custom login with spring security set to permitted() not working

[tirtzab]

I have created a custom login web service (additional things are done upon login) and have set the path to be allowed to bypass security <intercept-url pattern="/app/juser/login" access="permitAll()"/>

This works fine and I have not had any issues with it. However, so far I have only accessed my app via explicit ip

Now, I have set up a domain name for my app and when I try to access this call it does not bypass security. It tries to find the user from the session (as with any secured calls) and then fails with since the user is not yet authenticated (it's the login call).

So to be clear- if I access http://the.server.ip/myapp/app/juser/login, it works fine. If I access http://my_domain_name/myapp/app/juser/login it does not bypass security.

What could be the issue here?

[tirtzab]

I added degug logging and the same servletpath and pathinfo are set for both calls (using domain and ip)

servletPath:/app
pathInfo:/juser/login

But when using the domain I get 2012-03-15 18:33:05,486 [TP-Processor3] DEBUG com.pluggedin.auth.AjaxAuthenticationFailureHandle r: No failure URL set, sending 401 Unauthorized error
(it is not recognizing that you can access the url without being authenticated)

while when using the ip it allows it through

What's the issue here?

[tirtzab]

I have narrowed down the issue.

When I include my web app name in my path it works, but when I leave it out (which is possible since my web app is the default one for the virtual host) it does not work.

So- www.mydomainname.com/mywebapp/app/juser/login -- works
www.mydomainname.com/app/juser/login --- doesn't work

Remember, that it actually goes to the web app, the thing that doesn't work is the security setting of permitAll() For some reason when it does not have the web app name in the path it's not getting matched correctly.

Is this a bug in spring?