Spring Security
  1. Spring Security
  2. SEC-2034

A universal match pattern ('/**') is defined before other patterns in the filter chain

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Minor Minor
    • Resolution: Invalid
    • Affects Version/s: 3.1.2
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Environment:
      Windows 7, Websphere 7.0.0.19, Spring 3.1.0.RELEASE

      Description

      I have generated a spring project using Roo, and used the security setup addon to add in the spring security. The security works fine on Tomcat 7, but am running into the following problem when trying to deploy to Websphere 7.0.0.19. I'm currently using Spring Security 3.1.2.RELEASE. I've seen other projects use the Spring DelegatingFilterProxy just fine within Websphere. Anybody have any ideas?

      http://forum.springsource.org/showthread.php?126630-Websphere-7-universal-match-pattern-%28-**-%29-is-defined-before-other-patterns

      http://stackoverflow.com/questions/10721705/websphere-7-universal-match-pattern-is-defined-before-other-patterns

      E com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor createServletWrapper Error occured while preparing the servlet for initialization. 
                                       javax.servlet.ServletException: SRVE0207E: Uncaught initialization exception created by servlet
      	at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:434)
      	at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:169)
      	at com.ibm.ws.webcontainer.servlet.ServletWrapper.initialize(ServletWrapper.java:1809)
      	at com.ibm.wsspi.webcontainer.extension.WebExtensionProcessor.createServletWrapper(WebExtensionProcessor.java:98)
      	at com.ibm.ws.webcontainer.webapp.WebApp.getServletWrapper(WebApp.java:1038)
      	at com.ibm.ws.webcontainer.webapp.WebApp.getServletWrapper(WebApp.java:959)
      	at com.ibm.ws.webcontainer.webapp.WebApp.initializeTargetMappings(WebApp.java:638)
      	at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinally(WebApp.java:436)
      	at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:304)
      	at com.ibm.ws.webcontainer.webapp.WebGroupImpl.addWebApplication(WebGroupImpl.java:100)
      	at com.ibm.ws.webcontainer.VirtualHostImpl.addWebApplication(VirtualHostImpl.java:166)
      	at com.ibm.ws.webcontainer.WSWebContainer.addWebApp(WSWebContainer.java:731)
      	at com.ibm.ws.webcontainer.WSWebContainer.addWebApplication(WSWebContainer.java:616)
      	at com.ibm.ws.webcontainer.component.WebContainerImpl.install(WebContainerImpl.java:376)
      	at com.ibm.ws.webcontainer.component.WebContainerImpl.start(WebContainerImpl.java:668)
      	at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:1127)
      	at com.ibm.ws.runtime.component.DeployedApplicationImpl.fireDeployedObjectStart(DeployedApplicationImpl.java:1319)
      	at com.ibm.ws.runtime.component.DeployedModuleImpl.start(DeployedModuleImpl.java:610)
      	at com.ibm.ws.runtime.component.DeployedApplicationImpl.start(DeployedApplicationImpl.java:944)
      	at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:740)
      	at com.ibm.ws.runtime.component.ApplicationMgrImpl$1.run(ApplicationMgrImpl.java:1272)
      	at com.ibm.ws.security.auth.ContextManagerImpl.runAs(ContextManagerImpl.java:5216)
      	at com.ibm.ws.security.auth.ContextManagerImpl.runAsSystem(ContextManagerImpl.java:5394)
      	at com.ibm.ws.security.core.SecurityContext.runAsSystem(SecurityContext.java:255)
      	at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplicationDynamically(ApplicationMgrImpl.java:1277)
      	at com.ibm.ws.runtime.component.ApplicationMgrImpl.start(ApplicationMgrImpl.java:2048)
      	at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:385)
      	at com.ibm.ws.runtime.component.CompositionUnitImpl.start(CompositionUnitImpl.java:123)
      	at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.start(CompositionUnitMgrImpl.java:328)
      	at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.startCompositionUnit(CompositionUnitMgrImpl.java:599)
      	at com.ibm.ws.runtime.component.CompositionUnitMgrImpl.startCompositionUnit(CompositionUnitMgrImpl.java:561)
      	at com.ibm.ws.runtime.component.ApplicationMgrImpl.startApplication(ApplicationMgrImpl.java:1184)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      	at java.lang.reflect.Method.invoke(Method.java:611)
      	at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49)
      	at sun.reflect.GeneratedMethodAccessor15.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      	at java.lang.reflect.Method.invoke(Method.java:611)
      	at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256)
      	at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085)
      	at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966)
      	at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848)
      	at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773)
      	at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1333)
      	at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
      	at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1226)
