Results 1 to 3 of 3

Thread: intercept-url is not intercepting URL

  1. Aug 9th, 2012, 01:54 PM #1
    shekher.awasthi
    shekher.awasthi is offline Junior Member
    Join Date
    Jun 2012
    Posts
    5

    Default intercept-url is not intercepting URL

    Hi All,

    I am trying to add Spring security to my Struts2 based application and for some areas its working fine but it seems like for some its not working at all.this is a snap-shop of my spring-security.xml file

    Code:
    <http auto-config="false" entry-point-ref="preAuthenticatedProcessingFilterEntryPoint">
<intercept-url pattern="/bd/account/get-user-by-id" access="ROLE_ADMIN,ROLE_USER" />
<access-denied-handler error-page="/login?simple=true"/>
<custom-filter ref="preAuthFilter" position="PRE_AUTH_FILTER" />
</http>
    i have defined fre more such interceptor patterns in my xml file. In the above code
    Code:
    <access-denied-handler error-page="/login?simple=true"/>
    /login is Struts2 action and my expectation is as follow from this

    1. If non-logged in user click on the above link Spring-security should send it to access-denied handler.
    2 Access denied handler is a Struts2 action and it should get called which should simply show login page to the user.

    above login action of Struts2 is working fine in normal condition but it seems that Spring security is not intercepting this URL at all or not calling the Struts2 action.
    i have configured my Struts2 filter to even handle FORWARD request as follow

    Code:
     <filter-mapping>
        
          <filter-name>action2</filter-name>
          <url-pattern>/*</url-pattern>
          <dispatcher>REQUEST</dispatcher>    
         <dispatcher>FORWARD</dispatcher>
         <dispatcher>INCLUDE</dispatcher>
         <dispatcher>ERROR</dispatcher>
    </filter-mapping>
    i am not sure where i am doing wrong in this.
    Reply With Quote Reply With Quote
  2. Aug 9th, 2012, 05:31 PM #2
    Rob Winch
    Rob Winch is offline Senior Member Spring Team
    Join Date
    Jan 2008
    Posts
    1,826

    Default

    Which link are you speaking of of when you say you click on it? Is /bd the context root (you should not include the context root in the intercept-url patterns)? What does your preAuthFilter look like? What does preAuthenticatedProcessingFilterEntryPoint look like? The denied entry point would only happen if the user is already authenticated and is not allowed access (i.e. the user is ROLE_USER and the URL requires ROLE_ADMIN). If the user is not authenticated the AuthenticationEntryPoint is used (i.e. entry-point-ref). If none of this helps, you might try turning on debug logging to see what is happening.
    Rob Winch - @rob_winch
    Spring Security Lead
    Pivotal
    Reply With Quote Reply With Quote
  3. Aug 10th, 2012, 03:03 AM #3
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,625

    Default

    Also make sure the filter-mapping of the security chain comes BEFORE the struts filter else it will not be called (the order in which filters are executed is the order in which the filter-mapping appears, if struts runs before spring-security it basically does nothing).
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules