I am using Spring Security to secure an application that has both web pages and web services. I just migrated from Spring Security 2.x to 3.0.5. My configuration allows clients to load wsdl and xsd files using anonymous authentication. After upgrading (and reconfiguring for the new packages, etc.) , this is no longer functioning properly. The way that I am attempting to get this to work is by configuring the FilterChainProxy with "stripQueryFromUrls" as follows:
<bean id="securityFilter" class="org.springframework.security.web.FilterChai nProxy">
<property name="stripQueryStringFromUrls" value="false" />
This part works with SpringSecurity 3.0.5. The problem I am having is when I get to the FilterSecurityInterceptor. The default behavior now seems to be that query strings are stripped from URLs, and there doesn't seem to be a way to change this using the security name space. I also tried to define my own DefaultFilterInvocationSecurityMetadataSource in order to set the stripQueryStringFromUrls property manually, but I haven't been able to figure out how to configure it. I have copied part of my configuration below. Does anyone know how I can get this to work?
<bean id="filterSecurityInterceptor" class="org.springframework.security.web.access.int ercept.FilterSecurityInterceptor">
<property name="authenticationManager" ref="authenticationManager" />
<property name="accessDecisionManager" ref="accessDecisionManager" />