Announcement Announcement Module
Collapse
No announcement yet.
Is possible to use Security 3.0.2 + Tuckey URLRewriter? Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Is possible to use Security 3.0.2 + Tuckey URLRewriter?

    Hi there,

    I've been looking for a way to configure a web app with spring mvc 3.0.2 + security + urlrewriter to build a restfull app but it's completely impossible. It never works well, no matter how you configure it:

    - With the urlrewriter filter before or after the security filter
    - Rules for the login page.
    - Etc etc

    I've seen the other posts on the forum but none of them shows a solution and it seems that there isn't a single demo app in the whole internet.

    So... has anyone been able to configure properly this setup? Could you share it with us?

    Kind regards,

    Jose

  • #2
    Hi Jose,

    This is top of web.xml it works like charm:

    Code:
        
    
    <listener>
            <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>
    
        <filter>
            <filter-name>filterChainProxy</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
            <filter-name>filterChainProxy</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    
        <filter>
            <filter-name>UrlRewriteFilter</filter-name>
            <filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
            <init-param>
                <param-name>logLevel</param-name>
                <param-value>ERROR</param-value>
            </init-param>
        </filter>
        <filter-mapping>
            <filter-name>UrlRewriteFilter</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    Hope this will help.

    Comment


    • #3
      Hi momatej,

      Could you post the rest of your config? (dispatcher-servlet-mapping,security-config, urlrewriter-rules...) I already have the web.xml configured as you did...

      Thanks for the support,

      Jose

      Comment


      • #4
        security:

        Code:
            <bean id="filterChainProxy" class="org.springframework.security.web.FilterChainProxy">
                <security:filter-chain-map path-type="ant">
                    <security:filter-chain pattern="/**"
                                           filters="
                                           httpSessionContextIntegrationFilter,
                                           securityContextPersistenceFilter,
                                           logoutFilter,
                                           usernamePasswordAuthenticationFilter,                                       
                                           rememberMeProcessingFilter,
                                           anonymousProcessingFilter,
                                           exceptionTranslationFilter,
                                           filterInvocationInterceptor"/>
                </security:filter-chain-map>
            </bean>
        
            
             
            <bean id="httpSessionContextIntegrationFilter" class="org.springframework.security.web.context.HttpSessionContextIntegrationFilter"/>
        
            <bean id="logoutFilter" class="org.springframework.security.web.authentication.logout.LogoutFilter">
                <constructor-arg value="/index.html"/>
                <constructor-arg>
                    <list>    
                        <bean class="org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler"/>
                        <ref bean="rememberMeServices"/>
                    </list>
                </constructor-arg>
                <property name="filterProcessesUrl" value="/j_spring_security_logout"/>
            </bean>
        
            <bean id="usernamePasswordAuthenticationFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="filterProcessesUrl" value="/j_spring_security_check"/>
                <property name="rememberMeServices" ref="rememberMeServices"/>
                <property name="authenticationSuccessHandler" ref="authenticationSuccessHandler"/>
                <property name="authenticationFailureHandler" ref="authenticationFailureHandler"/>
            </bean>
            <bean id="authenticationSuccessHandler" class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
                <property name="defaultTargetUrl" value="/secure/myAccount.html"/>
            </bean>
            <bean id="authenticationFailureHandler" class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
                <property name="defaultFailureUrl" value="/login.html?login_error=1"/>
            </bean>
        
            <bean id="securityContextPersistenceFilter" class="org.springframework.security.web.context.SecurityContextPersistenceFilter"/>
        
            <bean id="rememberMeProcessingFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="rememberMeServices" ref="rememberMeServices"/>
            </bean>
        
            <bean id="anonymousProcessingFilter"
                  class="org.springframework.security.web.authentication.AnonymousAuthenticationFilter">
                <property name="key" value="${env.security.anonymous.key}"/>
                <property name="userAttribute" value="anonymousUser,ROLE_ANONYMOUS"/>
            </bean>
        
            <bean id="exceptionTranslationFilter" class="org.springframework.security.web.access.ExceptionTranslationFilter">
                <property name="authenticationEntryPoint">
                    <bean class="org.springframework.security.web.authentication.AuthenticationProcessingFilterEntryPoint">
                        <property name="loginFormUrl" value="/login.html"/>
                    </bean>
                </property>
                <property name="accessDeniedHandler">
                    <bean class="org.springframework.security.web.access.AccessDeniedHandlerImpl">
                        <property name="errorPage" value="/login.html?access_error=1"/>
                    </bean>
                </property>
            </bean>
        
