java - Migrate Spring Security 2.0.5 to Spring Security 3.0.8 Not working on Weblogic with F5 Load balancer -
we trying migrate spring security 2.0.5 3.0.8. changes working in tomcat , weblogic server ssl enabled no f5 load balancer. when deployed application on weblogic 12.c 2 nodes in , having f5 load balancer, started failing. before deployment application working good, after deployment behaving weirdly. on ie , login button throws error "network error" , ssl error , on chrome , can login page getting stuck . can body please help. here changes
applicationcontext-security.xml (2.0.5)
1. <global-method-security /> 2. <intercept-url pattern="/bs/systemcheck.action" filters="none" access="is_authenticated_anonymously"/> 3. <beans:bean id="authenticationmanager" class="org.springframework.security.providers.providermanager"> <beans:property name="providers"> <beans:list> <beans:ref local="daoauthenticationprovider" /> </beans:list> </beans:property> </beans:bean> applicationcontext-security.xml (3.0.8)
1. <global-method-security pre-post-annotations="enabled" secured- annotations="enabled"/> 2. <intercept-url pattern="/bs/systemcheck.action" filters="none"/> 3. <beans:bean id="authenticationmanager" class="org.springframework.security.authentication.providermanager"> <beans:property name="providers"> <beans:list> <beans:ref local="daoauthenticationprovider"/> </beans:list> </beans:property> </beans:bean> 4. <custom-filter ref="logoutfilter" position="logout_filter"/> <custom-filter ref="authenticationprocessingfilter" position="form_login_filter"/> <custom-filter ref="switchuserprocessingfilter" position="switch_user_filter"/> 5. <!-- protects against session fixation - defaulting new session & migrate session--> <session-management session-authentication-strategy- ref="sessionauthenticationstrategy"/> <beans:property name="basicstructuremanager" ref="basicstructuremanager"/> <beans:property name="accountmanager" ref="accountmanager" /> <!-- note - of import otherwise response committed issue--> <beans:property name="continuechainbeforesuccessfulauthentication" value="false" /> 6. <beans:bean id="successhandler" class="org.springframework.security.web.authentication.simpleurlauthenticationsuccesshandler"> <beans:property name="defaulttargeturl" value="/bs/home.action"/> <beans:property name="alwaysusedefaulttargeturl" value="true"/> </beans:bean> 7. <beans:bean id="failurehandler" class="org.springframework.security.web.authentication.simpleurlauthenticationfailurehandler"> <beans:property name="defaultfailureurl" value="/bs/login.action?loginerror=1"/> </beans:bean> and in web.xml added
<!-- required spring security handle session strategy --> <listener> <listener-class> org.springframework.security.web.session.httpsessioneventpublisher </listener-class> </listener>
this problem totally different showing different error message. code alter happened, used "clone" on domain object(which big object). connections occupied , there no resource new request.
java spring spring-mvc spring-security weblogic12c
No comments:
Post a Comment