Atmosphere with Spring Security for GWT app

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Atmosphere with Spring Security for GWT app

Alex
This post has NOT been accepted by the mailing list yet.
Hello. I have ongoing GWT app with Spring Security (based on gwt-sl).
I would like to integrate Atmosphere. And I have an issue. What I do:

1) I login to the system as usually for spring security.
2) On the client side I create rpcRequest as described in examples gwt20-rpc or gwt20-managed-rpc.
3) I have GET request -> onReady on server side reached -> I have Spring Security session here. User subscribed.
4) I have some scheduled RPCs. they works fine here because user still has session.
5) I do atmosphere push: rpcRequest.push(myevent2); where myevent2 is EventFoo as per example.
6) On server side Post listener is reached. EventFoo is deserialized.
7) I respond to client. And luck again. It works.
8) But since now Spring Security Session is invalidated. All my plain RPC calls have 401 error. After next atmosphere push on the server side spring session is absent.
What is wrong?
My web.xml with related settings:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
         id="explorer">
    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <servlet>
        <servlet-name>gwt</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>gwt</servlet-name>
        <url-pattern>/MY_APP_PATH.Explorer/rpc/*</url-pattern>
    </servlet-mapping>

    <servlet>
        <servlet-name>init</servlet-name>
        <servlet-class>MY_APP_PATH.shared.util.BootstrapValidationServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>



    <servlet>
        <description>AtmosphereServlet</description>
        <servlet-name>AtmosphereServlet</servlet-name>
        <servlet-class>org.atmosphere.cpr.AtmosphereServlet</servlet-class>
        <init-param>
            <param-name>org.atmosphere.cpr.packages</param-name>
            <param-value>MY_APP_PATH.server.atmosphere</param-value>
        </init-param>
        <init-param>
            <param-name>org.atmosphere.useNative</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>org.atmosphere.cpr.sessionSupport</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>org.atmosphere.cpr.AtmosphereInterceptor.disableDefaults</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
            <param-name>org.atmosphere.useWebSocket</param-name>
            <param-value>true</param-value>
        </init-param>

        <async-supported>true</async-supported>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>AtmosphereServlet</servlet-name>
        <url-pattern>/MY_APP_PATH.Explorer/atmosphere/*</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>
    <listener>
        <listener-class>org.atmosphere.cpr.SessionSupport</listener-class>
    </listener>
</web-app>


spring security config

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
  xmlns:beans="http://www.springframework.org/schema/beans"
  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://www.springframework.org/schema/beans
           http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
           http://www.springframework.org/schema/security
           http://www.springframework.org/schema/security/spring-security-3.1.xsd">
       <http auto-config="true" entry-point-ref="http401UnauthorizedEntryPoint" create-session="always">
    <form-login authentication-success-handler-ref="authenticationSuccessHandler"
    authentication-failure-handler-ref="authenticationFailureHandler"
                    />
    <logout delete-cookies="JSESSIONID" success-handler-ref="logoutSuccessHandler"/>
            <intercept-url pattern="/MY_APP_PATH.Explorer/rpc/UserService" access="ROLE_ADMIN,ROLE_ADMIN_USER_CURRENT_WRITE"/>
      </http>
 
    <beans:bean id="http401UnauthorizedEntryPoint"
        class="MY_APP_PATH.server.security.Http401UnauthorizedEntryPoint" />
    <beans:bean id="authenticationFailureHandler" class="MY_APP_PATH.server.security.GWTAuthenticationFailureHandler"/>
    <beans:bean id="logoutSuccessHandler" class="MY_APP_PATH.server.security.GWTLogoutSuccessHandler"/>
    <beans:bean id="authenticationSuccessHandler" class="MY_APP_PATH.server.security.GWTAuthenticationSuccessHandler"/>
      <authentication-manager>
          <authentication-provider user-service-ref="userDetailsService"/>
      </authentication-manager>
    <beans:bean id="userDetailsService" class="MY_APP_PATH.server.security.UserRuntimeDetailsController"/>
    <global-method-security
        secured-annotations="enabled" jsr250-annotations="disabled" />
</beans:beans>

Thanks in advance
Loading...