How can I point Spring MVC to our database for security? - spring-mvc

I'm new to Spring. I just recently got an example working with annotations and basic security. Right now, we have to define our users in the security-app-context.xml file. What we want to do is connect to our existing database and use the users there.
Our user passwords are stored as such (MD5):
username salt password
moe blah bb3e4e328a64e9745a98728468aacbb0
The user is moe and the password is howard so we use: md5(moehowardblah) or md5(Username + Password + Salt)
Here is our web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!--
- Location of the XML file that defines the root application context
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-business.xml
/WEB-INF/security-app-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
Our security-app-context.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http use-expressions="true">
<intercept-url pattern="/assets/**" access="isAuthenticated()" />
<intercept-url pattern="/**" access="permitAll" />
<form-login />
<logout />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="rod" password="koala" authorities="supervisor, teller, user" />
<user name="dianne" password="emu" authorities="teller, user" />
<user name="scott" password="wombat" authorities="user" />
<user name="peter" password="opal" authorities="user" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Also, the example I have is using the built-in form for the user/pass which is fine for now but I will need to know how to use our own custom login. But I can save that for another question.
Thanks.


All you need - is to create your own userDetailsService implementation. As you already have existing database, I assume, you have some kind of service or DAO with takes data from DB.
Extend this service from UserDetailsService interface and override the only method:
UserDetails loadUserByUsername(String username) throws UsernameNotFoundException;
This assuming that your User object also implement the UserDetails interface.
Aftre this you only need to point spring use your service:
<authentication-manager>
<authentication-provider user-service-ref="yourUserService" />
</authentication-manager>
Where is "yourUserService" — іs a reference to your userDetailsService implementation bean.

Related

302 Moved Temporary on Weblogic but working good on Tomcat for Spring Security

I am able to deploy the application from Tomcat to Weblogic 10.3.6, but when I am trying to login it is coming back to the same login page with no errors in the log. But when I checked request status code, it is saying "302 Moved Temporary".
And it is working good in Tomcat.
Spring Security XML
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http pattern="/login" security="none"/>
<http pattern="/jquery/**" security="none"/>
<http pattern="/bootstrap/**" security="none"/>
<http pattern="/icons/**" security="none"/>
<http pattern="/images/**" security="none"/>
<http pattern="/css/**" security="none"/>
<http auto-config="true">
<intercept-url pattern="/**" access="ROLE_A" />
<form-login
login-page="/login"
login-processing-url="/j_spring_security_check.action"
default-target-url="/abc"
authentication-failure-url="/login?error"
always-use-default-target="true"
username-parameter="j_username"
password-parameter="j_password" />
</http>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService" ref="userAuthenticationService"/>
</beans:bean>
<beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager">
<beans:property name="providers">
<beans:list>
<beans:ref bean="daoAuthenticationProvider" />
</beans:list>
</beans:property>
</beans:bean>
<authentication-manager erase-credentials="false">
<authentication-provider user-service-ref="userAuthenticationService">
<password-encoder hash="plaintext"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>ABC Markup</display-name>
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<session-config>
<session-timeout>20</session-timeout>
</session-config>
</web-app>
Please help me to resolve this

