Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

GPSPRINGSECURITYCORE-30: InterceptUrlMapFilterInvocationDefinition and a minor difference in request URLs - Tomcat vs. Weblogic #193

Open
graemerocher opened this issue Mar 16, 2011 · 0 comments
Open

GPSPRINGSECURITYCORE-30: InterceptUrlMapFilterInvocationDefinition and a minor difference in request URLs - Tomcat vs. Weblogic #193

graemerocher opened this issue Mar 16, 2011 · 0 comments
Assignees
@burtbeckwith
Labels
type: bug type: minor

Comments

@graemerocher
Copy link
Member

Original Reporter: daniel_henrique
Environment: Not Specified
Version: Not Specified
Migrated From: http://jira.grails.org/browse/GPSPRINGSECURITYCORE-30

When requesting http(s)://host/mywebapp/, InterceptUrlMapFilterInvocationDefinition.determineUrl() produce different results for Tomcat and Weblogic. This behavior can be observed using a custom InterceptUrlMapFilterInvocationDefinition:

@Override
protected String determineUrl(final FilterInvocation filterInvocation) {
   HttpServletRequest request = filterInvocation.getHttpRequest();
   String requestUrl = request.getRequestURI().substring(request.getContextPath().length());
   String targetUrl = lowercaseAndStripQuerystring(requestUrl);

   String targetUrl2 = request.getServletPath();
   if (getUrlMatcher().requiresLowerCaseUrl()) {
      targetUrl2 = targetUrl2.toLowerCase();
   }

   if (log.isDebugEnabled()) {
      log.debug("targetUrl = " + targetUrl);
      log.debug("targetUrl2 = " + targetUrl2);
   }

   return targetUrl2;
}

targetUrl will be '/' under Tomcat
targetUrl will be '/index.jsp' under Weblogic

But targetUrl2 will be '/index.jsp' under both.

Another observation, related to the original poster issue is: Despite Ant pattern set usage (http://ant.apache.org/manual/Types/patternset.html), all patterns used in interceptUrlMap should start with '/', even for extension mapping. '/*.jsp' won't work, but '//*.jsp' will do.

http://grails.1312388.n4.nabble.com/Spring-security-core-Weblogic-vs-Tomcat-td3357411.html

The logs generated by the test application:

== Tomcat ==

2011-03-16 10:20:21,544 [http-8080-1] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /
2011-03-16 10:20:21,544 [http-8080-1] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /index.jsp
2011-03-16 10:20:21,559 [http-8080-1] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_admin]

2011-03-16 10:20:21,591 [http-8080-1] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /login/auth
2011-03-16 10:20:21,591 [http-8080-1] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /login/auth
2011-03-16 10:20:21,591 [http-8080-1] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /login/auth; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]

2011-03-16 10:56:01,550 [http-8080-1] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /css/main.css
2011-03-16 10:56:01,550 [http-8080-1] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /css/main.css
2011-03-16 10:56:01,550 [http-8080-1] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /css/main.css?a=x&b=y; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]

== Weblogic ==

2011-03-16 10:30:59,190 19282 DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /index.jsp
2011-03-16 10:30:59,190 [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /index.jsp
2011-03-16 10:30:59,190 19282 DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /index.jsp
2011-03-16 10:30:59,190 [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /index.jsp
2011-03-16 10:30:59,221 19313 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_admin]
2011-03-16 10:30:59,221 [[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /index.jsp; Attributes: [ROLE_admin]

2011-03-16 10:30:59,346 19438 DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /login/auth
2011-03-16 10:30:59,346 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /login/auth
2011-03-16 10:30:59,346 19438 DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /login/auth
2011-03-16 10:30:59,346 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /login/auth
2011-03-16 10:30:59,346 19438 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /login/auth; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2011-03-16 10:30:59,346 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /login/auth; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]

2011-03-16 10:56:14,472 1534564 DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /css/main.css
2011-03-16 10:56:14,472 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl = /css/main.css
2011-03-16 10:56:14,472 1534564 DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /css/main.css
2011-03-16 10:56:14,472 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG myapp.InterceptUrlMapFilterInvocationDefinition  - targetUrl2 = /css/main.css
2011-03-16 10:56:14,472 1534564 DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /css/main.css?a=x&b=y; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
2011-03-16 10:56:14,472 [[ACTIVE] ExecuteThread: '2' for queue: 'weblogic.kernel.Default (self-tuning)'] DEBUG intercept.FilterSecurityInterceptor  - Secure object: FilterInvocation: URL: /css/main.css?a=x&b=y; Attributes: [IS_AUTHENTICATED_ANONYMOUSLY]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@burtbeckwith burtbeckwith

Labels
type: bug type: minor
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@graemerocher @burtbeckwith