      	at com.ibm.ws.management.application.sync.StartDeploymentTask.startDeployment(StartDeploymentTask.java:236)
      	at com.ibm.ws.management.application.sync.StartDeploymentTask.fullAppUpdate(StartDeploymentTask.java:113)
      	at com.ibm.ws.management.application.sync.StartDeploymentTask.performTask(StartDeploymentTask.java:101)
      	at com.ibm.ws.management.application.sync.AppBinaryProcessor$ExpandApp.expand(AppBinaryProcessor.java:1682)
      	at com.ibm.ws.management.application.sync.AppBinaryProcessor.postProcessSynchronousExt(AppBinaryProcessor.java:723)
      	at com.ibm.ws.management.bla.sync.BLABinaryProcessor.postProcess(BLABinaryProcessor.java:575)
      	at com.ibm.ws.management.bla.sync.BLABinaryProcessor.onChangeCompletion(BLABinaryProcessor.java:452)
      	at com.ibm.ws.management.repository.FileRepository.postNotify(FileRepository.java:1915)
      	at com.ibm.ws.management.repository.FileRepository.update(FileRepository.java:1424)
      	at com.ibm.ws.management.repository.client.LocalConfigRepositoryClient.update(LocalConfigRepositoryClient.java:189)
      	at com.ibm.ws.sm.workspace.impl.WorkSpaceMasterRepositoryAdapter.update(WorkSpaceMasterRepositoryAdapter.java:655)
      	at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.update(RepositoryContextImpl.java:1954)
      	at com.ibm.ws.sm.workspace.impl.RepositoryContextImpl.synch(RepositoryContextImpl.java:1902)
      	at com.ibm.ws.sm.workspace.impl.WorkSpaceImpl.synch(WorkSpaceImpl.java:511)
      	at com.ibm.ws.management.configservice.ConfigServiceImpl.save(ConfigServiceImpl.java:702)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      	at java.lang.reflect.Method.invoke(Method.java:611)
      	at sun.reflect.misc.Trampoline.invoke(MethodUtil.java:49)
      	at sun.reflect.GeneratedMethodAccessor15.invoke(Unknown Source)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      	at java.lang.reflect.Method.invoke(Method.java:611)
      	at sun.reflect.misc.MethodUtil.invoke(MethodUtil.java:256)
      	at javax.management.modelmbean.RequiredModelMBean.invokeMethod(RequiredModelMBean.java:1085)
      	at javax.management.modelmbean.RequiredModelMBean.invoke(RequiredModelMBean.java:966)
      	at com.sun.jmx.interceptor.DefaultMBeanServerInterceptor.invoke(DefaultMBeanServerInterceptor.java:848)
      	at com.sun.jmx.mbeanserver.JmxMBeanServer.invoke(JmxMBeanServer.java:773)
      	at com.ibm.ws.management.AdminServiceImpl$1.run(AdminServiceImpl.java:1333)
      	at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
      	at com.ibm.ws.management.AdminServiceImpl.invoke(AdminServiceImpl.java:1226)
      	at com.ibm.ws.management.connector.AdminServiceDelegator.invoke(AdminServiceDelegator.java:181)
      	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
      	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:60)
      	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:37)
      	at java.lang.reflect.Method.invoke(Method.java:611)
      	at com.ibm.ws.management.connector.soap.SOAPConnector.invoke(SOAPConnector.java:422)
      	at com.ibm.ws.management.connector.soap.SOAPConnector.service(SOAPConnector.java:257)
      	at com.ibm.ws.management.connector.soap.SOAPConnection.handleRequest(SOAPConnection.java:65)
      	at com.ibm.ws.http.HttpConnection.readAndHandleRequest(HttpConnection.java:733)
      	at com.ibm.ws.http.HttpConnection.run(HttpConnection.java:532)
      	at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1604)
      Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
      	at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
      	at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
      	at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
      	at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
      	at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:585)
      	at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:913)
      	at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:464)
      	at org.springframework.web.context.ContextLoader.configureAndRefreshWebApplicationContext(ContextLoader.java:384)
      	at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:283)
      	at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:111)
      	at com.ibm.ws.webcontainer.webapp.WebApp.notifyServletContextCreated(WebApp.java:1708)
      	at com.ibm.ws.webcontainer.webapp.WebApp.commonInitializationFinish(WebApp.java:381)
      	at com.ibm.ws.webcontainer.webapp.WebAppImpl.initialize(WebAppImpl.java:299)
      	... 81 more
      Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined  before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
      	at org.springframework.security.config.http.DefaultFilterChainValidator.checkPathOrder(DefaultFilterChainValidator.java:49)
      	at org.springframework.security.config.http.DefaultFilterChainValidator.validate(DefaultFilterChainValidator.java:39)
      	at org.springframework.security.web.FilterChainProxy.afterPropertiesSet(FilterChainProxy.java:148)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
      	at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
      	... 96 more
      

