Results 1 to 3 of 3

Thread: Spring Security failing with URL Redirection

  1. Jul 23rd, 2012, 04:18 AM #1
    robbobkirk
    robbobkirk is offline Junior Member
    Join Date
    Jul 2012
    Posts
    2

    Default Spring Security failing with URL Redirection

    I've stripped this back to the simplest security config :

    In my security-context.xml file
    Code:
    <security:http auto-config="true">
<security:intercept-url pattern="/**" access="ROLE_USER" />
</security:http>
    In my web.xml
    Code:
    <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
 </filter-mapping>
    In Apache do a rewrite in Apache so that http://localhost/myapp appears at http://localhost using this

    Code:
    # Remove double "myapp" in url
RewriteRule ^/myapp/(.*) /$1

# Check to see if content can be served locally - rewrite back if not
RewriteCond /dir/to/static/content -f
RewriteRule ^/(.*) /myapp/$1 [PT]

JkMount /myapp/* loadbalancer

    However, logging in using the built in Spring Security I get this
    Reason: Authentication method not supported: GET

    This is with version 3.0.6 of Spring Security and the rewriting works fine as a standard Spring app without security.

    Any help or advice as I've been struggling with this for ages.
    Reply With Quote Reply With Quote
  2. Jul 23rd, 2012, 01:55 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    You must submit a POST in order for a user to login. What does your HTML look like? What does the HTTP request look like before and after Apache. In summary, you will get this error if Spring Security sees a GET submitted to the UsernamePasswordAuthenticationFilter.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  3. Jul 25th, 2012, 02:51 AM #3
    robbobkirk
    robbobkirk is offline Junior Member
    Join Date
    Jul 2012
    Posts
    2

    Default

    Rob, thanks for your reply. Yes I was using Apache rewriting that translate a POST request into a GET request.

    I was unable to get this working with Apache mod_jk and used Apache mod_proxy instead.
    This is the solution I came up with :

    In Apache
    Code:
    <Proxy>
   Order deny,allow
   Allow from all
</Proxy>

RewriteCond /dir/to/static/content/%{REQUEST_FILENAME} !-f
RewriteRule ^/(.*) ajp://127.0.0.1:8009/myapp/$1 [P]
ProxyPassReverse /  http://myurl/myapp/
ProxyPassReverseCookiePath /myapp /
    In Spring

    Code:
    <security:http auto-config="false" use-expressions="true" disable-url-rewriting="true">
   <security:intercept-url pattern="/app/login" access="permitAll" />
   <security:intercept-url pattern="/app/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
   <security:form-login
    login-page="/app/login"
    authentication-failure-url="/app/login?f=1"
    default-target-url="/app/map"/>
   <security:logout logout-url="/app/logout"/>
 </security:http>
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules