Announcement Announcement Module
Collapse
No announcement yet.
Redirecting to a secure channel Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Redirecting to a secure channel

    I have successfully implemented authentication/authorization security for SOAP requests using Spring Security with Spring WS and the Wss4jSecurityInterceptor which acts on the request during SOAP message processing.

    Now I would like to use the intercept-url mechanism in Spring Security to redirect non-secure requests (port 80) to the secure channel (port 443). I have not found any documentation on doing this so I have tried what seemed to be the way it should be done based on the Spring Security documentation for a normal webapp. From what I am running into, it doesn't appear that this is supported, but I may be doing something wrong.

    The first step in intercepting requests for Spring Security is to add a Spring DelegatingFilterProxy to the web.xml. The DelegatingFilterProxy is supposed to delegate to a springSecurityFilterChain bean that is implicitly created in the application context when the security namespace is used. However, when I add the filter to the web.xml the DelegatingFilterProxy throws an IllegalStateException because it is unable to find the WebApplicationContext:

    Code:
    java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
    	at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:159)
    	at org.mortbay.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1148)
    	at org.mortbay.jetty.servlet.ServletHandler.handle(ServletHandler.java:387)
    My web.xml contains the standard Spring WS MessageDispatcherServlet declaration and the standard Spring Security filter declaration:

    Code:
        <servlet>
            <servlet-name>myapp</servlet-name>
            <servlet-class>org.springframework.ws.transport.http.MessageDispatcherServlet</servlet-class>
            <init-param>
                <param-name>transformWsdlLocations</param-name>
                <param-value>true</param-value>
            </init-param>
        </servlet>
    
        <servlet-mapping>
            <servlet-name>myapp</servlet-name>
            <url-pattern>/*</url-pattern>
        </servlet-mapping>
        
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
      
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>
    My application context is provided in the WEB-INF directory as myapp-servlet.xml and everything works fine when the filter is not present.

    Am I missing something (should I be explicitly adding a ContextLoaderListener to the web.xml), or is this just not supported? If not, should it be, or is there an alternative way I should be doing this. I will probably end up using a global redirect in my Tomcat configuration, but I would like to not have to rely on that.

  • #2
    Element filter must be the first in web.xml file...

    Comment


    • #3
      Originally posted by afborroy View Post
      Element filter must be the first in web.xml file...
      Thanks for the correction. I moved the filter up to be the first declaration in the web.xml, but I still got the same error.

      Comment

      Working...
      X