OCP and Spring Security

Splash Forums Rewrite Users OCP and Spring Security

This topic contains 1 reply, has 2 voices, and was last updated by  Christian Kaltepoth 6 months, 3 weeks ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #27315

    favalos
    Participant

    Hi all,

    I was trying to get this working for the last couple of days and no luck.

    I have this configuration in my Spring web initializer for Security:

    @Override
    protected Filter[] getServletFilters() {
    CharacterEncodingFilter characterEncodingFilter = new CharacterEncodingFilter();
    characterEncodingFilter.setEncoding(“UTF-8”);
    characterEncodingFilter.setForceEncoding(true);

    DelegatingFilterProxy securityFilterChain = new DelegatingFilterProxy(“springSecurityFilterChain”);

    return new Filter[] { characterEncodingFilter, securityFilterChain};
    }

    And I created my configuration Configuration provider. What I need is my Rewrite to run before the security. But when I start my tomcat I can see this in the log:

    2016-01-18 20:00:25.104 [localhost-startStop-1] WARN com.datastax.driver.core.Cluster – You listed localhost/0:0:0:0:0:0:0:1:9042 in your contact points, but it wasn’t found in the control host’s system.peers at startup
    [INFO] Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1a58697d, org.springframework.security.web.context.SecurityContextPersistenceFilter@46eec514, org.springframework.security.web.header.HeaderWriterFilter@be87252, org.springframework.security.web.csrf.CsrfFilter@be808e2, org.springframework.security.web.authentication.logout.LogoutFilter@2056b7f, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@541dafb9, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@677aa051, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@5415caf5, org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter@62e9ec41, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@22759b0e, org.springframework.security.web.session.SessionManagementFilter@11d72f97, org.springframework.security.web.access.ExceptionTranslationFilter@5631be61, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6b42c5e6]
    [INFO] Root WebApplicationContext: initialization completed in 2023 ms
    Jan 18, 2016 8:00:25 PM org.ocpsoft.rewrite.servlet.RewriteFilter
    INFO: RewriteFilter starting up…

    I can see the filter for security is configured before the Rewrite, how can I change that?

    Somebody have any clue for me please?

    Thanks in advance,

    Fernando Avalos.

    #27316

    I don’t know much about this Spring configuration stuff, but Rewrite ships with a web-fragment.xml file, which automatically adds the filter to the filter chains.

    In a standard Servlet environment you could use in web.xml to define the filter ordering.

    In the Spring world, you may just have to add the RewriteFilter in getServletFilters()? But please note that Rewrite als uses some listeners. See the web-fragment.xml for details.

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Comments are closed.