Spring security on traditionnal servlet

[nchalon]

Hi all, I am quite new to all this spring security thing and i am struggling with a problem for three days now. I have a simple servlet implementing tomcat CometProcessor and i want to secure the access to it using spring security, but with no luck. If looking to the here under configuration files something pops to your mind please drop me a line i am completely stuck .

applicationContext-security.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="XXXXX"
    xmlns:beans="XXXXX"
    xmlns:xsi="XXXXX"
    xsi:schemaLocation="XXXXXXX">
 
        <authentication-provider user-service-ref="wsAuthentificationService"/>
        <http auto-config="true">
            <intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN"/>
        </http>
</beans:beans>

web.xml

Code:

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="XXXXX" xmlns:xsi="XXXXX" xsi:schemaLocation="XXXXX">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/applicationContext-security.xml
        </param-value>
    </context-param>
    <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <!-- hibernate settings -->
    <filter>
        <filter-name>hibernateFilter</filter-name>
        <filter-class>
            org.springframework.orm.hibernate3.support.OpenSessionInViewFilter
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>hibernateFilter</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping>
    <!-- spring security settings -->
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
        </filter-mapping>
    <!-- message sender setting -->
    <servlet>
        <servlet-name>CMan</servlet-name>
        <servlet-class>xxx.servlets.CMan</servlet-class>
    </servlet>
    <servlet-mapping>
        <servlet-name>CMan</servlet-name>
        <url-pattern>/cman</url-pattern>
    </servlet-mapping>
    <session-config>
        <session-timeout>
            30
        </session-timeout>
    </session-config>
    <welcome-file-list>
        <welcome-file>index.jsp</welcome-file>
    </welcome-file-list>
    </web-app>

One thing to say is that the configuration is working like a charm in another project based on jax-ws webservices.

Tell me if you need any other information to be able to help me.

Nicolas

[nchalon]

Ok guys, forget about it, re-reading for 20th time tomcat documentation I saw something that i didn't noticed on the 19 other times

Similar to regular filters, a filter chain is invoked when comet events are processed. These filters should implement the CometFilter interface (which works in the same way as the regular Filter interface), and should be declared and mapped in the deployment descriptor in the same way as a regular filter. The filter chain when processing an event will only include filters which match all the usual mapping rules, and also implement the CometFiler interface.

So my question is now how to wrap org.springframework.web.filter.DelegatingFilterPro xy inside a CometFilter but i am sure that the spring security documentation will help me on that .