Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Why is this url-pattern combo not working?

 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have the following url-patterns for my filter and the web server keeps throwing an error:

<url-pattern>*.jsp</url-pattern>
<url-pattern>/secure/*</url-pattern>

If I use either one alone without the other it works, but if they're both there it throws an error. Why?
[ October 27, 2006: Message edited by: Bear Bibeault ]
 
Bear Bibeault
Author and ninkuma
Marshal
Pie
Posts: 64606
86
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Dan Bizman:
... the web server keeps throwing an error: ...


You should never post these words without including the exact text of the error message.
 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bear Bibeault:


You should never post these words without including the exact text of the error message.


Sorry!

It's saying:

"Invalid content was found starting with element 'url-pattern'. One of '{http://java.sun.com/xml/ns/j2ee"ispatcher}' is expected."
[ October 27, 2006: Message edited by: Dan Bizman ]
 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I figured it out. I have to do a separate mapping for each url pattern.
 
Dan Bizman
Ranch Hand
Posts: 387
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
To keep this in the same discussion...asking it again here:

If I map:

<url-pattern>/secure/login</url-pattern>

to my filter (login is not a servlet, it's a fake name), then when the browser points there, it never calls the filter. HOWEVER, if I map the following:

<url-pattern>*login</url-pattern>

and then point to "/secure/login" in the browser it DOES call the filter.

Why is that? Isn't that a mistake?

The following also never calls the filter: "/secure/*login".
 
Chris Beckey
Ranch Hand
Posts: 116
Eclipse IDE Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Servlet mapping (including security and filter mappings) are somewhat more consistent between app servers in V2.4 and beyond. The following answer applies to those versions only ...

This may answer your question, depending on what the URL is that you are trying ...

For: <url-pattern>/secure/login</url-pattern>
The URL (after the servlet context) must match that string exactly, not just start with the pattern. So http://localhost/application/secure/login should match (if the application was named "application", but http://localhost/application/secure/login/helloworld should not match. According to the spec, wildcard matching of path should only occur when the pattern starts with "/" and ends with "/*".

For: <url-pattern>*login</url-pattern>
Really shouldn't match any thing other than "http://localhost/application/*login" and I didn't check if '*' is allowed in a URL so even that may not work (and it's not exactly good practice if it does). Again according to the spec, the only valid mapping that starts with the asterisk is an extension mapping (i.e. *.jsp).
Given that mapping, if "http://localhost/application/secure/login" is accepted and calls the filter then yes, IMHO and FWIW, that is a mistake. I'd guess that internally the code is checking just that the pattern begins with "*" and treating it as a wildcard.

>>The following also never calls the filter: "/secure/*login".
It shouldn't, that is not a valid wildcard mapping (which can only end with the asterisk, the embedded asterisk doesn't mean anything).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic