tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ashish Jain <ashja...@gmail.com>
Subject Re: Spring security configuration in web.xml results in 403 error
Date Fri, 23 Jul 2010 05:04:26 GMT
any takers for this Q???

On Thu, Jul 15, 2010 at 1:38 PM, Ashish Jain <ashjain2@gmail.com> wrote:

> Hi,
>
> I have an application which uses non interactive login and hence utilizes
> NONLogin Authenticator in tomcat. Here is a snippet from web.xml.
>
> <context-param>
>         <param-name>contextConfigLocation</param-name>
>         <param-value>/WEB-INF/applicationContext-security.xml</param-value>
>     </context-param>
>
>     <filter>
>         <filter-name>springSecurityFilterChain</filter-name>
>
> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
>     </filter>
>
>     <filter-mapping>
>         <filter-name>springSecurityFilterChain</filter-name>
>         <url-pattern>/*</url-pattern>
>     </filter-mapping>
>
>     <listener>
>
> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
>     </listener>
>
> <login-config>
>        <auth-method>NONE</auth-method>
>        <realm-name>cas-authorize</realm-name>
>     </login-config>
>
> <security-constraint>
>         <web-resource-collection>
>             <web-resource-name>Protect JSPs</web-resource-name>
>             <url-pattern>*.jsp</url-pattern>
>             </web-resource-collection>
>         <auth-constraint>
>             <role-name>testUsers</role-name>
>         </auth-constraint>
>     </security-constraint>
>
>     <security-role>
>         <role-name>testUsers</role-name>
>     </security-role>
>
> however I see that container security is invoked before any spring related
> stuff. Since it is a Non interactive login Subject is not populated with any
> principals
> and hence tomcat is unable to authorize the access to resource. My Question
> is
>
> How can I revert the security mechanism so that Spring security is invoked
> before tomcat security.
>
> Thanks
> Ashish
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message