You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by Alberto Flores <af...@umd.edu> on 2008/10/28 13:31:36 UTC
Re: any resolution on your struts2 Spring Security issue in June?
Jon,
May I suggest that you try a simple app (Shouldn't take you more than 5
minutes to setup in Eclipse using WTP) where you examine how filters
behave. This is how I caught my problem. I basically created a simple
app (two jsp pages, one posting to the other one using a form) with
three filters so as to ensure that my filters were propagated properly.
Each filter had a breakpoint (you can log debug messages if you
prefer) to see the order of the the doFilter() method. Particularly
important is to understand how the chain is executed (hopefully you
understand J2EE Filters a bit to know about how filters are chained
together). Then start changing the order of the "filter" name (shouldn't
change the order of the filter). Now change the order of the
"filter-mapping" and you should see a change in the order.
I'm using Tomcat 5.5.17, with web.xml:
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter>
<filter-name>dispatcherFilter</filter-name>
<filter-class>myPackage.Struts2FilterDispatcher</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>dispatcherFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Notice the order of the filter and the filter mapping. I've noticed some
containers define the "ordering" by the "filter" definitions and others
by the "filter-mapping" definition. This IS where I found my problem
(hence the simple app should help you see how your filters behave on a
post request). Further more, ordering may be altered if you are
filtering a servlet or a url (as is the case of weblogic). Refer to the
documentation of your container for more information.
If you are using OSIV filter, I found out that you have to ensure that
such filter is the first one in the chain.
Hopefully this will help!
Alberto
Madison, Jon wrote:
> Thanks greatly for your help! I've tried various methods of placing the
> filters, but still haven't been able to figure out the proper order. Did
> you find a reference on this, or made a best guess? If you happen to
> have an example, i'd appreciate it (and make sure to update that thread
> for other lost souls :)
>
> Again, thanks greatly for your response; i feel hopeful again about the
> matter!
>
> j.
>
> ------------------------------------------------------------------------
> *From:* Alberto A. Flores [mailto:aaflores@gmail.com]
> *Sent:* Monday, October 27, 2008 4:51 PM
> *To:* Madison, Jon
> *Subject:* Re: any resolution on your struts2 Spring Security issue in June?
>
> Well, I was able to successfully use Spring Security with my Struts 2
> app using tiles. The relevant part is to use filters in the proper
> order. I was getting confused by the order of the filters in web.xml
> which later proved to fix the problem. Additionally, you may want to
> consider using Struts2 Interceptors along with Spring Security which
> seems to work well. I've found Spring Security to be very flexible for
> our needs. Hopefully this helps.... send me a note if you need more help
>
> On Mon, Oct 27, 2008 at 5:11 PM, Madison, Jon <Jon.Madison@nordstrom.com
> <ma...@nordstrom.com>> wrote:
>
> _http://www.mail-archive.com/user@struts.apache.org/msg77738.html_
>
> we're at a critical juncture trying to determine whether or not
> we'll use Spring Security; i'm running into the same issue, and was
> hoping it was just a matter of switching the order in which the
> filters run (i.e. the DelegatingFilterProxy before the struts 2
> filter), but so far, no luck.
>
> any help is appreciated.
>
> j.
>
>
>
>
> --
> Alberto
> http://www.linkedin.com/in/aflores
--
--
Alberto
http://www.linkedin.com/in/aflores