Spring security redirect to 404 page issue

I try to apply spring security on my webapp to request the user to create or login to an account before using the app. However, the page can not display the login or register page but 404 page. I have been trying to look around but still could not find the root of the problem. Can someone help to detect the problem please.
This is my web.xml
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring-servlet.xml,
classpath:spring-security.xml
</param-value>
</context-param>
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<!-- Ensure one session per request
-->
<filter>
<filter-name>hibernateFilter</filter-name>
<filter-class>org.springframework.orm.hibernate4.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>hibernateFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
<!--
<filter>
<filter-name>encoding-filter</filter-name>
<filter-class>
org.springframework.web.filter.CharacterEncodingFilter
</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>encoding-filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
-->
<!--
Enables Spring Security
-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
Direct Servlet Dispatcher beans
-->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class> org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<!-- Restrict dispatcher views -->
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Handle NotFound Error Page -->
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/views/errors/404.jsp</location>
</error-page>
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
And this is my spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll"/>
<intercept-url pattern="/logout" access="permitAll"/>
<intercept-url pattern="/register" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<form-login login-page="/login"
authentication-failure-url="/login?error"
default-target-url="/dashboard"
username-parameter="email"
password-parameter="password"/>
<access-denied-handler error-page="/login?error"/>
<logout invalidate-session="true"
logout-success-url="/login"
logout-url="/j_spring_security_logout"
delete-cookies="JSESSIONID"/>
<session-management invalid-session-url="/login">
<concurrency-control max-sessions="1" expired-url="/login"/>
</session-management>
<!--
<remember-me token-validity-seconds="1209600"
remember-me-parameter="remember-me"/>
-->
</http>
<authentication-manager>
<authentication-provider user-service-ref="loginManager" >
<password-encoder hash="bcrypt" />
</authentication-provider>
</authentication-manager>
</beans:beans>
And this is my spring-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/cache http://www.springframework.org/schema/cache/spring-cache-4.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd
http://www.springframework.org/schema/cache http://www.springframework.org.schema/cache/spring-cache.xsd">
<context:component-scan base-package="com.isad" />
<mvc:annotation-driven />
<mvc:default-servlet-handler/>
<!--
<mvc:resources mapping="/resources/**" location="/WEB-INF/" cache-period="31556926"/>
-->
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
<mvc:resources mapping="/resources/**" location="/resources/" />
<!--
Initialize base viewers
-->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/jsp/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<!--
Enable Data Transaction to Database.
-->
<bean id="sessionFactory" scope="singleton"
class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="configLocation" value="classpath:hibernate.cfg.xml"></property>
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean id ="transactionManager" class = "org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name = "sessionFactory" ref = "sessionFactory"/>
</bean>
</beans>
The login and register page would display normally if I don't want to apply spring-security. Any hints please.
This is my login and register controller:
#Controller
public class RegisterController {
#Autowired private RegisterService regManager;
#RequestMapping(value="/register", method=RequestMethod.GET)
public String showRegisterPage() {
return "register";
}
#RequestMapping(value="/register", method=RequestMethod.POST)
public String registerForm(#RequestParam(value="email") final String email,
#RequestParam(value="password") final String password) {
regManager.registerAccount(email, password);
return "redirect:/dashboard";
}
}
#Controller
public class LoginController {
#RequestMapping(value="/login", method=RequestMethod.GET)
public String showLoginForm() {
return "login";
}
}

