Announcement Announcement Module
Collapse
No announcement yet.
intercept-url not working for me Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • intercept-url not working for me

    please find below my security configuration:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:util="http://www.springframework.org/schema/util"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    	xmlns:context="http://www.springframework.org/schema/context"
    	xmlns:tx="http://www.springframework.org/schema/tx"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        					http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        					http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd
                            http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
    						http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
    						http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd">
    
    
    	<global-method-security secured-annotations="enabled" jsr250-annotations="enabled" pre-post-annotations="enabled" />
    
        <http use-expressions="true">     	     
    
            <intercept-url pattern="${root}/vikas/login.htm" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
            <intercept-url pattern="${root}/vikas/admin.htm" access="hasRole(ROLE_ADMIN)" />
            <intercept-url pattern="${root}/vikas/css/**" access="hasRole(ROLE_ADMIN)" />
    
    		<form-login login-processing-url="/j_spring_security_check" login-page="/jsp/login.jsp" authentication-failure-url="/jsp/login.jsp?login_error=true"/>
            <logout logout-url="/j_spring_security_logout" logout-success-url="/"/>
    
    		<remember-me key="myAppKey" token-validity-seconds="864000" />
        </http>
        
        <authentication-manager>
        	<authentication-provider>
        		<jdbc-user-service data-source-ref="myDataSource" users-by-username-query="select USER_NAME as username, PASSWORD, true from USER where USER_NAME = ? and STATUS='Active'"/>
        	</authentication-provider>
        </authentication-manager>
    
    </beans:beans>
    in the above code, i was expecting /admin.htm and css page can only be access by ROLE_ADMIN user. but its accessible to every one.

    please tell me, where am going wrong? thank you.

  • #2
    Missing single quotes around ROLE_ADMIN in the SpEL expressions?

    Comment


    • #3
      thank you pmularien, for pointing out one of the mistake. but still i am able to access admin page without admin rights.

      following change i did:

      Code:
              <intercept-url pattern="${root}/vikas/login.htm" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
              <intercept-url pattern="${root}/vikas/admin.htm" access="hasRole('ROLE_ADMIN')" />
              <intercept-url pattern="${root}/vikas/css/**" access="hasRole('ROLE_ADMIN')" />
      please tell me, what else is wrong in it.

      Comment


      • #4
        What is the value of ${root}? Also if you did not experience an exception with the invalid configuration, did you ensure to setup your web.xml with a ContextLoaderListener ensuring to import your spring config and a springSecurityFilterChain?

        Comment


        • #5
          Also please post what version of Spr Sec you are using.

          Comment


          • #6
            ${root} is the contextual root. currently, its value is http://localhost:8080 . previously, i tried with relative url as well. but none works.

            and there is no exception shown on the server.

            my web.xml has ContextLoaderListener and springSecurityFilterChain, as shown below:

            Code:
            <?xml version="1.0" encoding="UTF-8"?>
            <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
            	<display-name>myworld</display-name>
            
            	<servlet>
            		<servlet-name>dispatcher</servlet-name>
            		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            		<init-param>
            			<param-name>contextConfigLocation</param-name>
            			<param-value/>
            		</init-param>
            	</servlet>
            
            	<servlet-mapping>
            		<servlet-name>dispatcher</servlet-name>
            		<url-pattern>*.htm</url-pattern>
            	</servlet-mapping>
            
            	<context-param>
            		<param-name>contextConfigLocation</param-name>
            		<param-value>
            			/WEB-INF/config/myworld-config.xml
            		</param-value>
            	</context-param>
            
                <filter>
                    <filter-name>springSecurityFilterChain</filter-name>
                    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
                </filter>
            
            	<filter-mapping>
                    <filter-name>springSecurityFilterChain</filter-name>
                    <url-pattern>/*</url-pattern>
                </filter-mapping>
            
            	<listener>
            		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
            	</listener>
            
            	<welcome-file-list>
            		<welcome-file>index.jsp</welcome-file>
            	</welcome-file-list>
            </web-app>

            Comment


            • #7
              i am using spring security 3.0

              Comment


              • #8
                What is the name of your spring config you posted?

                Comment


                • #9
                  Look at the debug log. It explicitly tells you the URLs it is attempting to match and whether or not each pattern matches, and it will detail the requests progress through the filter chain. They shouldn't include the context path.

                  Comment


                  • #10
                    rwinch,

                    my spring config name is myworld-security.xml

                    also, login, logout, and remember-me functionalities are working fine in my application.

                    i would like to inform you that, there is no filename as admin.htm instead i am using @RequestMapping("admin.htm") annotation in the AdminController class. then this class is returning admin tile view.

                    Luke Taylor, i didnt enabled my logging yet. i have to learn how to do that.

                    Comment


                    • #11
                      Originally posted by vikas_chess View Post
                      Luke Taylor, i didnt enabled my logging yet. i have to learn how to do that.
                      Copy the setup from one of the sample applications. The debug log is pretty much essential.

                      Comment


                      • #12
                        thank you friends, the issue is resolved now after i enabled debugger. the problem was with my pattern. it should be /admin instead of /vikas/admin.

                        however, i got an issue with debug thing.

                        my log file is successfully created under d: drive on setting logfile location in the log4j.properties file as shown below:

                        log4j.appender.logfile.File=d:\\vikas.log

                        but, am not able to create log file under WEB-INF directory on writing below line:

                        log4j.appender.logfile.File=/WEB-INF/vikas.log

                        please let me know, whats wrong here. thank you.

                        Comment


                        • #13
                          It's a log4j question - paths will be relative to wherever your application's working directory is. You can use a relative path if you want - logging under WEB-INF is typically not a good idea anyway.

                          Comment

                          Working...
                          X