Error: "IllegalArgumentException: A universal match pattern ('/**') is defined..."
Hi Everyone,
I am seeing an issue with my configuration. It is causing a Spring Security error:
Code:Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <s ecurity:http> namespace or FilterChainProxy bean configuration at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49) at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39) at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:148)
I am using Spring Framework 3.0.6.RELEASE, plus the following Spring Security libraries:
My OAuth2 security configuration is below. Most of which were copied out of the Sparklr sample app:Code:spring-security-config-3.1.0.RELEASE.jar spring-security-core-3.1.0.RELEASE.jar spring-security-crypto-3.1.0.RELEASE.jar spring-security-oauth-1.0.0.M5.jar spring-security-oauth2-1.0.0.M5.jar spring-security-web-3.1.0.RELEASE.jar
If I remove the "AUTH ENDPOINT" <http> element, the stack trace goes away. I tried removing individual <intercept-url> elements, but the error persists.Code:<?xml version="1.0" encoding="UTF-8" standalone="no"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:oauth="http://www.springframework.org/schema/security/oauth2" xmlns:security="http://www.springframework.org/schema/security" xmlns:p="http://www.springframework.org/schema/p" xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd"> <oauth:authorization-server client-details-service-ref="storews.clientDetailsService" token-services-ref="storews.tokenServices"> <oauth:authorization-code /> <oauth:implicit disabled="true" /> <oauth:refresh-token disabled="true" /> <oauth:client-credentials disabled="true" /> <oauth:password disabled="true" /> </oauth:authorization-server> <!-- AUTH ENDPOINT --> <http access-denied-page="/oauth/login.jsp" access-decision-manager-ref="storews.accessDecisionManager" xmlns="http://www.springframework.org/schema/security"> <!-- This needs to be anonymous so that the auth endpoint can handle oauth errors itself --> <intercept-url pattern="/oauth/authorize" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/oauth/**" access="ROLE_USER" /> <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY,DENY_OAUTH" /> <form-login authentication-failure-url="/oauth/login.jsp" default-target-url="/index.jsp" login-page="/oauth/login.jsp" login-processing-url="/login.do" /> <logout logout-success-url="/index.jsp" logout-url="/logout.do" /> <anonymous /> <custom-filter ref="storews.resourceServerFilter" before="EXCEPTION_TRANSLATION_FILTER" /> </http> <oauth:resource-server id="storews.resourceServerFilter" token-services-ref="storews.tokenServices" /> <bean id="storews.accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased"> <constructor-arg> <list> <bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" /> <bean class="org.springframework.security.access.vote.RoleVoter" /> <bean class="org.springframework.security.access.vote.AuthenticatedVoter" /> </list> </constructor-arg> </bean> <!-- Token Endpoint --> <http create-session="never" xmlns="http://www.springframework.org/schema/security" authentication-manager-ref="storews.clientAuthenticationManager"> <intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> <anonymous enabled="false" /> <http-basic /> <custom-filter ref="storews.clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" /> </http> <bean id="storews.clientCredentialsTokenEndpointFilter" class="com.company.security.oauth2.filter.ClientMacAuthorizationTokenEndpointFilter" p:authenticationManager-ref="storews.clientAuthenticationManager" /> <authentication-manager alias="storews.clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security"> <authentication-provider user-service-ref="storews.clientDetailsUserDetailsService" /> </authentication-manager> <bean id="storews.clientDetailsUserDetailsService" class="com.company.security.oauth2.ClientDetailsUserDetailsService" p:clientDetailsService-ref="storews.clientDetailsService" /> <oauth:client-details-service id="storews.clientDetailsService"> <oauth:client client-id="myClientId" secret="secret" authorized-grant-types="authorization_code" authorities="ROLE_TRUSTED_CLIENT" redirect-uri="https://shop.clientcompany.com/oauth/return" /> </oauth:client-details-service> <bean id="storews.tokenServices" class="org.springframework.security.oauth2.provider.token.RandomValueTokenServices" p:accessTokenValiditySeconds="31536000" p:supportRefreshToken="false"> <property name="tokenStore"> <bean class="org.springframework.security.oauth2.provider.token.InMemoryTokenStore" /> </property> </bean> </beans>
Am I doing something wrong, or is this a known issue?
Thank you!
Reply With Quote
