Announcement Announcement Module
Collapse
No announcement yet.
Spring Security change the URL Resolver ??? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security change the URL Resolver ???

    Hi folks,

    I have a problem. I have a well working demonstration appli with the Spring MVC framework. I have a controller defined thanks to the @Controller annotation with an @RequestMapping method which is fired if the URL /hello.do is called. Well, it works fine and the logs show the following lines :


    Code:
    DispatcherServlet:1088 Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@5a60d664] in DispatcherServlet with name 'primarycontroller'
    RequestMappingHandlerMapping:226 Looking up handler method for path /hello.do
    RequestMappingHandlerMapping:270 Found 1 matching mapping(s) for [/hello.do] : [{[/hello.*],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}]
    RequestMappingHandlerMapping:233 Returning handler method [public org.springframework.web.servlet.ModelAndView hello.HelloWorld.sendHelloView()]
    so it works as expected.

    Now, if I add the Spring Security filter in the web.xml configuration file like the following lines :
    Code:
      <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring-security.xml</param-value>
      </context-param>
      
      <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
      <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
      </filter-mapping>
    i'm not unable to go on the hello.do page. I *do not* add something else in the project.

    The log is now :

    Code:
    FilterChainProxy:182 Candidate is: '/hello.do'; pattern is /**; matched=true
    ...
    FilterSecurityInterceptor:213 Authorization successful 
    ...
    DispatcherServlet:1088 Testing handler map [org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping@14dd2c34] in DispatcherServlet with name 'primarycontroller'
    BeanNameUrlHandlerMapping:127 No handler mapping found for [/hello.do]
    So as we can notice, the authorization is successuf but the handler mapping is not found. I think it is because the URL resolver change from RequestMappingHandlerMapping to BeanNameUrlHandlerMapping.

    So 2 questions :
    - why this behavior ? is it documented somewhere ?
    - how to keep the original default url resolver which was RequestMappingHandlerMapping ?

    Thanks,

    Laurent

  • #2
    i'm not unable to go on the hello.do page. I *do not* add something else in the project.
    You added the spring-security.xml which contains configuration, you haven't shown us this... Neither have you shown us the configuration of the DispatcherServlet (and the configuration it loads)...

    Comment


    • #3
      Originally posted by Marten Deinum View Post
      You added the spring-security.xml which contains configuration, you haven't shown us this... Neither have you shown us the configuration of the DispatcherServlet (and the configuration it loads)...
      here it is :

      web.xml ( I t tried every order possible : servlet first, then filter, or filter first then servlet, ... )

      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
        <display-name>HelloWorld</display-name>
        <welcome-file-list>
          <welcome-file>hello.do</welcome-file>
        </welcome-file-list>
        
      	<listener>
      		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
      	</listener>
      	
      	    <context-param>
      	        <param-name>log4jConfigLocation</param-name>
      	        <param-value>/WEB-INF/log4j.xml</param-value>
      	    </context-param>
      	 
      	    <listener>
      	        <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
      	    </listener>
      
        <context-param>
          <param-name>contextConfigLocation</param-name>
          <param-value>/WEB-INF/spring-security.xml</param-value>
        </context-param>
        
        <filter>
          <filter-name>springSecurityFilterChain</filter-name>
          <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>
        <filter-mapping>
          <filter-name>springSecurityFilterChain</filter-name>
          <url-pattern>/*</url-pattern>
        </filter-mapping>
      
      
        <servlet>
          <servlet-name>primarycontroller</servlet-name>
          <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
          <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
          <servlet-name>primarycontroller</servlet-name>
          <url-pattern>*.do</url-pattern>
        </servlet-mapping>
      
        
      
      </web-app>
      then the servlet configuration XML file :

      Code:
      <?xml version="1.0" encoding="UTF-8"?>
      <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:jd="http://www.springframework.org/schema/jdbc"
       xmlns:tx="http://www.springframework.org/schema/tx" 
       xsi:schemaLocation="http://www.springframework.org/schema/beans
      	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
      	http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
      	http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
      	http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd">
      
      
      		<bean class="org.springframework.web.servlet.view.XmlViewResolver">
      			<property name="location">
      	        	<value>/WEB-INF/views.xml</value>
      			</property>
      			<property name="order" value="1"/>
      	    </bean>
      
      		<bean id="second-viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
      			<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"/>
         			<property name="prefix" value="/WEB-INF/jsp/"/>
         			<property name="suffix" value=".jsp"/>
         			<property name="order" value="2"/>
      		</bean>
      		
      		<bean id="validator" class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />
      </beans>
      the applicationContext.xml file :

      Code:
      ?xml version="1.0" encoding="UTF-8"?>
      <beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:context="http://www.springframework.org/schema/context"
       xmlns:p="http://www.springframework.org/schema/p"
       xmlns:mvc="http://www.springframework.org/schema/mvc"
       xmlns:jd="http://www.springframework.org/schema/jdbc"
       xmlns:tx="http://www.springframework.org/schema/tx" 
       xsi:schemaLocation="http://www.springframework.org/schema/beans
      	http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
      	http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
      	http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
      	http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-2.5.xsd
      	http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-3.0.xsd">
      
       	<context:component-scan base-package="hello, calculatrice, rh" />
        	<mvc:annotation-driven />
       	<context:annotation-config />
      
       	<!-- JTA : annotation contrôlé par le container -->
       	<tx:annotation-driven /> 
      	
       	<!-- Uniquement pour JPA -->
       	<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource" 
       		p:driverClassName="org.postgresql.Driver" 
       		p:url="jdbc:postgresql://localhost:5432/spring" 
       		p:username="spring" p:password="spring" /> 
       
       	<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean" 
      		p:dataSource-ref="dataSource" 
      		p:persistence-unit-name="jpa"> 
      
      		<property name="jpaVendorAdapter"> 
          		<bean class="org.springframework.orm.jpa.vendor.HibernateJpaVendorAdapter" 
      				
      				p:databasePlatform="org.hibernate.dialect.PostgreSQLDialect" 
      				p:showSql="true" p:generate-ddl="true" /> 
          	</property> 
      	</bean> 
      
       	<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager" 
      		p:entityManagerFactory-ref="entityManagerFactory" /> 
      
       </beans>
      and finally the spring-security.xml file :

      Code:
      <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xmlns:security="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
                 http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                 http://www.springframework.org/schema/security
                 http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">
      
      	<security:http auto-config="true" >
      		<security:intercept-url pattern="/employe*" access="ROLE_USER" />
      		<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
      		<!-- 
      		<form-login login-page="/login" default-target-url="/welcome"
      			authentication-failure-url="/loginfailed" />
      		<logout logout-success-url="/logout" />
      		 -->
      	</security:http>
       
      	<security:authentication-manager>
      	  <security:authentication-provider>
      	    <user-service>
      		<user name="root" password="root" authorities="ROLE_USER" />
      	    </user-service>
      	  </security:authentication-provider>
      	</security:authentication-manager>
      </beans:beans>
      thanks,

      Laurent

      Comment

      Working...
      X