here is the description of problem. I am develepping a web application with GWT. I have successfullly integrate spring security with gwt for the authentication feature with the following code. Now I want to use the spring "method security" in my web application. So I did what it says in http://static.springsource.org/spring-security/site/docs/3.1.x/reference/ns-config.html,
just adding <global-method-security secured-annotations="enabled"/> in the above mentionned application context file.
<http>
<http-basic/>
<intercept-url pattern="/**" access=""/>
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="jimis" password="jimispassword" authorities="ROLE_USER,ROLE_ADMIN" />
<user name="bob" password="bobspassword" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
**<global-method-security secured-annotations="enabled"/>**
then adding the annotation #Secured("ROLE_ADMIN") above the function that I what to controle the access
Then I add the declaration of application context in the web.xml as following:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>App.html</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>10</session-timeout> <!-- in minutes -->
</session-config>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>appService</servlet-name>
<servlet-class>com.google.gwt.app.example.server.AppServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>appService</servlet-name>
<url-pattern>/app/appService.rpc</url-pattern>
</servlet-mapping>
</web-app>
Note that I've just declared the gwt-servlet not the spring dispatcher servlet.
However it seems that this configuration doesn't work. In fact, whatever role can have the authority to access the function.
Very Strange.
Hope your answers!
Use a single global-method-security element containing both attributes.
Also read the relevant section of the Spring Security FAQ on issues with using method security and web controllers, if that's what you are doing (you will also find the same issue discussed here).
The log message you report is not an error and is unimportant unless you are using hasPermission() within your expressions.
Related
I would like to to test the Application Insight tool of Microsoft Azure.
For this reason, I took a Spring application, jpetshop (https://github.com/mybatis/jpetstore-6), and I am trying to set up the Application Insight on top of it following this guide: https://learn.microsoft.com/en-us/azure/application-insights/app-insights-java-get-started
I added the Maven dependency and repository and, thanks to Eclipse, I created the ApplicationInsights.xml file with my InstrumentationKey. The only thing that I am not sure about is how to add is the HTTP filter on this application.
I modified the web.xml in this way:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>JPetStore</display-name>
<description>Online Pet Store Sample Application</description>
<context-param>
<param-name>javax.servlet.jsp.jstl.fmt.localizationContext</param-name>
<param-value>StripesResources</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<display-name>Stripes Filter</display-name>
<filter-name>StripesFilter</filter-name>
<filter-class>net.sourceforge.stripes.controller.StripesFilter</filter-class>
<init-param>
<param-name>ActionResolver.Packages</param-name>
<param-value>org.mybatis.jpetstore.web</param-value>
</init-param>
<init-param>
<param-name>Extension.Packages</param-name>
<param-value>net.sourceforge.stripes.integration.spring</param-value>
</init-param>
<init-param>
<param-name>ApplicationInsightsRequestNameInterceptor</param-name>
<param-value>com.microsoft.applicationinsights.web.struts.RequestNameInterceptor</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>StripesFilter</filter-name>
<servlet-name>StripesDispatcher</servlet-name>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>
<servlet>
<servlet-name>StripesDispatcher</servlet-name>
<servlet-class>net.sourceforge.stripes.controller.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>StripesDispatcher</servlet-name>
<url-pattern>*.action</url-pattern>
</servlet-mapping>
</web-app>
However, if I change the filter-mapper field as shown in the guide, the application doesn't work anymore.
Since the jpetshop application uses the Spring framework I also though to modify the *-servlet.xml file. However, this file is not present in this project.
Do you know how can I make the Azure Application Insight work on this application?
Thank you
I think you missed the section where you need to define ApplicationInsights's filter:
<filter>
<filter-name>ApplicationInsightsWebFilter</filter-name>
<filter-class>
com.microsoft.applicationinsights.web.internal.WebRequestTrackingFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>ApplicationInsightsWebFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I tried spring security with GWT, its redirecting to login perfectly.
I stopped the server and started again and tried to access the URL.
Application doesn't show the login page. It directly going to home page.
Is this how the security works, how to make it work. User name, password and roles are configured in spring configuration files.
web.xml
<!-- web.xml -->
<web-app>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/gwtsecuritydemo-security.xml
/WEB-INF/gwtsecuritydemo-base.xml
</param-value>
</context-param>
<!-- Spring Security Filter Chain -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Servlets -->
<servlet>
<servlet-name>greetServlet</servlet-name>
<servlet-class>au.com.securitydemo.gwt.maven.sample.server.GreetingServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>greetServlet</servlet-name>
<url-pattern>/gwtsecuritydemo/greet</url-pattern>
</servlet-mapping>
<!-- Default page to serve -->
<welcome-file-list>
<welcome-file>gwtsecuritydemo.html</welcome-file>
</welcome-file-list>
</web-app>
and
spring configuration.
<!-- Spring Config -->
<http auto-config="true">
<intercept-url pattern="/*" access="ROLE_USER" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider>
<user-service>
<user authorities="ROLE_USER" name="guest" password="guest" />
</user-service>
</authentication-provider>
</authentication-manager>
Thanks,
Bennet.
