/ksw/page I have to write this in my applicationContext-security.xml:
    <intercept-url pattern="/app/page" access="ROLE_USER" />
    If I access http://localhost:8080/ksw/page then, my login-page comes up and if I login successfully I get a 404 error because the login-page want's to redirect me to http://localhost:8080/ksw/app/page after the login.
    If I strip off the "/app" in my intercept-url pattern then the site http://localhost:8080/ksw/page isn't secured by Spring Security (no display of login-page for anonymous users).

    This is the last sign I have to solve to get my application working with REST. Thank you vey much for your help and your patience.

    Leave a comment:


  • __dev18
    replied
    Originally posted by bennyn View Post
    I use version 3.2. With your configuration the Login works now!
    I had to change the form action url in my login.jsp from:


    To:


    The only things which are not working yet is the "Logout" and my JavaScripts and CSS from my JSPs.

    Before using REST I always did the logout with the following url: http://localhost:8080/ksw/j_spring_security_logout
    But this is not possible anymore. I always get the warning:


    Things which I have linked in my JSPs with:


    Do also give a warning, e.g.:


    My urlrewrite.xml is now:


    P.S. If we get the things work, then I will write an entry in my blog so that nobody else pulls his/her hair out.
    Because you use version 3.2, you need to add attribute last="true" to those rules for Spring security.

    Js folder in your webconent cannot be accessed, because you need to add rule for that in your urlrewrite.xml, just like you need to add every other static folder (for example css files folder) in your webcontent folder.

    This is what your urlrewrite.xml should look like

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
    "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">
    
    	<!-- Access to js folder in webcontent -->
    	<rule>
    	<from>/js**</from>
    	<to last="true">/js$1</to>
    	</rule>
    	<!-- End Access to js folder in webcontent -->
    	
    	<!-- Spring Security Servelts -->
    	<rule>
    	<from>/j_spring_security_check**</from>
    	<to last="true">/j_spring_security_check$1</to>
    	</rule>
    	
    	<rule>
    	<from>/j_spring_security_logout**</from>
    	<to last="true">/j_spring_security_logout$1</to>
    	</rule>
    	<!-- End Spring Security Servelts -->
    	
    	<!-- Spring Framework -->
    	<rule>
    	<from>/**</from>
    	<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    	<from>/app/**</from>
    	<to>/$1</to>
    	</outbound-rule>
    	<!-- End Spring Framework -->
    	
    </urlrewrite>

    Leave a comment:


  • bennyn
    replied
    I use version 3.2. With your configuration the Login works now!
    I had to change the form action url in my login.jsp from:
    <form action="<c:url value='j_spring_security_check'/>" method="POST">
    To:
    <form action="<c:url value='/ksw/j_spring_security_check'/>" method="POST">
    The only things which are not working yet is the "Logout" and my JavaScripts and CSS from my JSPs.

    Before using REST I always did the logout with the following url: http://localhost:8080/ksw/j_spring_security_logout
    But this is not possible anymore. I always get the warning:
    No mapping found for HTTP request with URI [/ksw/app/j_spring_security_logout] in DispatcherServlet with name 'dispatcher'
    Things which I have linked in my JSPs with:
    <script type="text/javascript" src="/ksw/js/prototype.js"></script>
    Do also give a warning, e.g.:
    No mapping found for HTTP request with URI [/ksw/app/js/prototype.js] in DispatcherServlet with name 'dispatcher'
    My urlrewrite.xml is now:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
    "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">
    <rule>
    <from>/**</from>
    <to>/app/$1</to>
    </rule>
    <outbound-rule>
    <from>/app/**</from>
    <to>/$1</to>
    </outbound-rule>
    <rule>
    <from>/j_spring_security_check**</from>
    <to last="true">/j_spring_security_check$1</to>
    </rule>
    <rule>
    <from>/j_spring_security_logout**</from>
    <to last="true">/j_spring_security_logout$1</to>
    </rule>
    </urlrewrite>
    P.S. If we get the things work, then I will write an entry in my blog so that nobody else pulls his/her hair out.

    Leave a comment:


  • __dev18
    replied
    Originally posted by bennyn View Post
    Ok, I did this but then my GlassFish v3 application server claims:


    Here is my login.jsp:


    And some lines from my applicationContext-security.xml:


    Maybe you can see an error in it... I'm very new to these things.
    What version of urlrewrite filter you are using now? And these rules must be before app rule.