            <bean id="filterInvocationInterceptor" class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
                <property name="authenticationManager" ref="authenticationManager"/>
                <property name="accessDecisionManager">
                    <bean class="org.springframework.security.access.vote.AffirmativeBased">
                        <property name="allowIfAllAbstainDecisions" value="false"/>
                        <property name="decisionVoters">
                            <list>
                                <bean class="org.springframework.security.access.vote.RoleVoter"/>
                                <bean class="org.springframework.security.access.vote.AuthenticatedVoter"/>
                            </list>
                        </property>
                    </bean>
                </property>
                <property name="securityMetadataSource">
                    <security:filter-security-metadata-source path-type="ant" lowercase-comparisons="true">
                        <security:intercept-url pattern="/secure/provider/editor/admin/super/**" access="ROLE_SUPERVISOR"/>
                        <security:intercept-url pattern="/adminbanning/**" access="ROLE_SUPERVISOR"/>
                        
                        <security:intercept-url pattern="/user/**" access="IS_AUTHENTICATED_REMEMBERED"/>  
        
                        <security:intercept-url pattern="/login.html" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED"/>
        
                        <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY, IS_AUTHENTICATED_REMEMBERED"/>
                    </security:filter-security-metadata-source>
                </property>
            </bean>
        
            <bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
                <property name="providers">
                    <list>
                        <ref local="daoAuthenticationProvider"/>
        
                        <bean class="org.springframework.security.authentication.AnonymousAuthenticationProvider">
                            <property name="key" value="${env.security.anonymous.key}"/>
                        </bean>
                        <bean class="org.springframework.security.authentication.RememberMeAuthenticationProvider">
                            <property name="key" value="${env.security.remembersme.key}"/>
                        </bean>
                    </list>
                </property>
            </bean>
        
            <bean id="cacheManager" class="org.springframework.cache.ehcache.EhCacheManagerFactoryBean">
                <property name="configLocation" value="classpath:/ehcache.xml"/>
            </bean>
        
            <bean id="userCacheBackend" class="org.springframework.cache.ehcache.EhCacheFactoryBean">
                <property name="cacheManager" ref="cacheManager"/>
                <property name="cacheName" value="userCache"/>
            </bean>
        
            <bean id="userCache" class="org.springframework.security.core.userdetails.cache.EhCacheBasedUserCache">
                <property name="cache">
                    <ref local="userCacheBackend"/>
                </property>
            </bean>
        
            <bean id="passwordEncoder" class="org.springframework.security.authentication.encoding.ShaPasswordEncoder"/>
        
            <!-- This bean is optional; it isn't used by any other bean as it only listens and logs -->
            <bean id="loggerListener" class="org.springframework.security.authentication.event.LoggerListener"/>
        </beans>
        Dispatcher: You don't really need this for the URLRewrite
        Code:
            <context:component-scan base-package="your.package"/>
        
            <bean class="org.springframework.web.servlet.mvc.annotation.DefaultAnnotationHandlerMapping"/>
            <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter"/>
            
        
            <bean class="org.springframework.beans.factory.annotation.RequiredAnnotationBeanPostProcessor"/>
            <bean id="propertyConfigurer2" class="com.iteezy.server.util.HostPrecedingPropertyPlaceholderConfigurer">
                <property name="location" value="classpath:config.properties"/>
            </bean>
        
            <bean id="annotationValidator"  class="org.springmodules.validation.bean.BeanValidator" >
                <qualifier value="annotationValidator"/>
                <property name="configurationLoader" ref="configurationLoader" />
            </bean>
            <bean id="configurationLoader" class="org.springmodules.validation.bean.conf.loader.annotation.AnnotationBeanValidationConfigurationLoader"/>
        
            <bean id="viewNameTranslator" class="org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator"/>
        
            <bean id="exceptionResolver" class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"
                  abstract="false"
                  scope="singleton" lazy-init="default">
                <property name="exceptionMappings">
                    <props>
                        <prop key="java.lang.Exception">error</prop>
                    </props>
                </property>
            </bean>
            
        </beans>
        Code:
        <urlrewrite use-query-string="true">
            <rule match-type="wildcard">
                <from>/</from>
                <to>/index.html</to>
            </rule>
        
            <rule>
                <from>/some/(.*)</from>
                <to>/some.html?vc=$1</to>
            </rule>
        
            <!--
            <rule>
                <condition name="host" operator="notequal">www.host.com</condition>
                <to type="permanent-redirect">http://www.host.com$1</to>
            </rule>
            -->
        
        </urlrewrite>
        For obvious reason this has been trimmed where needed but you should get the idea. You might want to give this book read:
        "Pro Web 2.0 Application Development with GWT" Don't let the GWT mislead you. The book has all you need to get the stuff running.

        All I have is what I posted in the web.xml, Than it should work. It is spring independent. Most likely your web.xml is messed up. You should post that.

        Comment


        • #5
          Hi again,

          I really appreciate your help, I'll give it a try.

          Kind regards,

          Jose

          Comment

          Working...
          X