Websphere 7 - universal match pattern ('/**') is defined before other patterns

Printable View

Show 40 post(s) from this thread on one page

May 21st, 2012, 12:23 PM
iojohnso

2 Attachment(s)

Websphere 7 - universal match pattern ('/**') is defined before other patterns

I have generated a spring project using Roo, and used the security setup addon to add in the spring security. The security works fine on Tomcat 7, but am running into the following problem when trying to deploy to Websphere 7.0.0.19. I'm currently using Spring Security 3.1.0.RELEASE. I've seen other projects use the Spring DelegatingFilterProxy just fine within Websphere. Anybody have any ideas?

Error from StackTrace:

Code:

E org.springframework.web.context.ContextLoader initWebApplicationContext Context initialization failed org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration

applicationContext-security.xml

Code:

<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">  <http auto-config="true" use-expressions="true" > <form-login login-processing-url="/resources/j_spring_security_check" login-page="/login" authentication-failure-url="/login?login_error=t" /> <logout logout-url="/resources/j_spring_security_logout" />  <intercept-url pattern="/login" access="permitAll" /> <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/jobtypes/**" access="isAuthenticated()" /> <intercept-url pattern="/tests/**" access="permitAll" />  <intercept-url pattern="/resources/**" access="permitAll" /> <intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> </http>  <beans:bean name="myCompanyAuthenticationProvider" class="edu.mycompany.project.security.MyCompanyAuthenticationProvider" /> <authentication-manager alias="authenticationManager"> <authentication-provider ref="myCompanyAuthenticationProvider" /> </authentication-manager> </beans:beans>

UPDATE:

I have confirmed the security config is getting loaded twice. I have uploaded my web.xml

Still not exactly sure why it is loading twice though. Will work in the forums on this. Thanks!
Aug 17th, 2012, 11:30 AM
Rob Winch

For others that land on this thread. This was logged as SEC-2034 and determined to be invalid. The cause is that the configuration is being loaded twice (exact reasons still under investigation by the reporter).
Aug 20th, 2012, 08:15 AM
Rob Winch

Are you importing the other configurations in an XML file in addition to having it being picked up in the web.xml (i.e. are you using <import /> within any of your configuration files)?

PS: Editing a post does not send a notification on the forums so it is best to make a new post (this way I know you have updated the thread)
Aug 20th, 2012, 10:17 AM
iojohnso

I have found the culprit of the multiple config files loading twice. It has to do with how Spring Roo initially creates the web.xml file - an extra asterisk is added after classpath. I have opened a spring roo ticket here.

Quote:

When the "web mvc setup" command is run, the web.xml is setup with the following path to the spring context files...

Code:

<context-param> <param-name>contextConfigLocation</param-name> <param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value> </context-param>

The first asterisk is the culprit for the spring config files (-spring.xml specifically) being picked up multiple times when running on Websphere 7.0.0.19 (The app deploys fine on Tomcat however). After I remove that asterisk, then the application loads fine

Quote:

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:META-INF/spring/applicationContext*.xml</param-value>
</context-param>

Is there a reason for the first asterisk? If not, please remove. Thanks!
Aug 20th, 2012, 10:23 AM
Rob Winch

I would enable debug logging and see what files are getting loaded. Perhaps you have an XML file in a jar that is getting picked up.
Aug 20th, 2012, 10:39 AM
iojohnso

Here are the two locations they are being picked up from.

org.springframework.beans.factory.xml.XmlBeanDefin itionReader loadBeanDefinitions Loading XML bean definitions from file...

Code:

C:\app_workspace_sts_workload\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\workload\WEB-INF\classes\META-INF\spring\applicationContext-security.xml

Code:

C:\app_workspace_sts_workload\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\workload\META-INF\spring\applicationContext-security.xml

So when the app is deploying it is pushing the applicationContext-security.xml to two different locations?
Aug 20th, 2012, 10:53 AM
Rob Winch

It would appear that you either have the file in your project twice or it is being deployed twice. It appears you are using Eclipse to deploy your project to WAS. One thing that looks weird to me is that the file would normally be something like this:

Code:

C:\app_workspace_sts_workload\.metadata\.plugins\org.eclipse.wst.server.core\tmp1\wtpwebapps\workload\META-INF\spring\applicationContext-security.xml

Can you try building the web application (i.e. converting it to a WAR) and seeing if the resulting war contains the xml file twice? Since you are using Roo I assume it is a Maven project so you can just run mvn clean package to get the war. If the XML file is not in the resulting war twice it is probably an issue with the WAS WTP integration with Eclipse.
Aug 20th, 2012, 10:59 AM
Rob Winch

PS: You can then try running the packaged war on WAS without Eclipse to see if that works
Aug 20th, 2012, 01:03 PM
iojohnso

After running mvn clean package there are two files generated into the war...

Code:

\WEB-INF\classes\META-INF\spring\applicationContext-security.xml \META-INF\spring\applicationContext-security.xml

Any ideas on how to avoid having both of those created?
Aug 20th, 2012, 01:58 PM
Rob Winch

Quote:

Originally Posted by iojohnso

After running mvn clean package there are two files generated into the war...

Code:

\WEB-INF\classes\META-INF\spring\applicationContext-security.xml \META-INF\spring\applicationContext-security.xml

Any ideas on how to avoid having both of those created?

It is difficult to say without seeing your pom.xml and your project structure. When I run the Spring Roo vote sample script and then package it with Maven it works properly (i.e. the security file is found in WEB-INF only) so it is likely something that has been modified. I would try the sample and see if that works and then do a diff on your project and the sample to see what is different.

Show 40 post(s) from this thread on one page