    In version 3.2 you need to add following xml rules:

    Code:
    	<rule>
    		<from>/j_spring_security_check**</from>
    		<to last="true">/j_spring_security_check$1</to>
    	</rule>	
    	<rule>
    		<from>/logout**</from>
    		<to last="true">/logout$1</to>
    	</rule>
    Last edited by __dev18; Sep 21st, 2010, 05:34 AM.

    Leave a comment:


  • bennyn
    replied
    Ok, I did this but then my GlassFish v3 application server claims:
    WARNING: No mapping found for HTTP request with URI [/ksw/app/j_spring_security_check] in DispatcherServlet with name 'dispatcher'
    Here is my login.jsp:
    <form action="<c:url value='j_spring_security_check'/>" method="POST">
    ...
    </form>
    And some lines from my applicationContext-security.xml:
    <http access-denied-page="/accessDenied">
    <intercept-url pattern="/app/page" access="ROLE_USER" />
    <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    <http-basic />
    <form-login login-page="/login" authentication-failure-url="/login/error" />
    <logout />
    </http>
    Maybe you can see an error in it... I'm very new to these things.

    Leave a comment:


  • __dev18
    replied
    Originally posted by bennyn View Post
    Hi __dev18 and eggsy84. Thank you very much for your help!
    With your advice I have made it.

    But there is still a problem.
    My application context path is /ksw and is deployed to http://localhost:8080/ksw

    In my *.jsp's I have some links which look like:
    Code:
    <script type="text/javascript" src="/ksw/js/script.js"></script>
    These links are also not working. But the controllers are doing very well!
    Unfortunately http://localhost:8080/ksw/j_spring_security_check ends up in error 404

    Maybe it's because I use the following "form action" in "login.jsp"?
    Code:
    <form action="<c:url value='j_spring_security_check'/>" method="POST">
    Hi, you need to add rules to urlrewrite filter xml for Spring Security Servelts. For example in your case you need to allow Spring Security handle url j_spring_security_check.

    Code:
    	<rule>
    		<from>/j_spring_security_check**</from>
    		<to>/j_spring_security_check$1</to>
    	</rule>	
    	<rule>
    		<from>/logout**</from>
    		<to>/logout$1</to>
    	</rule>

    Leave a comment:


  • bennyn
    replied
    Hi __dev18 and eggsy84. Thank you very much for your help!
    With your advice I have made it.

    But there is still a problem.
    My application context path is /ksw and is deployed to http://localhost:8080/ksw

    In my *.jsp's I have some links which look like:
    Code:
    <script type="text/javascript" src="/ksw/js/script.js"></script>
    These links are also not working. But the controllers are doing very well!
    Unfortunately http://localhost:8080/ksw/j_spring_security_check ends up in error 404

    Maybe it's because I use the following "form action" in "login.jsp"?
    Code:
    <form action="<c:url value='j_spring_security_check'/>" method="POST">
    My configuration is the following now:

    web.xml

    Code:
    ...
    <!-- Tuckey's URL Rewrite Filter -->
    <filter>
    	<filter-name>UrlRewriteFilter</filter-name>
    	<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
    </filter>
    <filter-mapping>
    	<filter-name>UrlRewriteFilter</filter-name>
    	<url-pattern>/*</url-pattern>
    </filter-mapping>
    
    <!-- Spring Security -->
    <filter>
    	<filter-name>springSecurityFilterChain</filter-name>
    	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
    	<filter-name>springSecurityFilterChain</filter-name>
    	<url-pattern>/*</url-pattern>
    	<dispatcher>REQUEST</dispatcher>
    	<dispatcher>FORWARD</dispatcher>
    	<dispatcher>INCLUDE</dispatcher>
    	<dispatcher>ERROR</dispatcher>	
    </filter-mapping>	
    ...
    <!-- Dispatcher Servlet -->
    <servlet>
    	<servlet-name>dispatcher</servlet-name>
    	<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    	<load-on-startup>2</load-on-startup>
    </servlet>
    <servlet-mapping>
    	<servlet-name>dispatcher</servlet-name>
    	<url-pattern>/app/*</url-pattern>
    </servlet-mapping>
    ...
    <welcome-file-list>
    	<welcome-file>redirect.jsp</welcome-file>
    </welcome-file-list>
    ...
    urlrewrite.xml

    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
            "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">
    	<rule>
    		<from>/**</from>
    		<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    		<from>/app/**</from>
    		<to>/$1</to>
    	</outbound-rule>
    </urlrewrite>
    PageController.java

    Code:
    @RequestMapping(value="/page/{code}", method=RequestMethod.GET)
    public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
    {
    ...
    }
    Last edited by bennyn; Sep 20th, 2010, 03:47 PM.

