Jun 28th, 2010, 07:53 AM
Authentication in apache2.2 (mod_jk) frontend triggers spring security
I deploy my spring security enabled application on glassfish v3 and it works as expected. When I enable any kind of security in apache frontend (i use ldap and mod_jk to redirect request to glassfish server) - the apache authentication works ok, but it enables security in the Spring application on glassfish as well, which i do not want. I am just using login in apache frontend to disable global access and to allow access to our testserver for our programming team outside our network.
First when i enter url for the server I get the expected "A username and password are being requested by http://our.test.server. The site says: "Authenticate against company active directory" I authenticate and I get a new message that say:
A username and password are being requested by http://our.test.server. The site says: "Spring Security Application". If I press cancel I get the error message:
"HTTP Status 401 - UserDetailsService returned null, which is an interface contract violation"
type: Status report
message: UserDetailsService returned null, which is an interface contract violation
description: This request requires HTTP authentication (UserDetailsService returned null, which is an interface contract violation).
It seems to me that enabling authentication in apache frontend triggers some kind of security in backend spring application, I am not interested in setting up ldap security in the spring application since the application handles security by itself.
I have some sporadic error messages in glassfish log, but not every time i attempt login, so I am not sure if it is related:
<dependency_failed type='unique_concrete_method' x='java/lang/SecurityManager checkPermission (Ljava/security/PermissionV' witness='org/glassfish/appclient/server/core/jws/servedcontent/ASJarSigner$NoExitSecurityManager' stamp='243.915'/>
I have tested authentication with a spring application that does not use spring security, and then it works as it should, I only get the first prompt to authenticate against ldap and then get access to the spring application.
Anyone have insights on how to disable the spring application security popup, or configure it to accept authentication cookie in browser?
Tags for this Thread