This post has NOT been accepted by the mailing list yet.
Hello. I have ongoing GWT app with Spring Security (based on gwt-sl).
I would like to integrate Atmosphere. And I have an issue. What I do: 1) I login to the system as usually for spring security. 2) On the client side I create rpcRequest as described in examples gwt20-rpc or gwt20-managed-rpc. 3) I have GET request -> onReady on server side reached -> I have Spring Security session here. User subscribed. 4) I have some scheduled RPCs. they works fine here because user still has session. 5) I do atmosphere push: rpcRequest.push(myevent2); where myevent2 is EventFoo as per example. 6) On server side Post listener is reached. EventFoo is deserialized. 7) I respond to client. And luck again. It works. 8) But since now Spring Security Session is invalidated. All my plain RPC calls have 401 error. After next atmosphere push on the server side spring session is absent. What is wrong? My web.xml with related settings: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd"> <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="explorer"> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml /WEB-INF/spring-security.xml </param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <servlet> <servlet-name>gwt</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>gwt</servlet-name> <url-pattern>/MY_APP_PATH.Explorer/rpc/*</url-pattern> </servlet-mapping> <servlet> <servlet-name>init</servlet-name> <servlet-class>MY_APP_PATH.shared.util.BootstrapValidationServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet> <description>AtmosphereServlet</description> <servlet-name>AtmosphereServlet</servlet-name> <servlet-class>org.atmosphere.cpr.AtmosphereServlet</servlet-class> <init-param> <param-name>org.atmosphere.cpr.packages</param-name> <param-value>MY_APP_PATH.server.atmosphere</param-value> </init-param> <init-param> <param-name>org.atmosphere.useNative</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>org.atmosphere.cpr.sessionSupport</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>org.atmosphere.cpr.AtmosphereInterceptor.disableDefaults</param-name> <param-value>true</param-value> </init-param> <init-param> <param-name>org.atmosphere.useWebSocket</param-name> <param-value>true</param-value> </init-param> <async-supported>true</async-supported> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>AtmosphereServlet</servlet-name> <url-pattern>/MY_APP_PATH.Explorer/atmosphere/*</url-pattern> </servlet-mapping> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <listener> <listener-class>org.atmosphere.cpr.SessionSupport</listener-class> </listener> </web-app> spring security config <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <http auto-config="true" entry-point-ref="http401UnauthorizedEntryPoint" create-session="always"> <form-login authentication-success-handler-ref="authenticationSuccessHandler" authentication-failure-handler-ref="authenticationFailureHandler" /> <logout delete-cookies="JSESSIONID" success-handler-ref="logoutSuccessHandler"/> <intercept-url pattern="/MY_APP_PATH.Explorer/rpc/UserService" access="ROLE_ADMIN,ROLE_ADMIN_USER_CURRENT_WRITE"/> </http> <beans:bean id="http401UnauthorizedEntryPoint" class="MY_APP_PATH.server.security.Http401UnauthorizedEntryPoint" /> <beans:bean id="authenticationFailureHandler" class="MY_APP_PATH.server.security.GWTAuthenticationFailureHandler"/> <beans:bean id="logoutSuccessHandler" class="MY_APP_PATH.server.security.GWTLogoutSuccessHandler"/> <beans:bean id="authenticationSuccessHandler" class="MY_APP_PATH.server.security.GWTAuthenticationSuccessHandler"/> <authentication-manager> <authentication-provider user-service-ref="userDetailsService"/> </authentication-manager> <beans:bean id="userDetailsService" class="MY_APP_PATH.server.security.UserRuntimeDetailsController"/> <global-method-security secured-annotations="enabled" jsr250-annotations="disabled" /> </beans:beans> Thanks in advance |
Free forum by Nabble | Edit this page |