2

We are developing "box" web-product, so I cannot foreseen the environment where application is deployed. This application uses spring-security. But it is appeared that if Tomcat placed application not at the root then following configuration fails:

<sec:http auto-config="true" >
    ....
    <sec:form-login login-page="/ui/Login" />

Following recommendation: https://stackoverflow.com/a/6934712/149818 to use

#{servletContext.contextPath} doesn't work. User instead of http://foo/myApp/ui/Login is redirected to http://foo/ui/Login

So my question is

  • either how to get #{servletContext.contextPath} alive
  • or how to force spring-security recognize actual contextPath
Community
  • 1
  • 1
Dewfy
  • 23,277
  • 13
  • 73
  • 121
  • 1
    I'm pretty sure that context path is appeded to `login-page` automatically. Which version of Spring Security do you use? – axtavt Dec 09 '11 at 13:43
  • 2
    That doesn't sound right. The `LoginUrlAuthenticationEntryPoint` class which handles the redirect will always include the context path as part of the URL (the sample apps have a context path, for example). Could you post the relevant section of the debug log where the redirect takes place? You should normally see a message from the `ExceptionTranslationFilter` as described in [the FAQ](http://static.springsource.org/spring-security/site/faq/faq.html#faq-anon-access-denied) and shortly after that "Redirecting to " followed by the URL. – Shaun the Sheep Dec 12 '11 at 01:49
  • @Luke Taylor - thanks a lot. Since I've started log everything became right - I've lost root '/' see my self answer – Dewfy Dec 12 '11 at 12:31

1 Answers1

1

Great thanks to @Luke Taylor and @axtavt - my error is missing root '/' in the 

<sec:http auto-config="true" use-expressions="true">
     <sec:intercept-url pattern="/ui/Login" 
                        access="IS_AUTHENTICATED_ANONYMOUSLY"/>

When '/' appears - #{servletContext.contextPath} starts work correctly.

Dewfy
  • 23,277
  • 13
  • 73
  • 121