Mar 14th, 2012, 07:49 PM
custom login with spring security set to permitted() not working
I have created a custom login web service (additional things are done upon login) and have set the path to be allowed to bypass security <intercept-url pattern="/app/juser/login" access="permitAll()"/>
This works fine and I have not had any issues with it. However, so far I have only accessed my app via explicit ip
Now, I have set up a domain name for my app and when I try to access this call it does not bypass security. It tries to find the user from the session (as with any secured calls) and then fails with since the user is not yet authenticated (it's the login call).
So to be clear- if I access http://the.server.ip/myapp/app/juser/login, it works fine. If I access http://my_domain_name/myapp/app/juser/login it does not bypass security.
What could be the issue here?
Mar 15th, 2012, 01:33 PM
Some more data
I added degug logging and the same servletpath and pathinfo are set for both calls (using domain and ip)
But when using the domain I get 2012-03-15 18:33:05,486 [TP-Processor3] DEBUG com.pluggedin.auth.AjaxAuthenticationFailureHandle r: No failure URL set, sending 401 Unauthorized error
(it is not recognizing that you can access the url without being authenticated)
while when using the ip it allows it through
What's the issue here?
Mar 16th, 2012, 08:52 AM
issue due to no webapp name in path
I have narrowed down the issue.
When I include my web app name in my path it works, but when I leave it out (which is possible since my web app is the default one for the virtual host) it does not work.
So- www.mydomainname.com/mywebapp/app/juser/login -- works
www.mydomainname.com/app/juser/login --- doesn't work
Remember, that it actually goes to the web app, the thing that doesn't work is the security setting of permitAll() For some reason when it does not have the web app name in the path it's not getting matched correctly.
Is this a bug in spring?