Embedded Jetty doesn't recognise Spring MVC Security -
i developing spring application starts embedded jetty server. "deploys" spring mvc web app jetty server.
all working multiple controllers, fail add spring security web app. use programmatic , annotation-based configuration , jetty server configured this:
server server = new server(8080); server.setstopatshutdown(true); annotationconfigwebapplicationcontext context = new annotationconfigwebapplicationcontext(); context.setconfiglocation("com.mypackage.web"); context.setparent(maincontext); servletcontexthandler contexthandler = new servletcontexthandler(); contexthandler.seterrorhandler(null); contexthandler.setcontextpath("/"); dispatcherservlet dispatcherservlet = new dispatcherservlet(context); defaultservlet staticservlet = new defaultservlet(); contexthandler.addservlet(new servletholder(dispatcherservlet), "/"); contexthandler.addservlet(new servletholder("staticservlet", staticservlet), "/res"); contexthandler.addeventlistener(new contextloaderlistener(context)); contexthandler.setresourcebase("webapp"); server.sethandler(contexthandler);
i created class com.mypackage.web.securityconfig extends websecurityconfigureradapter
, overrides configure method so:
@configuration @enablewebmvcsecurity public class securityconfig extends websecurityconfigureradapter { @override protected void configure(httpsecurity http) throws exception { http .authorizerequests() .anyrequest().authenticated() .and() .formlogin().and() .httpbasic(); } }
as far understand documentation, should enough "lock down" application. when start application in debug mode, breakpoint gets hit in configure method, spring seems detect config class.
however, can still access page in application without getting redirected default login form.
do need tell jetty servlet container config or missing else?
okay, missed need add spring's delegatingfilterproxy jetty's servletcontexthandler. usual spring way extend abstractsecuritywebapplicationinitializer, add filter proxy. unfortunately didn't work jetty.
one can add filter proxy manually jetty, though, call explained in comment:
import static org.springframework.security.web.context.abstractsecuritywebapplicationinitializer.default_filter_name; ... servletcontexthandler contexthandler = new servletcontexthandler(); ... contexthandler.addfilter( new filterholder( new delegatingfilterproxy( default_filter_name ) ), "/*", enumset.allof( dispatchertype.class ));
i had enable session-handling in jetty, explained here.
Comments
Post a Comment