CODEWITHSUNDEEP
javaspringgoogle-app-enginespring-mvc
user1154644
user1154644

Reputation: 4609

Spring Interceptor not being invoked in GAE application

I am building an application to deploy on google app engine. I have a Spring interceptor defined to be invoked on all requests under 'account/anything'. I also have a security constraint(defined in web.xml) that enforces that a user must be authenticated in order to access anything under /account.

I noticed that when I login PRIOR to trying to access anything under /account, the interceptor is invoked as designed when I navigate to /account/anything.

However, when I come to the application cold, without being logged in, and try to go to directly to /account/anything, I am prompted to log in (as I would expect because of the security constraint defined in web.xml), but the interceptor is not invoked.

Has anyone seen this type of behavior with Google App Engine?

web.xml configuration:

<security-constraint>
    <display-name>Account Security Constratint</display-name>
    <web-resource-collection>
        <url-pattern>/account/*</url-pattern>
    </web-resource-collection>
    <auth-constraint>
        <role-name>*</role-name>
    </auth-constraint>
</security-constraint>
<security-constraint>

Spring interceptor configuration:

    <mvc:interceptor>
        <mvc:mapping path="/account/*" />
        <bean class="com.myapp.interceptors.AccountInterceptor" />
    </mvc:interceptor>

Short term, I've decided to create a bunch of utility methods that do the work that was formerly in the interceptors, and I just call these methods at the start of every controller method, and it works, but ideally I would like to be able to rely on the interceptors.

Upvotes: 3

Views: 249

Answers (2)

ashishgupta_mca
ashishgupta_mca

Reputation: 578

With web.xml, you are using uses container managed security which is different from Spring container interceptor. Now after your successfull login from the web server container only, the request goes to spring interceptor.

Upvotes: 0

Alex Derkach
Alex Derkach

Reputation: 759

You are prompt to log in, because of security filter, specifically Spring Security Filter Chain.

Filters are processed before Servlets. MVC Interceptor works inside Dispatcher Servlet.

Because request to secured resource is blocked at filtering stage, neither Dispatcher Servlet nor are MVC interceptors, are invoked. enter image description here

Upvotes: 0

Related Questions