spring security - A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored

Question

Welcome To Ask or Share your Answers For Others

spring security - A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored

posted Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

spring security - A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored

I am running into this issue with Spring 3.1.3 release and with the following application context file. I am not quite sure why does this occur. Have looked into most of the posts related to this. I dont think I have a version mismatch.

Application Context file:

<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:security="http://www.springframework.org/schema/security"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
          http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
          http://www.springframework.org/schema/security
          http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<security:http auto-config='true' entry-point-ref="casEntryPoint" >
    <security:intercept-url pattern="/panelpipeline/**" access="ROLE_USER"/>
    <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
</security:http>

<bean id="serviceProperties" class="org.springframework.security.cas.ServiceProperties">
    <property name="service"
        value="https://seqdws1/cas/j_spring_cas_security_check" />
    <property name="sendRenew" value="false" />
</bean>

<security:http entry-point-ref="casEntryPoint">
    <security:custom-filter position="CAS_FILTER"
        ref="casFilter" />
</security:http>

<bean id="casFilter"
    class="org.springframework.security.cas.web.CasAuthenticationFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<bean id="casEntryPoint"
    class="org.springframework.security.cas.web.CasAuthenticationEntryPoint">
    <property name="loginUrl" value="https://seqdws1/cas/login" />
    <property name="serviceProperties" ref="serviceProperties" />
</bean>

<security:authentication-manager alias="authenticationManager">
    <security:authentication-provider
        ref="casAuthenticationProvider" />
</security:authentication-manager>

<bean id="casAuthenticationProvider"
    class="org.springframework.security.cas.authentication.CasAuthenticationProvider">
    <property name="userDetailsService" ref="userService" />
    <property name="serviceProperties" ref="serviceProperties" />
    <property name="ticketValidator">
        <bean class="org.jasig.cas.client.validation.Cas20ServiceTicketValidator">
            <constructor-arg index="0" value="https://seqdws1/cas" />
        </bean>
    </property>
    <property name="key" value="an_id_for_this_auth_provider_only" />
</bean>

<security:user-service id="userService">
    <security:user name="joe" password="joe" authorities="ROLE_USER" />     
</security:user-service>

<!-- <security:authentication-manager> <security:authentication-provider> 
    <security:user-service> <security:user name="jimi" password="jimispassword" 
    authorities="ROLE_USER, ROLE_ADMIN" /> <security:user name="bob" password="bobspassword" 
    authorities="ROLE_USER" /> </security:user-service> </security:authentication-provider> 
    </security:authentication-manager> -->

POM dependencies

<dependencies>
    <dependency>
        <groupId>com.google.gwt</groupId>
        <artifactId>gwt-servlet</artifactId>
        <version>${gwtVersion}</version>
        <scope>runtime</scope>
    </dependency>
    <dependency>
        <groupId>com.google.gwt</groupId>
        <artifactId>gwt-user</artifactId>
        <version>${gwtVersion}</version>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>junit</groupId>
        <artifactId>junit</artifactId>
        <version>4.7</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>javax.validation</groupId>
        <artifactId>validation-api</artifactId>
        <version>1.0.0.GA</version>
        <scope>test</scope>
    </dependency>
    <dependency>
        <groupId>javax.validation</groupId>
        <artifactId>validation-api</artifactId>
        <version>1.0.0.GA</version>
        <classifier>sources</classifier>
        <scope>test</scope>
    </dependency>


    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-context</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-beans</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-core</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-tx</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-web</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-jdbc</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-aop</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-asm</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework</groupId>
        <artifactId>spring-expression</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-cas</artifactId>
        <version>3.1.3.RELEASE</version>
    </dependency>

</dependencies>

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

深蓝 · Answer 1 · 2021-10-23T21:33:51+0000

The configuration you've posted has two <http> elements, neither of which has a pattern attribute so both are implicitly defined to match all requests. The second one will overwrite the first.

That doesn't necessarily explain why you are seeing this message (since it should normally apply to filters within a single chain), but it is definitely a mistake.

You should also probably remove auto-config='true' unless you know for sure that you want the extra filters which it implicitly adds.

Categories

spring security - A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored

spring security - A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags