on 07-22-2013 5:58 PM
I am in the process of porting an application that has run successfully on Jetty, Tomcat, and Cloud Foundry to NetWeaver and am seeing an issue that I have no seen on other application servers.
Here is the warning:
>>> Warnings <<<
1). com.sap.ASJ.web.000607 (Failed in component: sap.com/eds-ear, ) Initialization of servlet [uploadServlet] failed. Check init() method of servlet. Error is: [org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration]
Here is my app-web-security.xml that I believe the error is is complaining about:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- Anonymous assets -->
<http pattern="/favicon.ico" security="none" />
<http pattern="**/images/**" security="none" />
<http pattern="**/styles/**" security="none" />
<http pattern="/solutionsuiteui/styles/**" security="none" />
<http pattern="/solutionsuiteui/images/**" security="none" />
<http pattern="/solutionsuiteui/dojo/**" security="none" />
<http pattern="/solutionsuiteui/dijit/**" security="none" />
<http pattern="/solutionsuiteui/dojox/**" security="none" />
<http pattern="/solutionsuiteui/yui/**" security="none" />
<http authentication-manager-ref="authenticationManager" entry-point-ref="authEntryPoint" use-expressions="true">
<intercept-url pattern="/login.jsp" access="permitAll()" />
<intercept-url pattern="/solutionsuiteui/remote_logging" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN') and permitAll()" />
<intercept-url pattern="/solutionsuiteui/dispatch" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN') and permitAll()" />
<intercept-url pattern="/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" />
<custom-filter position="FIRST" ref="retainAnchorFilter" />
<custom-filter ref="usernamePasswordAuthenticationFilter" after="FORM_LOGIN_FILTER" />
<custom-filter ref="logoutFilter" after="LOGOUT_FILTER" />
<custom-filter ref="tamperedUrlLogoutFilter" after="LAST" />
<access-denied-handler ref="accessDeniedHandlerImpl" />
</http>
</beans:beans>
Does anybody know what's wrong with my XML?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
93 | |
10 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.