I am using Spring mvc within url rewrite tucky to have extension less Urls. All is working fine but I recently have a problem to handle /j_spring_security_check post. here are my config files
urlrewrite.xml
<rule>
<from>/$</from>
<to type="forward">home</to>
</rule>
<rule>
<from>/signup$</from>
<to type="forward">/signup</to>
</rule>
<rule>
<from>/j_spring_security_check(\?.*)</from>
<to last="true">/j_spring_security_check$1</to>
</rule>
<rule>
<from>/logout(\?.*)</from>
<to last="true">/logout$1</to>
</rule>
<rule>
<from>^([^?]*)/([^?/\.]+)(\?.*)?$</from>
<to last="true">$1/$2.htm$3</to>
</rule>
<outbound-rule>
<from>^(.*)\.htm(\?.*)?$</from>
<to last="false">$1$2</to>
</outbound-rule>
spring security `
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true" access-denied-page="/denied.htm">
<security:intercept-url pattern="/**" access="permitAll" />
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/user" access="hasRole('ROLE_USER')" />
<security:form-login login-page="/signup" authentication-failure-url="/signup?error=authenticate" default-target-url="/" />
<security:logout invalidate-session="true" logout-success-url="/" logout-url="/logout" />
<security:remember-me key="springRocks" user-service-ref="userDetailsService"/>
</security:http>
<!-- Declare an authentication-manager to use a custom userDetailsService -->
<security:authentication-manager>
<security:authentication-provider user-service-ref="userDetailsService">
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the
database -->
<bean
class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder" />
<bean id="userDaoService" class="com.dolo.dao.jdbc.JdbcUserDao">
<property name="dataSource" ref="dataSource" />
</bean>
<bean id="userDetailsService" class="com.dolo.services.impl.UserServiceImpl">
</bean>
<bean id="userDetails" class="com.dolo.model.User">
</bean>
`
web.xml
<servlet>
<servlet-name>dolo</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
...
<servlet-mapping>
<servlet-name>dolo</servlet-name>
<url-pattern>*.htm</url-pattern>
...
<filter>
<filter-name>UrlRewriteFilter</filter-name>
<filter-class>org.tuckey.web.filters.urlrewrite.UrlRewriteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>UrlRewriteFilter</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
....
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
....
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
<dispatcher>INCLUDE</dispatcher>
<dispatcher>ERROR</dispatcher>
Both can work together without any problem
<filter-mapping>
declaration for springSecurityFilterChain
should be done before UrlRewriteFilter
one. Once that is done, you don't need any rewrite rule for j_spring_security_check
.