java - Why is Spring Security working in Tomcat but not when deployed to Weblogic? -


i'm not java developer, project client has required me be, maybe i'm missing glaringly obvious.

i'm using springboot , works fine when application runs in tomcat on local machine , on our testing server. however, application deployed weblogic it's if there no security @ all routes accessible. login , logout routes non-existent well.

that being said. else appears work fine, without security @ all.

i don't have access weblogic client 1 deploying code have told it's running on 12c. can fix or troubleshoot this?

here's relevant config application.java:

/**  * type authentication security.  */ @order(ordered.highest_precedence) @configuration protected static class authenticationsecurity extends globalauthenticationconfigureradapter {      /**      * users.      */     @autowired     private users users;      /**      * init void.      *      * @param auth auth      * @throws exception exception      */     @override     public void init(authenticationmanagerbuilder auth) throws exception {         auth.userdetailsservice(users).passwordencoder(new bcryptpasswordencoder());     } }  /**  * type application security.  */ @order(securityproperties.access_override_order) protected static class applicationsecurity extends websecurityconfigureradapter {      /**      * configure void.      *      * @param http http      * @throws exception exception      */     @override     protected void configure(httpsecurity http) throws exception {         // @formatter:off         http.authorizerequests()                 .antmatchers("/vendor/*","/public/**/*","/partners/*","/events/*", "/login").permitall()                 .anyrequest().fullyauthenticated().and().formlogin().loginpage("/login")                 .and().logout()                 .logoutrequestmatcher(new antpathrequestmatcher("/logout")).and()                 .exceptionhandling().accessdeniedpage("/access?error");         // @formatter:on     }  }

thanks in advance.

it sounds though running sec-2465. in short, there bug in weblogic related adding filter instances. above jira:

oracle acknowledged bug: 17382048, fixed patch 16769849. reported being fixed in wls 12.1.3

the client should update weblogic server fix. alternatively, can create own version of abstractsecuritywebapplicationinitializer registers springsecurityfilterchain class method:

servletcontext.addfilter(string filtername, java.lang.class<? extends filter> filterclass)

your subclass of abstractsecuritywebapplicationinitializer extend custom class instead.

update

based on updated information, still contend issue related weblogic bug mentioned above. when using springbootservletinitializer, filters added filterregistrationbean instance rather class.

the easiest option update weblogic since should work is.

to workaround issue, can disable registration of spring security , other filters. can creating filterregistrationbean following:

@bean public filterregistrationbean springsecurityfilterchainregistrationbean(@qualifier("springsecurityfilterchain") filter filter) {     filterregistrationbean bean = new filterregistrationbean();     bean.setfilter(filter);     bean.setenabled(false);     return bean; }

then need ensure filter registered using

servletcontext.addfilter(string filtername, java.lang.class<? extends filter> filterclass)

spring security can registered above mechanism implementing webapplicationinitializer. example, can create following class:

package demo;  import java.util.enumset;  import javax.servlet.filterregistration.dynamic; import javax.servlet.*;  import org.springframework.web.webapplicationinitializer; import org.springframework.web.filter.delegatingfilterproxy;  public class securityinitializer implements webapplicationinitializer {      @override     public void onstartup(servletcontext context) throws servletexception {         dynamic registration =                 context.addfilter("springsecurityfilterchain", delegatingfilterproxy.class);         enumset<dispatchertype> dispatchertypes =                 enumset.of(dispatchertype.request, dispatchertype.error, dispatchertype.async);         registration.addmappingforurlpatterns(dispatchertypes, true, "/*");     } }

delegatingfilterproxy bean of name "springsecurityfilterchain" , delegate every time dofilter invoked.


Comments

Post a Comment

Popular posts from this blog

javascript - AngularJS custom datepicker directive -

i make custom datepicker directive custom template. but have no idea how start building it... how include date data directive? i appreciate guide or give me advice work on more precisely. it might you! follow below steps html code sample: <label>birth date</label> <input type="text" ng-model="birthdate" date-options="dateoptions" custom-datepicker/> <hr/> <pre>birthdate = {{birthdate}}</pre> <script type="text/ng-template" id="custom-datepicker.html"> <div class="enhanced-datepicker"> <div class="proxied-field-wrap"> <input type="text" ui-date-format="yy-mm-dd" ng-model="ngmodel" ui-date="dateoptions"/> </div> <label> <button class="btn" type="button"><i class="icon-calendar"></i>
Read more

javascript - jQuery date picker - Disable dates after the selection from the first date picker -

<!doctype html> <html lang="en"> <head> <meta charset="utf-8"> <title>jquery ui datepicker - default functionality</title> <link rel="stylesheet" href="//code.jquery.com/ui/1.11.4/themes/smoothness/jquery-ui.css"> <script src="//code.jquery.com/jquery-1.10.2.js"></script> <script src="//code.jquery.com/ui/1.11.4/jquery-ui.js"></script> <link rel="stylesheet" href="/resources/demos/style.css"> <script> $(function () { $("#datepicker1").datepicker(); }); </script> <script> $(function () { $("#datepicker2").datepicker(); }); </script> </head> <body> <p>date 1: <input type="text" id="datepicker1"></p> <p>date 2: <input type="t
Read more