Hi,
I'm working on Hybris 6.4 and i'm facing about spring security issue.
When i'm trying to log on by using HTTPS protocol (https://localhost:9002/training/) it works perfectly.
But when i'm trying to log on by using HTTP protocol (http://localhost:9001/training/ ),the server redirect to http://localhost:9001/training/j_spring_security_check and answer with 403 status error.
Here my spring security config file.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd";
>
<http pattern="/500.jsp" security="none" />
<http pattern="/404.jsp" security="none" />
<http pattern="/static/**" security="none" />
<http auto-config="true" use-expressions="true">
<session-management session-fixation-protection="none" />
<intercept-url pattern="/login.jsp" access="isAnonymous()"/>
<intercept-url pattern="/**" access="hasRole('ROLE_CUSTOMERGROUP')"/>
<http-basic />
<form-login
login-page="/login.jsp"
username-parameter="j_username"
password-parameter="j_password"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login.jsp?login_error=1"
/>
<remember-me services-ref="rememberMeServices" key="adminweb"/>
<logout logout-url="/j_spring_security_logout" logout-success-url="/login.jsp"/>
<csrf />
<headers>
<frame-options disabled="true"/>
</headers>
</http>
<beans:bean id="fixation" class="de.hybris.platform.servicelayer.security.spring.HybrisSessionFixationProtectionStrategy">
<beans:property name="migrateSessionAttributes" value="false"/>
</beans:bean>
<beans:bean id="rememberMeServices" class="de.hybris.platform.spring.security.CoreRememberMeService">
<beans:property name="key" value="adminweb" />
<beans:property name="cookieName" value="LoginToken" />
<beans:lookup-method name="lookupUserDetailsService" bean="coreUserDetailsService" />
</beans:bean>
<authentication-manager>
<authentication-provider ref="coreAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="coreAuthenticationProvider" class="de.hybris.platform.spring.security.CoreAuthenticationProvider">
<beans:property name="userDetailsService" ref="coreUserDetailsService" />
</beans:bean>
<beans:bean id="coreUserDetailsService" class="de.hybris.platform.spring.security.CoreUserDetailsService" />
</beans:beans>
Here my web.xml file
<?xml version="1.0" encoding="iso-8859-1"?>
<!--
[y] hybris Platform
Copyright (c) 2017 SAP SE or an SAP affiliate company. All rights reserved.
This software is the confidential and proprietary information of SAP
("Confidential Information"). You shall not disclose such Confidential
Information and shall use it only in accordance with the terms of the
license agreement you entered into with SAP.
-->
<web-app id="scalp" version="3.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd";
metadata-complete="true">
<absolute-ordering/>
<display-name>scalp</display-name>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>
<!-- Error pages -->
<error-page>
<error-code>500</error-code>
<location>/500.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/404.jsp</location>
</error-page>
<error-page>
<error-code>405</error-code>
<location>/405.jsp</location>
</error-page>
<error-page>
<error-code>403</error-code>
<location>/login.jsp?login_error=1</location>
</error-page>
<error-page>
<error-code>401</error-code>
<location>/login.jsp?login_error=1</location>
</error-page>
<filter>
<filter-name>XSSFilter</filter-name>
<filter-class>de.hybris.platform.servicelayer.web.XSSFilter</filter-class>
</filter>
<filter>
<filter-name>characterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>scalpPlatformFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- Spring Security Filter - uncomment it if you want to secure your application -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<!-- Filter mappings -->
<filter-mapping>
<filter-name>XSSFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>characterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>scalpPlatformFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security Filter mapping - uncomment it if you want to secure your application -->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--
Enabling a Spring web application context with 'session' and 'request' scope.
- The 'contextConfigLocation' papecifies where your configuration files are located.
- The HybrisContextLoaderListener extends the usual SpringContextLoaderListener (which loads
the context from specified location) by adding the global application context of
the platform as parent context.
- The RequestContextListener is needed for exposing the 'request' scope to the context.
Furthermore it is needed when overriding the 'jalosession' bean for your web application.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/config/scalp-web-app-config.xml</param-value>
</context-param>
<listener>
<listener-class>de.hybris.platform.spring.HybrisContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.request.RequestContextListener</listener-class>
</listener>
<servlet>
<servlet-name>springmvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>WEB-INF/config/scalp-spring-mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>springmvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>120</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
</session-config>
</web-app>
- SAP Managed Tags:
Accepted Solutions (0)
Answers (2)
| User | Count |
|---|---|
| 6 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 | |
| 1 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.