Security annotations not working

My #PreAuthorize annotation is not working. From what I can see I'm doing it correctly. Note, this is update to a post I deleted because I realized I should copy in the whole xml files instead of snippets.
Here is my security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http use-expressions="true">
<intercept-url pattern='/*' access='permitAll' />
<form-login login-page="/contacts" authentication-failure-url="/security/loginfail" default-target-url="/contacts" />
<logout logout-success-url="/contacts"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
Here is the web.xml with the security configuration at the top:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns /javaee/web-app_3_0.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Spring Security Configuration -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring MVC filters -->
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<filter-class>org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>Spring OpenEntityManagerInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
<multipart-config>
<max-file-size>5000000</max-file-size>
</multipart-config>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
</web-app>
Here is the root-context.xml which is part of the context-param in web.xml. Note the root-context.xml imports the security-context.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<import resource="classpath:datasource-tx-jpa.xml" />
<import resource="security-context.xml"/>
<context:component-scan base-package="com.apress.prospring3.ch17.service.jpa" />
Servlet-context which includes the global-security-context and is after the component-scan:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
<!-- Enables the Spring MVC #Controller programming model -->
<annotation-driven validator="validator" />
<resources location="/, classpath:/META-INF/web-resources/" mapping="/resources/**"/>
<default-servlet-handler/>
<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory
<resources mapping="/resources/**" location="/resources/" />
-->
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory
<beans:bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<beans:property name="prefix" value="/WEB-INF/views/" />
<beans:property name="suffix" value=".jspx" />
</beans:bean>
-->
<!-- <context:component-scan base-package="com.apress.prospring3" /> -->
<context:component-scan base-package="com.apress.prospring3.ch17.web.controller" />
<!-- Enable controller method level security -->
<security:global-method-security pre-post-annotations="enabled"/>
<interceptors>
<beans:bean class="org.springframework.web.servlet.theme.ThemeChangeInterceptor"/>
<beans:bean class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor"
p:paramName="lang"/>
</interceptors>
<beans:bean class="org.springframework.ui.context.support.ResourceBundleThemeSource"
id="themeSource"/>
<beans:bean class="org.springframework.web.servlet.theme.CookieThemeResolver"
id="themeResolver" p:cookieName="theme" p:defaultThemeName="standard"/>
<beans:bean
class="org.springframework.context.support.ReloadableResourceBundleMessageSource"
id="messageSource" p:basenames="WEB-INF/i18n/messages,WEB-INF/i18n/application"
p:fallbackToSystemLocale="false"/>
<beans:bean class="org.springframework.web.servlet.i18n.CookieLocaleResolver"
id="localeResolver" p:cookieName="locale"/>
<beans:bean id="validator"
class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean">
<beans:property name="validationMessageSource" ref="messageSource"/>
</beans:bean>
<beans:bean
class="org.springframework.web.multipart.support.StandardServletMultipartResolver"
id="multipartResolver"/>
<!-- Tiles Configuration -->
<beans:bean class="org.springframework.web.servlet.view.UrlBasedViewResolver"
id="tilesViewResolver">
<beans:property name="viewClass"
value="org.springframework.web.servlet.view.tiles2.TilesView"/>
</beans:bean>
<beans:bean class="org.springframework.web.servlet.view.tiles2.TilesConfigurer"
id="tilesConfigurer">
<beans:property name="definitions">
<beans:list>
<beans:value>/WEB-INF/layouts/layouts.xml</beans:value>
<!-- Scan views directory for Tiles configurations -->
<beans:value>/WEB-INF/views/**/views.xml</beans:value>
</beans:list>
</beans:property>
</beans:bean>
And my actual annotation:
#PreAuthorize("isAuthenticated()")
#RequestMapping(params = "form", method = RequestMethod.GET)
public String createForm(Model uiModel) {
Contact contact = new Contact();
uiModel.addAttribute("contact", contact);
return "contacts/create";
}

Try enabling the #PreAuthorize annotation.

