0

I have the following servlet definitions:

    <servlet>
        <servlet-name>licenseGenService</servlet-name>
        <servlet-class>org.springframework.web.context.support.HttpRequestHandlerServlet</servlet-class>
    </servlet>

    <servlet-mapping>
        <servlet-name>licenseGenService</servlet-name>
        <url-pattern>/remoting/licensing</url-pattern>
    </servlet-mapping>

    <!-- Restful API Servlet-->
    <servlet>
        <servlet-name>licensingRestService</servlet-name>
        <servlet-class>
            com.sun.jersey.spi.spring.container.servlet.SpringServlet
        </servlet-class>
        <init-param>
            <param-name>
                    com.sun.jersey.config.property.packages
            </param-name>
            <param-value>
                com.mydomain.licensing.rest
            </param-value>
        </init-param>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
        <servlet-name>licensingRestService</servlet-name>
        <url-pattern>/*</url-pattern>
    </servlet-mapping>

And then the following security filter:

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>


    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

So based on what I have read, url patterns with /* are overwritten by those with explicit urls. This works fine for my servlets. The things is, I do not want basic authentication required for the licenseGenService servlet. How can I define the security filter to only apply to the REST servlet, and not the licenseGenService one?

Improve this question
3
  • what do you mean by ava to Java remoting servlet. Commented Nov 6, 2012 at 19:31
  • Apologies, the licenseGenService servlet. I will edit to make it more clear. Its a case of I know what I am trying to type, but I forget the audience Commented Nov 6, 2012 at 19:34
  • can you map the licensingRestService to /api, then apply security filter to /api? otherwise you will need to programmatically filter out the /remoting/licensing in a filter, then continue to the security filter (ie. filterchain). For example, have your filter take a ignore-patterns param, then check in your filter if the url is in the ignore-patterns before forwarding to next filter in chain. Commented Nov 6, 2012 at 20:02

2 Answers 2

Reset to default
1

You can configure the urls that need to be authorized in the application context xml. 

<http use-expressions="true">
  <intercept-url pattern="/remoting/licensing/**"  filters="none" />
</http>
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

This is the deprecated version. But thank you you lead me in the right direction.
1

I ended up placing the following in my security application context:

<http pattern="/remoting/**" security="none"/>

This works for Spring 3.1

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.