0

I wrote a small Spring MVC application with Java Config and secured it with Spring Security 3.2.5. It is working perfectly fine on Tomcat but not on JBoss EAP 6.2. It gets successfully deployed on JBoss but I get this warning when I request any page defined by Spring MVC and 404 error in browser.

WARN [org.springframework.web.servlet.PageNotFound] (http-/127.0.0.1:8080-1) No mapping found for HTTP request with URI [/example-web/pages/login.jsp] in DispatcherServlet with name 'dispatcher'

Since Spring Security is used, for any request that needs authenticated user e.g. http://localhost:8080/example-web/start, Spring Security redirects to https://localhost:8443/example-web/login That is when I see the warning and 404 error.

Here you can see my code:

public class WebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

@Override
protected Class<?>[] getRootConfigClasses() {
    return new Class[] { RootConfiguration.class};
}

@Override
protected Class<?>[] getServletConfigClasses() {
    return new Class[] { WebMvcConfig.class };
}

@Override
protected String[] getServletMappings() {
    return new String[] { "/*" };
}

@Override
protected Filter[] getServletFilters() {
    return new Filter[] { new HiddenHttpMethodFilter() };
}
}

Here is my Spring MVC configuration:

@EnableWebMvc
@ComponentScan("com.spring.example.w.controller")
@Configuration
public class WebMvcConfig extends WebMvcConfigurerAdapter {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {
        registry.addViewController("login").setViewName("login");
        registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
    }

    @Bean
    public InternalResourceViewResolver getInternalResourceViewResolver(){
        InternalResourceViewResolver resolver = new InternalResourceViewResolver();
        resolver.setPrefix("/pages/");
        resolver.setSuffix(".jsp");
        return resolver;
    }
}

Below is my Spring Security configuration:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception{

        http
            .addFilter(myUsernamePasswordAuthenticationFilter())
            .authorizeRequests()
                .antMatchers("/login").permitAll()
                .antMatchers("/admin/**").hasRole("Admin")
                .antMatchers("/start/**").hasRole("Viewer")
                .antMatchers("/user/**").hasRole("User")
                .antMatchers("/**").hasRole("User")
                .and()
            .httpBasic().authenticationEntryPoint(loginUrlAuthenticationEntryPoint())
                .and()
            .logout()
                .permitAll()
                .and()
            .requiresChannel()
                 .anyRequest().requiresSecure();
    }

    @Bean
    public LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint(){
        LoginUrlAuthenticationEntryPoint loginUrlAuthenticationEntryPoint = new LoginUrlAuthenticationEntryPoint("/login");
        return loginUrlAuthenticationEntryPoint;
    }


    @Bean
    public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider(){
        ActiveDirectoryLdapAuthenticationProvider authProvider = new ActiveDirectoryLdapAuthenticationProvider(my_domain, my_url);
        authProvider.setConvertSubErrorCodesToExceptions(true);
        authProvider.setUseAuthenticationRequestCredentials(true);
        authProvider.setUseAuthenticationRequestCredentials(true);
        authProvider.setUserDetailsContextMapper(userDetailsContextMapper());
        return authProvider;
    }

    @Bean
    public UserDetailsContextMapper userDetailsContextMapper(){
        CustomUserDetailsContextMapper myAuthoritiesPopulator = new CustomUserDetailsContextMapper();
        return myAuthoritiesPopulator;
    }

    @Bean
    public CustomUsernamePasswordAuthenticationFilter myUsernamePasswordAuthenticationFilter()
            throws Exception {
        CustomUsernamePasswordAuthenticationFilter usernamePasswordAuthenticationFilter = new CustomUsernamePasswordAuthenticationFilter();
        usernamePasswordAuthenticationFilter.setAuthenticationManager(authenticationManager());
        usernamePasswordAuthenticationFilter.setAllowSessionCreation(true);
        SavedRequestAwareAuthenticationSuccessHandler successHandler = new SavedRequestAwareAuthenticationSuccessHandler();
        usernamePasswordAuthenticationFilter.setAuthenticationSuccessHandler(successHandler);
        usernamePasswordAuthenticationFilter.setAuthenticationFailureHandler(new SimpleUrlAuthenticationFailureHandler("/login?error"));
        usernamePasswordAuthenticationFilter.afterPropertiesSet();
        return usernamePasswordAuthenticationFilter;
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
        auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider());
    }
}