        Activity

        Hide
        Rob Winch added a comment -

        There does not appear to be anything incorrect about the configuration.

        • Does it only happen on your WebSphere instance or does it happen on others?
        • Do you have other WebSphere installations (i.e. a colleague's) you can try running it on?
        • What are the complete paths of the configuration files you expect to be loaded?
        • Have you enabled debug logging for Spring to see which configurations are being loaded?
        • Are you certain that another configuration is not getting loaded (i.e. in an external location)?
        • What does the web.xml look like?

        If none of this works, please come up with a minimal and complete project that reproduces the problem and attach it to the issue.

        Show
        Rob Winch added a comment - There does not appear to be anything incorrect about the configuration. Does it only happen on your WebSphere instance or does it happen on others? Do you have other WebSphere installations (i.e. a colleague's) you can try running it on? What are the complete paths of the configuration files you expect to be loaded? Have you enabled debug logging for Spring to see which configurations are being loaded? Are you certain that another configuration is not getting loaded (i.e. in an external location)? What does the web.xml look like? If none of this works, please come up with a minimal and complete project that reproduces the problem and attach it to the issue.
        Hide
        Rob Winch added a comment - - edited

        I was not able to use the exact configuration in the forums since it the example was incomplete (i.e. had custom code in it). However, I have validated that a very similar WAR works on WebSphere 7. I'm fairly convinced that the issue you are encountering is caused by an additional Spring config getting picked up or the config that was posted to the thread was not what was being deployed.

        As mentioned previously, I encourage you to turn up the logging in your application and look to see if only the Spring configuration files you expect are getting loaded. You should see something like the following for each configuration file:

         INFO : org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/security.xml]
        

        You can also try to run the sample I have attached that is working for me. You can package it using Maven (i.e. mvn package).

        Without any more information, this issue will likely be closed as cannot reproduce.

        Show
        Rob Winch added a comment - - edited I was not able to use the exact configuration in the forums since it the example was incomplete (i.e. had custom code in it). However, I have validated that a very similar WAR works on WebSphere 7. I'm fairly convinced that the issue you are encountering is caused by an additional Spring config getting picked up or the config that was posted to the thread was not what was being deployed. As mentioned previously, I encourage you to turn up the logging in your application and look to see if only the Spring configuration files you expect are getting loaded. You should see something like the following for each configuration file: INFO : org.springframework.beans.factory.xml.XmlBeanDefinitionReader - Loading XML bean definitions from ServletContext resource [/WEB-INF/spring/security.xml] You can also try to run the sample I have attached that is working for me. You can package it using Maven (i.e. mvn package). Without any more information, this issue will likely be closed as cannot reproduce.
        Hide
        Isaac Johnson added a comment -

        I have confirmed that the Spring config was getting picked up twice. Now I'm just trying to determine why. I'll take a look at the project you have attached.

        Show
        Isaac Johnson added a comment - I have confirmed that the Spring config was getting picked up twice. Now I'm just trying to determine why. I'll take a look at the project you have attached.
        Hide
        Rob Winch added a comment - - edited

        Can you post your web.xml to your original thread? I can help you on the forums. Since you have confirmed it was getting picked up twice I am going to close this issue as invalid.

        Show
        Rob Winch added a comment - - edited Can you post your web.xml to your original thread ? I can help you on the forums. Since you have confirmed it was getting picked up twice I am going to close this issue as invalid.
        Hide
        Isaac Johnson added a comment -

        I have created the following issue (https://jira.springsource.org/browse/ROO-3241) with the Spring Roo project.

        Show
        Isaac Johnson added a comment - I have created the following issue ( https://jira.springsource.org/browse/ROO-3241 ) with the Spring Roo project.

          People

          • Assignee:
            Rob Winch
            Reporter:
            Isaac Johnson
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: