-
Dec 3rd, 2009, 07:31 PM
#1
Spring security 3 issue with INTERCEPT-URL
I have been reading the documentation and example but not able to resolve some of the issues with spring security and my project
I'm using spring security 3 in my project and the following config for intercept-url
<intercept-url pattern="/secure/user/**"
access="hasRole('ROLE_USER')"/>
<intercept-url pattern="/secure/admin/**"
access="hasRole('ROLE_ADMIN')"/>
<intercept-url pattern="/secure/**"
access="isAuthenticated()" />
<intercept-url pattern="/**"
access="permitAll" />
and here is a snap of my jsp code url references
<a href="secure/admin/adduser.html"..
<a href="secure/finduser.html" ..
here are the issues I see with the configuration
1.once a user login all browser link includes a secure syntax in the link for example in the jsp even though the link is “secure/finduser.html” but the browser link display is secure/secure/finduser.html so once the link is used it goes to xx/secure/secure/finduser.html
2.once you click on any link the image, style and js links are now secure/image, secure/style and secure/js therefor they can not be found.. for example the reference to style
<link rel="stylesheet" type="text/css"
href="../style/style.css" /> but now the style reference link can only be found from xx/secure/style/style.css
3.if a user click on
<a href="secure/admin/adduser.html" then all subsequent links will include secure/admin to the link for example the link above will end up in
xx/secure/admin/secure/admin/adduser.html so therefor not found and returns http status 404 for page not found....
does any one has any idea why..
thanks again. -
-
Dec 3rd, 2009, 08:33 PM
#2
This is an application issue and not related to Spring Security.
Are you deploying your web app to the root context of your application server?
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
-
Dec 3rd, 2009, 10:48 PM
#3
Thank you for your reply and time
you are absolutely right , this issue has nothing to do with spring security but rather application configuration itself...after using a different path other then the one in spring security configuration still has the same result..
and yes I do have my web app to the root context of tomcat
but sill puzzle to why the the first part of any link <a href=”xxxx/someAction.html the xxxx would be included in the subsequent calls , I think I would for sure need to go back to basic and do more search..
thanks again for your help...
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
