Dec 7th, 2010, 05:54 PM
problem rendering login.html on WAS 188.8.131.52
I am using spring mvc 2.5.6 and spring security 2.0.6 in our application. On my local WAS 184.108.40.206, application is working fine. When i deploy on test server which is WAS 220.127.116.11, my custom login page throws following error
Error Message:JSPG0036E: Failed to find resource /login.html
Root Cause:java.io.FileNotFoundException: JSPG0036E: Failed to find resource /login.html at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensio nProcessor.findWrapper(AbstractJSPExtensionProcess or.java:329) at com.ibm.ws.jsp.webcontainerext.AbstractJSPExtensio nProcessor.handleRequest(AbstractJSPExtensionProce ssor.java:291) at com.ibm.ws.webcontainer.webapp.WebAppRequestDispat cher.forward(WebAppRequestDispatcher.java:321) at org.springframework.web.servlet.view.InternalResou rceView.renderMergedOutputModel(InternalResourceVi ew.java:236) at org.springframework.web.servlet.view.AbstractView. render(AbstractView.java:257) at org.springframework.web.servlet.DispatcherServlet. render(DispatcherServlet.java:1183) at org.springframework.web.servlet.DispatcherServlet. doDispatch(DispatcherServlet.java:902) at org.springframework.web.servlet.DispatcherServlet. doService(DispatcherServlet.java:807) at org.springframework.web.servlet.FrameworkServlet.p rocessRequest(FrameworkServlet.java:571) at org.springframework.web.servlet.FrameworkServlet.d oGet(FrameworkServlet.java:501)
This page don't throw error in case spring security is not used.
Please find below my configuration
Spring security context xml
<http access-denied-page="/authorization_failure.html" access-decision-manager-ref="accessDecisionManager">
<intercept-url pattern="/css/**" filters="none"/>
<intercept-url pattern="/js/**" filters="none"/>
<intercept-url pattern="/images/**" filters="none"/>
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/login.html" filters="none"/>
<form-login login-page="/login.html" authentication-failure-url="/login.html?login_error=true" default-target-url="/landing_page.html" />
Spring mvc servlet xml
<bean name="/login.html" class="com.tnt.cna.controller.LoginController" >
Dec 8th, 2010, 09:51 AM
When you changed WAS versions did anything else change? In particular did you change your Spring Security version? You may be running into this issue. You can test by TEMPORARILY reverting back to Spring Security 2.0.5. Make sure you do not use 2.0.5 in production as there is a vulnerability in it.
Dec 9th, 2010, 09:05 AM
Thanks R. Winch for quick reply.
No we have not changed anything while moving to test WAS server. Everything is same. Sure i will try with spring 2.0.5, but as you mentioned it is not recommended version for production, please let us know the version which we can use along with spring 2.5.6.
Dec 9th, 2010, 09:57 AM
Another couple things: Do you see any errors at start up? Does the error occur if you disable Spring Security? If the error goes away when removing Spring Security, re-enable it and then can you enable logging for Spring Security and post the logs?
Dec 10th, 2010, 06:32 AM
Rob, I have changed spring security version to 2.0.5 and it worked. I believe problem mentioned by you is creating problem. I will try to implement workaround suggested by Luke against that defect. Please confirm if there is any venerability issue with version 2.0.6.
Thanks for your great suggestion !!
Dec 10th, 2010, 08:42 AM
I'm curious why it worked on the previous version of WAS. The version 2.0.6 does not have the vulnerability I referenced. You will also want to see the linked related issue in the event you are performing a forward w/in the FilterChain and getting a 404.
Originally Posted by amit.agar