You server preserved sessions during restart or you configured "remember-me cookie".
To be sure, remove relevant cookies (usually JSESSIONID and REMEMBER_ME) from your browser and reload the page.
I've looked through all similar Qs on stackoverflow but it didn't help, sorry. The main difference I have from all of them is that I got EMPTY action name in error message. Googling didn't help :(
Hope someone just could give a hint where to look for the source of the problem. thx
message:
Stacktraces
There is no Action mapped for namespace [/] and action name [] associated with context path [/struts]. - [unknown location]
com.opensymphony.xwork2.DefaultActionProxy.prepare(DefaultActionProxy.java:185)
org.apache.struts2.impl.StrutsActionProxy.prepare(StrutsActionProxy.java:63)
org.apache.struts2.impl.StrutsActionProxyFactory.createActionProxy(StrutsActionProxyFactory.java:39)
com.opensymphony.xwork2.DefaultActionProxyFactory.createActionProxy(DefaultActionProxyFactory.java:58
..................
struts.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.0//EN"
"http://struts.apache.org/dtds/struts-2.0.dtd">
<struts>
<constant name="struts.devMode" value="true" />
<package name="default" namespace="/*" extends="struts-default">
<action name="login"
class="training.struts.action.LoginAction">
<result>login.jsp</result>
</action>
</package>
</struts>
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<display-name>Struts Lab</display-name>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Config -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/springServlet/appServlet/mvc-servlet.xml,
/WEB-INF/db/db-cfg.xml,
/WEB-INF/springServlet/application-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/springServlet/appServlet/mvc-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- *** -->
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
well..image is impossible so the project structure is:
src/main/java
----+training.struts.action.LoginAction.java
src/main/webapp
----+WEB-INF
--------+classes
-----------+struts.xml
--------+db
-----------+db-cfg.xml
--------+springServlet
-----------+appServlet
---------------+mvc-servlet.xml
-----------+application-security.xml
--------+index.jsp
--------+login.jsp
--------+web.xml
UPDATE:
So sad to be stupid =(
I've moved my login.jsp from WEB-INF to webapp root and that solved the problem.
UPDATE2:
I've made some investigation:
if I remove "welcome-file-list" block from web.xml, container will look for "index.jsp" in webapp root to show as first view on application running. If I delete "index.jsp" then I'll got the identical exception message:
There is no Action mapped for namespace [/] and action name [] associated with context path [/struts]
So in my opinion if you have empty action name in error message with correct xml settings for struts, the first step should be start-up JSP availability checking.
Cheers, guys.
Add the below blank action to you struts.xml file in "/" package namespace and it will show the index.html when you will only try to access your url (like appid.app.com) and it will not show the error. Normally it will add a blank action and app engine will redirect the blank action to your welcome file.
<action name="" class="com.candi.actions.Dashboard" method="noAction">
<result name="success">index.jsp</result>
</action>
Add / in your namespace instead of /* :
<package name="default" namespace="/" extends="struts-default">
Or if issue not resolved than you can use Config Browser Plugin.
The Config Browser Plugin is a simple tool to help view an application's configuration at runtime. It is very useful when debugging problems that could be related to configuration issues.
OK, so I have placed login.jsp in a wrong place in my web-app folders structure.
That was the mistake
Add the following package in struts.xml
<package name="default" namespace="/" extends="struts-default">
<action name="login"
class="training.struts.action.LoginAction">
<result>login.jsp</result>
</action>
</package>
I changed the namespace in package tag to '/' and the problem resolved!!!
For me, I changed the opening tag of the web.xml file from
<web-app>
to
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
This question already has answers here:
Why request is going to Struts Dispatcher?
(2 answers)
Closed 6 years ago.
I am using jersey with Struts2. But by RestFul Service calls are not working. Below are my configurations files
struts.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE struts PUBLIC
"-//Apache Software Foundation//DTD Struts Configuration 2.1//EN"
"http://struts.apache.org/dtds/struts-2.1.dtd">
<struts>
<package name="default" namespace="/" extends="struts-default">
<result-types>
<result-type name="tiles" class="org.apache.struts2.views.tiles.TilesResult" />
</result-types>
<interceptors>
<interceptor-stack name="default">
<interceptor-ref name="defaultStack">
<param name="exception.logEnabled">true</param>
<param name="exception.logLevel">ERROR</param>
<param name="params.excludeParams">/service/*</param>
</interceptor-ref>
</interceptor-stack>
</interceptors>
<default-interceptor-ref name="default" />
<action name="defaultAction"
class="com.gemini.web.controller.BinMasterController"
method="binMaster">
<result name="binMaster" type="tiles">binMaster</result>
</action>
</package>
</struts>
Web.xml
<!DOCTYPE web-app PUBLIC
"-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
"http://java.sun.com/dtd/web-app_2_3.dtd" >
<web-app>
<!-- Client config -->
<context-param>
<param-name>
org.apache.tiles.impl.BasicTilesContainer.DEFINITIONS_CONFIG
</param-name>
<param-value>
/WEB-INF/tiles.xml
</param-value>
</context-param>
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>
org.apache.struts2.tiles.StrutsTilesListener
</listener-class>
</listener>
<!-- Jersey Support Configuration for RestFul WebServices -->
<servlet>
<servlet-name>jersey-serlvet</servlet-name>
<servlet-class>
com.sun.jersey.spi.container.servlet.ServletContainer
</servlet-class>
<init-param>
<param-name>com.sun.jersey.config.property.packages</param-name>
<param-value>com.gemini.rest.controller</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-serlvet</servlet-name>
<url-pattern>/service/*</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
</web-app>
With this configuration Struts2 filter intercepts all requests.
