Uploaded image for project: 'Spring Roo'
  1. Spring Roo
  2. ROO-1585

HttpMethodFilter should come before springSecurityFilterChain in web.xml

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Complete
    • Affects Version/s: 1.1.0.RC1
    • Fix Version/s: 1.1.0.RELEASE
    • Component/s: SECURITY
    • Labels:
      None
    • Environment:
      Mac OS X 10.6.4, Windows 7 64-bit JDK 1.6.0_22

      Description

      When adding security to a Roo project with the "security setup" command, a filter is added to the web.xml for Spring Security. This filter is put before HttpMethodFilter, but it needs to be put after. HttpMethodFilter is responsible for converting the Spring MVC HTTP POST with parameter _method=DELETE into an actual HTTP DELETE method. If you want to define a Spring Security <intercept-url> with method="DELETE", a delete request will only be intercepted if the request has been converted to the HTTP DELETE method previously. Thus the HttpMethodFilter needs to have been called first, and should be put before the springSecurityFilterChain filter in the web.xml.

        Attachments

          Activity

            People

            • Assignee:
              stewarta Alan Stewart
              Reporter:
              xbryan Bryan Keller
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: