spring security in a web module

[Beta User]

Hello,

I'm trying to configure spring security to be used in a web module in s2ap. If I just configure the filterChainProxy, the application complains that there is no contextLoaderListener defined.

When I add the contextLoaderListener it tries to load the application context files, but my app context files are stored in /META-INF/spring/*.xml. OSGi already takes care of loading those files, so it shouldn't have to load it again right? Should I be using something other than org.springframework.web.context.ContextLoaderListe ner?

Are there any examples of spring-security being used in s2ap?

[Beta User]

It turns out the DelegatingFilterProxy needs to be overridden to retrieve the correct WebApplicationContext from the OSGi bundle.

[Beta User]

Hi,

actually you don't have to do override or use Delegating Filter Proxy. The only thing I had to
add to a standard SSAP web module is this field in the MANIFEST.MF:

Web-FilterMappings: filterChainProxy;url-patterns:="/*"

and after that configure all the Spring security beans as usual. No further configuration in
web.xml or any other file is necessary.

So, you were on the right track, but you must have missed a small detail somewhere that resulted in
your contextLoaderListener error. If you provide more details about that error and your configuration
(the contents of manifest, web.xml and security beans file) I think the problem should be easy to spot
and solve.

[Sam Brannen]

Hi aznboarder,

> Are there any examples of spring-security being used in s2ap?

Yes, the Spring Travel PAR sample application uses Spring Security in a Web Module within a PAR. You can download Spring Travel from the "Downloads" link on this page. Take special notice of the web module specific manifest headers in MANIFEST.MF:

Platform-ModuleType: Web
Web-ContextPath: springtravel-faces
Web-DispatcherServletUrlPatterns: /spring/*
Web-FilterMappings: springSecurityFilterChain;url-patterns:="/*"

Regards,

Sam
SpringSource