To exclude your /service/* requests use struts.action.excludePattern constant:
<constant name="struts.action.excludePattern" value="/service/.*" />
I have a similar architecture (using Struts2 and Jersey).
In my web.xml I have:
<filter>
<filter-name>struts2</filter-name>
<filter-class>
org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
My Jersey is configured through an extended ResourceConfig:
#ApplicationPath("rest")
public class Config extends ResourceConfig {
public Config() {
super();
register(new Binder());
packages(true, this.getClass().getPackage().getName());
}
}
So the two are on separate url paths:
Struts is on /admin and Jersey is on /rest.
I found the same question asked previously here but I didn't found the suitable answer. I am designing my web in JSF2.0 with PrimeFaces 3.5 as a JSF component suite. Below is the error coming while automatic deploy is in process-
Below is the error which is coming while restarting the GlassFish Server 3.1.2 (As automatic deploy is not working so i thought of restarting it)-
Below is the error displayed by GlassFish Server 3.1.2 in Eclipse console-
SEVERE: service exception
java.lang.NullPointerExceptionnull at java.lang.String.replace(String.java:2219)null at com.sun.enterprise.v3.common.PropsFileActionReporter.setMessage(PropsFileActionReporter.java:67)null at com.sun.enterprise.v3.admin.AdminAdapter.service(AdminAdapter.java:219)null at com.sun.grizzly.tcp.http11.GrizzlyAdapter.service(GrizzlyAdapter.java:179)null at com.sun.enterprise.v3.server.HK2Dispatcher.dispath(HK2Dispatcher.java:117)null at com.sun.enterprise.v3.services.impl.ContainerMapper$Hk2DispatcherCallable.call(ContainerMapper.java:354)null at com.sun.enterprise.v3.services.impl.ContainerMapper.service(ContainerMapper.java:195)null at com.sun.grizzly.http.ProcessorTask.invokeAdapter(ProcessorTask.java:860)null at com.sun.grizzly.http.ProcessorTask.doProcess(ProcessorTask.java:757)null at com.sun.grizzly.http.ProcessorTask.process(ProcessorTask.java:1056)null at com.sun.grizzly.http.DefaultProtocolFilter.execute(DefaultProtocolFilter.java:229)null at com.sun.grizzly.DefaultProtocolChain.executeProtocolFilter(DefaultProtocolChain.java:137)null at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:104)null at com.sun.grizzly.DefaultProtocolChain.execute(DefaultProtocolChain.java:90)null at com.sun.grizzly.http.HttpProtocolChain.execute(HttpProtocolChain.java:79)null at com.sun.grizzly.ProtocolChainContextTask.doCall(ProtocolChainContextTask.java:54)null at com.sun.grizzly.SelectionKeyContextTask.call(SelectionKeyContextTask.java:59)null at com.sun.grizzly.ContextTask.run(ContextTask.java:71)null at com.sun.grizzly.util.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:532)null at com.sun.grizzly.util.AbstractThreadPool$Worker.run(AbstractThreadPool.java:513)null at java.lang.Thread.run(Thread.java:679)null
My web.xml looks like below-
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="portal" version="3.0">
<display-name>Portal</display-name>
<!-- Change to "Production" when you are ready to deploy -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<context-param>
<param-name>primefaces.THEME</param-name>
<param-value>cupertino</param-value>
</context-param>
<context-param>
<param-name>javax.faces.INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL</param-name>
<param-value>true</param-value>
</context-param>
<!-- Primefaces file upload -->
<!-- thresholdSize specifies the maximum file size in bytes to keep uploaded
files in memory. If it exceeds this limit, it’ll be temporarily written to
disk. -->
<!-- uploadDirectory is the folder where to keep temporary files that exceed
thresholdSize. -->
<filter>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<filter-class>org.primefaces.webapp.filter.FileUploadFilter</filter-class>
<init-param>
<param-name>thresholdSize</param-name>
<param-value>51200</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>PrimeFaces FileUpload Filter</filter-name>
<servlet-name>Faces Servlet</servlet-name>
</filter-mapping>
<context-param>
<param-name>uploadDirectory</param-name>
<param-value>/opt/upload/</param-value>
</context-param>
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
</web-app>
I am using Eclipse Indigo on Ubuntu 10.04.4 LTS.