Then SecurityWebApplicationInitializer:

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}

And RootConfig:

@Configuration
@ComponentScan
public class RootConfiguration {
}

And below is how I configured JBoss for SSL:

<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http" redirect-port="8443"/>
    <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" enable-lookups="false" secure="true">
        <ssl name="ssl" password="<my_password>" certificate-key-file="c:\mykeystore.jks" protocol="TLSv1" verify-client="false"/>
    </connector>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
    </virtual-server>
</subsystem>

During deployment, I can see in the log that the requests do get mapped:

INFO  [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping] (ServerService Thread Pool -- 71) Mapped "{[/start],methods=[GET],params=[],headers=[],consumes=[],produces=[],custom=[]}" onto public org.springframework.web.servlet.ModelAndView com.spring.example.w.controller.StartController.handleStart() throws javax.servlet.ServletException,java.io.IOException
INFO  [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping] (ServerService Thread Pool -- 71) Mapped URL path [/login] onto handler of type [class org.springframework.web.servlet.mvc.ParameterizableViewController]
INFO  [org.springframework.web.context.ContextLoader] (ServerService Thread Pool -- 71) Root WebApplicationContext: initialization completed in 2530 ms
INFO  [org.apache.catalina.core.ContainerBase.[jboss.web].[default-host].[/example-web]] (ServerService Thread Pool -- 71) Initializing Spring FrameworkServlet 'dispatcher'
INFO  [org.springframework.web.servlet.DispatcherServlet] (ServerService Thread Pool -- 71) FrameworkServlet 'dispatcher': initialization started

Any help about why I get 404 error and this warning is highly appreciated. Once again I should emphasize that it is working on Tomcat. Thanks in advance.

Samaneh
  • 73
  • 2
  • 9
  • Do you get a 404 if you request the https URL directly? Do other requests over https work? If you remove spring security from your app does it work over https? Also, you should probably enable debug logging and try and work out exactly how the request is handled. – Shaun the Sheep Oct 21 '14 at 18:03
  • Thanks very much for your response. I removed all Spring Security config as well as SSL. I tried a simple Spring MVC example and compared it with Spring MVC sample. But I got the same error, 404. Since my application works perfectly fine with Tomcat, I guess the difference between Tomcat and JBoss Servlet container may be the reason. For example, I found this post: [link](http://stackoverflow.com/questions/20666513/spring-java-config-vs-jboss-7). Although I have already changed Servlet mapping to "/*" instead of "/". – Samaneh Oct 26 '14 at 10:08
  • I should mention that I can run my application (Spring MVC Security) with XML setting on JBoss. – Samaneh Oct 26 '14 at 10:10
  • Ok. I'd say you should probably delete this question and create a new one with the minimal amount of information and any additional debugging you can do, as most of the information here isn't relevant anymore if it happens without Spring Security. In general before posting, you should try to reduce your code to the minimal app which will reproduce the issue. – Shaun the Sheep Oct 26 '14 at 15:58
  • I created another post regarding this problem: http://stackoverflow.com/questions/26752124/404-error-using-spring-mvc-java-config-on-jboss – Samaneh Nov 05 '14 at 07:58

1 Answers1

0

Can you check if the connector port is enabled for SSL. This link has some details. Redirecting from non ssl port 8080 to ssl port 8443

hope it helps

Community
  • 1
  • 1
rvini
  • 441
  • 2
  • 4
  • 12
  • Thanks for your answer. I checked it and there is no issue with connector port for SSL. I managed to run the application with XML config on JBoss with SSL. – Samaneh Oct 26 '14 at 10:02