java - Spring security does not work on server (google appengine) -
i have simple spring project works locally. urls intercepted spring security when upload same google appengine server, security fails work , assciated method instead executed.
public class springsecutiryinitializer extends abstractsecuritywebapplicationinitializer { // nothing. initializes security chain. } public class springmvcinitializer extends abstractannotationconfigdispatcherservletinitializer { @override protected class<?>[] getrootconfigclasses() { return new class[] { appconfig.class, securityconfig.class }; } @override protected class<?>[] getservletconfigclasses() { return null; } @override protected string[] getservletmappings() { return new string[] { "/" }; } } @configuration @enablewebsecurity public class securityconfig extends websecurityconfigureradapter { @autowired environment env; @autowired datasource datasource; @autowired public void configureglobal(authenticationmanagerbuilder auth) throws exception { string databasename = env.getproperty("jdbc.databasename"); auth.jdbcauthentication() .datasource(datasource) .usersbyusernamequery( "select username,password,enabled user username=?") .authoritiesbyusernamequery( "select user.username, role.role (" + databasename + ".user_role role join " + databasename + ".user user on" + " role.auth_id = user.auth_id) user.username=?"); } } @configuration @enablewebmvc @enabletransactionmanagement @componentscan({ "com.djw" }) public class appconfig { // configure different beans } appengine-web.xml
<?xml version="1.0" encoding="utf-8"?> <appengine-web-app xmlns="http://appengine.google.com/ns/1.0"> <!-- fill in app name , version --> <application>project-name-removed</application> <version>1</version> <threadsafe>true</threadsafe> <!-- configure serving/caching of gwt files --> <static-files> <include path="**" /> <!-- following line requires app engine 1.3.2 sdk --> <include path="**.nocache.*" expiration="0s" /> <include path="**.cache.*" expiration="365d" /> <exclude path="**.gwt.rpc" /> </static-files> <use-google-connector-j>true</use-google-connector-j> <sessions-enabled>true</sessions-enabled> <system-properties> <property name="java.util.logging.config.file" value="web-inf/appengine_logging.properties"/> <property name="spring.profiles.active" value="prod"/> </system-properties> </appengine-web-app> web.xml
<?xml version="1.0" encoding="utf-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <display-name>archetype created web application</display-name> <!-- declare spring mvc dispatcherservlet usual --> <servlet> <servlet-name>web</servlet-name> <servlet-class>org.springframework.web.servlet.dispatcherservlet</servlet-class> <!-- configure dispatcherservlet use annotationconfigwebapplicationcontext instead of default xmlwebapplicationcontext --> <init-param> <param-name>contextclass</param-name> <param-value> org.springframework.web.context.support.annotationconfigwebapplicationcontext </param-value> </init-param> <!-- again, config locations must consist of 1 or more comma- or space-delimited , fully-qualified @configuration classes --> <init-param> <param-name>contextconfiglocation</param-name> <param-value>com.djw.config.appconfig</param-value> </init-param> </servlet> <!-- map requests / dispatcher servlet --> <servlet-mapping> <servlet-name>web</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app> with these, url try open intercepted spring username , password. on server, let requests pass. why happen?
one thing learn here google app engine supports servlet version 2.5, , abstractannotationconfigdispatcherservletinitializer requires servlet version 3.0. so, have use xml config settings.
Comments
Post a Comment