session - Spring Security - Cannot access my welcome webpage while I'm already logged -
i have website uses spring security. have realized when logged in application , tried access website again without closing session 404 error. mean if application has context name "myapp" can acess localhost:8080/myapp when not logged in, when logged in , entered url error. doesn't happen example if enter localhost:8080/myapp/control/login displays login form correctly.
here spring -security configuration:
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemalocation=" http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <sec:http auto-config="true" access-denied-page="/control/login/error"> <sec:intercept-url pattern="/resources/**" filters="none"/> <sec:intercept-url pattern="/favicon.ico" filters="none"/> <sec:intercept-url pattern="/control/login/error" filters="none"/> <sec:intercept-url pattern="/control/login" filters="none"/> <sec:intercept-url pattern="/control/logout" filters="none"/> <sec:intercept-url pattern="/control/newuser" filters="none"/> <sec:intercept-url pattern="/control/inviteduser" filters="none"/> <sec:intercept-url pattern="/control/error" filters="none"/> <sec:intercept-url pattern="/**" access="role_anonim,role_guest,role_basic,role_admin,role_premium" /> <sec:form-login login-page='/control/login' default-target-url='/control/index' always-use-default-target='true' /> <sec:logout logout-success-url="/control/logout"/> <sec:session-management> <sec:concurrency-control expired-url="/control/login/error" /> </sec:session-management>
in web.xml have index.jsp welcome file
<welcome-file-list> <welcome-file>/index.jsp</welcome-file> </welcome-file-list> i added log when try access welcome page , shows 404 error:
18:36:26,309 debug [jpa.support.openentitymanagerinviewfilter] using entitymanagerfactory 'entitymanagerfactory' openentitymanagerinviewfilter 18:36:26,309 debug [factory.support.defaultlistablebeanfactory] returning cached instance of singleton bean 'entitymanagerfactory' 18:36:26,309 debug [jpa.support.openentitymanagerinviewfilter] opening jpa entitymanager in openentitymanagerinviewfilter 18:36:26,309 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,309 debug [security.web.filterchainproxy] candidate is: '/'; pattern /resources/**; matched=false 18:36:26,309 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,309 debug [security.web.filterchainproxy] candidate is: '/'; pattern /favicon.ico; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /control/login/error; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /control/login; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /control/logout; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /control/newuser; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /control/inviteduser; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /control/error; matched=false 18:36:26,310 debug [security.web.filterchainproxy] converted url lowercase, from: '/'; to: '/' 18:36:26,310 debug [security.web.filterchainproxy] candidate is: '/'; pattern /**; matched=true 18:36:26,310 debug [security.web.filterchainproxy] / @ position 1 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.session.concurrentsessionfilter@172cbae' 18:36:26,310 debug [security.web.filterchainproxy] / @ position 2 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.context.securitycontextpersistencefilter@a89e44' 18:36:26,311 debug [web.context.httpsessionsecuritycontextrepository] obtained valid securitycontext spring_security_context: 'org.springframework.security.core.context.securitycontextimpl@1e4fb61: authentication: org.springframework.security.authentication.usernamepasswordauthenticationtoken@1e4fb61: principal: es.mycomp.myapp.model.usuario@a3c69a; password: [protected]; authenticated: true; details: org.springframework.security.web.authentication.webauthenticationdetails@fffc7f0c: remoteipaddress: 0:0:0:0:0:0:0:1; sessionid: cbdba57f561c0d3c2ac576182d449f00; granted authorities: es.mycomp.myapp.model.role@1450701' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 3 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.authentication.logout.logoutfilter@17dfcf1' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 4 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.authentication.usernamepasswordauthenticationfilter@697087' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 5 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.authentication.www.basicauthenticationfilter@5acf13' 18:36:26,311 debug [authentication.www.basicauthenticationfilter] authorization header: null 18:36:26,311 debug [security.web.filterchainproxy] / @ position 6 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.savedrequest.requestcacheawarefilter@1d1282d' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 7 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.servletapi.securitycontextholderawarerequestfilter@a4b9da' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 8 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.authentication.anonymousauthenticationfilter@130f268' 18:36:26,311 debug [web.authentication.anonymousauthenticationfilter] securitycontextholder not populated anonymous token, contained: 'org.springframework.security.authentication.usernamepasswordauthenticationtoken@1e4fb61: principal: es.mycomp.myapp.model.usuario@a3c69a; password: [protected]; authenticated: true; details: org.springframework.security.web.authentication.webauthenticationdetails@fffc7f0c: remoteipaddress: 0:0:0:0:0:0:0:1; sessionid: cbdba57f561c0d3c2ac576182d449f00; granted authorities: es.mycomp.myapp.model.role@1450701' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 9 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.session.sessionmanagementfilter@95772a' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 10 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.access.exceptiontranslationfilter@c26acd' 18:36:26,311 debug [security.web.filterchainproxy] / @ position 11 of 11 in additional filter chain; firing filter: 'org.springframework.security.web.access.intercept.filtersecurityinterceptor@1f1bf46' 18:36:26,311 debug [access.intercept.defaultfilterinvocationsecuritymetadatasource] converted url lowercase, from: '/'; to: '/' 18:36:26,312 debug [access.intercept.defaultfilterinvocationsecuritymetadatasource] candidate is: '/'; pattern /**; matched=true 18:36:26,312 debug [access.intercept.filtersecurityinterceptor] secure object: filterinvocation: url: /; attributes: [role_anonim, role_guest, role_basic, role_admin, role_premium] 18:36:26,312 debug [access.intercept.filtersecurityinterceptor] authenticated: org.springframework.security.authentication.usernamepasswordauthenticationtoken@1e4fb61: principal: es.mycomp.myapp.model.usuario@a3c69a; password: [protected]; authenticated: true; details: org.springframework.security.web.authentication.webauthenticationdetails@fffc7f0c: remoteipaddress: 0:0:0:0:0:0:0:1; sessionid: cbdba57f561c0d3c2ac576182d449f00; granted authorities: es.mycomp.myapp.model.role@1450701 18:36:26,312 debug [access.vote.affirmativebased] voter: org.springframework.security.access.vote.rolevoter@1b24628, returned: 1 18:36:26,312 debug [access.intercept.filtersecurityinterceptor] authorization successful 18:36:26,312 debug [access.intercept.filtersecurityinterceptor] runasmanager did not change authentication object 18:36:26,312 debug [security.web.filterchainproxy] / reached end of additional filter chain; proceeding original chain 18:36:26,312 debug [web.access.exceptiontranslationfilter] chain processed 18:36:26,312 debug [web.context.securitycontextpersistencefilter] securitycontextholder cleared, request processing completed 18:36:26,312 debug [jpa.support.openentitymanagerinviewfilter] closing jpa entitymanager in openentitymanagerinviewfilter 18:36:26,312 debug [orm.jpa.entitymanagerfactoryutils] closing jpa entitymanager edit: happens when logged. may problem session?
thanks in advance.
edit: have spring 3.0.0 rc3 , spring security 3.0.0 rc1 still happens, idea?
mmmm, url work http://localhost:8080/myapp/control/index or shows 404 too? it's 1 in default-target-url property.
and without / ?
<welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list>
Comments
Post a Comment