Dec 3rd, 2009, 07:31 PM
Spring security 3 issue with INTERCEPT-URL
I have been reading the documentation and example but not able to resolve some of the issues with spring security and my project
I'm using spring security 3 in my project and the following config for intercept-url
and here is a snap of my jsp code url references
<a href="secure/finduser.html" ..
here are the issues I see with the configuration
1.once a user login all browser link includes a secure syntax in the link for example in the jsp even though the link is “secure/finduser.html” but the browser link display is secure/secure/finduser.html so once the link is used it goes to xx/secure/secure/finduser.html
2.once you click on any link the image, style and js links are now secure/image, secure/style and secure/js therefor they can not be found.. for example the reference to style
<link rel="stylesheet" type="text/css"
href="../style/style.css" /> but now the style reference link can only be found from xx/secure/style/style.css
3.if a user click on
<a href="secure/admin/adduser.html" then all subsequent links will include secure/admin to the link for example the link above will end up in
xx/secure/admin/secure/admin/adduser.html so therefor not found and returns http status 404 for page not found....
does any one has any idea why..
thanks again. -
Dec 3rd, 2009, 08:33 PM
This is an application issue and not related to Spring Security.
Are you deploying your web app to the root context of your application server?
Peter Mularien | Blog
Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
SCJP 5, Oracle DBA
Any postings are my own opinion, and should not be attributed to my employer or clients.
Dec 3rd, 2009, 10:48 PM
Thank you for your reply and time
you are absolutely right , this issue has nothing to do with spring security but rather application configuration itself...after using a different path other then the one in spring security configuration still has the same result..
and yes I do have my web app to the root context of tomcat
but sill puzzle to why the the first part of any link <a href=”xxxx/someAction.html the xxxx would be included in the subsequent calls , I think I would for sure need to go back to basic and do more search..
thanks again for your help...