    Leave a comment:


  • eggsy84
    replied
    Update controller

    Hi there,

    As suggested your URL mappings on the controller seem incorrect.

    You should replace

    Code:
    @RequestMapping(value="/app/mypage.html/{code}", method=RequestMethod.GET)
    public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
    {
    	ModelAndView mv = new ModelAndView("mypage");
    	return mv;
    }
    With

    Code:
    @RequestMapping(value="/app/{code}/mypage.html", method=RequestMethod.GET)
    public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
    {
    	ModelAndView mv = new ModelAndView("mypage");
    	return mv;
    }
    Then you can hit the URL like so (assuming you have Tuckey setup):
    Code:
    http://localhost:8080/app/*/mypage.html
    Eggsy

    Leave a comment:


  • __dev18
    replied
    Originally posted by bennyn View Post
    I also have some problems to get Spring Security work with Spring 3 and Tuckey 3.0.4.
    You should have your Tuckey Urlrewrite Filter before Spring Security Filter in web.xml, because otherwise it cannot work. Also version 3.2 is stable version of Tuckey, why cannot you use it? And then you should add following to your Spring Security filter:

    Code:
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern> 
            <dispatcher>REQUEST</dispatcher>
            <dispatcher>FORWARD</dispatcher>
            <dispatcher>INCLUDE</dispatcher>
            <dispatcher>ERROR</dispatcher>
        </filter-mapping>
    And also mapping @RequestMapping(value="/app/mypage.html/{code} is wrong, unless you don't want your controller real url to be app/app/mypage.html/.
    Last edited by __dev18; Sep 20th, 2010, 02:56 AM.

    Leave a comment:


  • bennyn
    replied
    How to configure Spring Security Filter Chain with Tuckey ?

    I also have some problems to get Spring Security work with Spring 3 and Tuckey 3.0.4.

    Here is my: web.xml
    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/applicationContext.xml
                /WEB-INF/applicationContext-security.xml
            </param-value>
        </context-param>
        <!-- Begin of Spring Security -->
        <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
        <!-- End of Spring Security -->
    	<!-- Tuckey -->
    	<filter>
    		<filter-name>UrlRewriteFilter</filter-name>
    		<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
    	</filter>
    	<filter-mapping>
    		<filter-name>UrlRewriteFilter</filter-name>
    		<url-pattern>/*</url-pattern>
    	</filter-mapping>
    	<!-- End of Tuckey -->
        <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
    	<!-- Dispatcher Servlet -->
        <servlet>
            <servlet-name>dispatcher</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>2</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>dispatcher</servlet-name>
    		<url-pattern>/app/*</url-pattern>
        </servlet-mapping>
    	<!-- End of Dispatcher Servlet -->
        <session-config>
            <session-timeout>
                30
            </session-timeout>
        </session-config>
        <welcome-file-list>
            <welcome-file>redirect.jsp</welcome-file>
        </welcome-file-list>
    </web-app>
    And my applicationContext-security.xml:

    Code:
    ...
    <http access-denied-page="/accessDenied.jsp">
    	<intercept-url pattern="/erstellen.html" access="ROLE_USER" />
    	<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
    	<http-basic />
    	<form-login login-page='/login.html' authentication-failure-url="/login.html?error=1" />
    	<logout />
    </http>
    ...
    For Request-Mapping I use: DefaultAnnotationHandlerMapping
    Code:
    <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping" />
    My urlrewrite.xml is:
    Code:
    <?xml version="1.0" encoding="utf-8"?>
    <!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
            "http://tuckey.org/res/dtds/urlrewrite3.2.dtd">
    <urlrewrite default-match-type="wildcard">
    	<rule>
    		<from>/**</from>
    		<to>/app/$1</to>
    	</rule>
    	<outbound-rule>
    		<from>/app/**</from>
    		<to>/$1</to>
    	</outbound-rule>
    </urlrewrite>
    And my Controller has the following code in it:
    Code:
    @RequestMapping(value="/app/mypage.html/{code}", method=RequestMethod.GET)
    public ModelAndView showErrors(@ModelAttribute("user") User user, @PathVariable("code") String errorMessage)
    {
    	ModelAndView mv = new ModelAndView("mypage");
    	return mv;
    }
    If I want to open http://localhost:8080/project/mypage.html I'm getting:
    Code:
    HTTP Status 405 - Request method 'GET' not supported
    And if I want to open http://localhost:8080/project/ I get:
    Code:
    HTTP Status 404
    Can anybody help?

    Greetings

    Benny

    Leave a comment:

Working...
X