Spring mvc 3 with tiles 2 gives 400 bad request

I'm trying to add Apache Tiles to a simple Spring MVC webapp I'm playing with and I can't seem to get it to work (it worked without Tiles). Any request I make gives back 400 bad request, nothing appears in the log (even set to DEBUG) so I'm not sure where to start debbuging. As far as I can tell the Controller mapped method is never called as there's logging in there and it doesn't appear in the log (plus before that I would get a lot of debug info from spring about resolving the mapping to the controller before it was actually called - which now doesn't appear).
My config files are as follows (all under /WEB-INF/):
web.xml:
<?xml version="1.0" encoding="ISO-8859-1" standalone="no"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="2.5" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>myapp</display-name>
<!-- Enable escaping of form submission contents -->
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:META-INF/spring/applicationContext*.xml</param-value>
</context-param>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>HttpMethodFilter</filter-name>
<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>HttpMethodFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Handles Spring requests -->
<servlet>
<servlet-name>myapp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myapp</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>10</session-timeout>
</session-config>
</web-app>
myapp-servlet.xml:
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:p="http://www.springframework.org/schema/p"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
<!-- The controllers are autodetected POJOs labeled with the #Controller
annotation. -->
<context:component-scan base-package="com.myapp.controller"
use-default-filters="false">
<context:include-filter expression="org.springframework.stereotype.Controller"
type="annotation" />
</context:component-scan>
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources -->
<mvc:resources location="/resources/" mapping="/resources/**" />
<!-- Allows for mapping the DispatcherServlet to "/" by forwarding static
resource requests to the container's default Servlet -->
<mvc:default-servlet-handler />
<mvc:annotation-driven />
<bean id="tilesConfigurer"
class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
<bean id="viewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.tiles2.TilesView" />
</bean>
</beans>
tiles.xml
<tiles-definitions>
<definition name="product_detail" template="/WEB-INF/layout/detail.jsp">
<put-attribute name="header" value="/WEB-INF/view/header.jsp" />
<put-attribute name="banner" value="" />
<put-attribute name="body" value="/WEB-INF/view/product.jsp" />
<put-attribute name="footer" value="/WEB-INF/view/footer.jsp" />
</definition>
</tiles-definitions>
The layout just contains one div for each part wrapping a tag. All the views contain simple code like a header or a div.
And for the controller
ProductController.java:
#Controller
#RequestMapping("/product")
public class ProductController {
protected Logger logger = Logger.getLogger(getClass());
#Autowired
private ProductService productService;
#RequestMapping(value = "/{id}", method = RequestMethod.GET)
public ModelAndView getProduct(#PathVariable Long id) {
logger.info("GET product " + id);
Product product = productService.find(id);
ModelAndView mv = new ModelAndView("product_detail", "product", product);
return mv;
}
}
Deploying this with maven embedded tomcat plugin and going to localhost:8080/myapp/product/1 just gives HTTP 400 code without any other indication that something went wrong. There is a product in the DB with that id and everything from the controller down works, as I tried it before adding tiles.
Sorry for the code drop but I can't get this to work for some time now, and I have no idea what else to try or where to start debugging.
Is there some way to force logging what the problem was when a 400 bad request is returned?

You're missing the reference to your myapp-servlet.xml in the servlet configuration.
<!-- Handles Spring requests -->
<servlet>
<servlet-name>myapp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/spring/myapp-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myapp</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>

Got Problems with Tuckey UrlRewriteFilter and Spring 3 Web MVC

I have a Spring Web MVC application and I want to use RESTful URLs. Regrettably I haven't found any configuration that works for me with Tuckey's UrlRewriteFilter.
I'm using the "DefaultAnnotationHandlerMapping" and I added "urlrewritefilter.jsp" to my classpath and copied "urlrewrite.xml" into "/WEB-INF/".
I wan't to achieve that xyz://www.domain.com/abc will be redirected (invisible for the user) to xyz://www.domain.com/app/abc to catch it with my Controller and to let xyz://www.domain.com/css untouched.
My "web.xml" is configured this way:
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="xyz://java.sun.com/xml/ns/javaee" xmlns:xsi="xyz://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="xyz://java.sun.com/xml/ns/javaee xyz://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<!-- Context -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<!-- Context Loader -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Tuckey UrlRewriteFilter -->
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Dispatcher Servlet -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/app/*</url-pattern>
</servlet-mapping>
<!-- All the rest... -->
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>redirect.jsp</welcome-file>
</welcome-file-list>
</web-app>
My "urlrewrite.xml" is configured this way:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE urlrewrite PUBLIC "-//tuckey.org//DTD UrlRewrite 3.2//EN"
"xyz://tuckey.org/res/dtds/urlrewrite3.2.dtd">
<urlrewrite default-match-type="wildcard">
<rule>
<from>/**</from>
<to>/app/$1</to>
</rule>
<outbound-rule>
<from>/app/**</from>
<to>/$1</to>
</outbound-rule>
</urlrewrite>
My AbcController.java for mapping xyz://www.domain.com/abc has such methods:
#RequestMapping(value = "/app/abc", method=RequestMethod.GET)
public void displayRegistration(Model model)
{
...
}
But I always receive "HTTP Status 404" when trying to access xyz://www.domain.com/ or xyz://www.domain.com/abc :-(
It would be very nice if somebody could help.
Greetings
Benny

Did you try with
#RequestMapping(value = "/abc", method=RequestMethod.GET)

Really late reply.
You need to add the grouping symbols (.*)
<urlrewrite >
<rule>
<from>^/(en|de)/(.*)$</from>
<to >/$2?lang=$1</to>
</rule>
</urlrewrite>

Resources