cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

spring security intercept pattern override

soporte_mcom
Newcomer

on ‎2024 Aug 21 9:50 PM

0 Kudos
450

Hi all!

I'm currently developing an occ extension wich I need to be able to repond in a non secure way (http protocol, port 9001). Now every time I do a call to any of its endpoints, the request is redirected to the ssl port. This happens because a configuration made in security-v2-spring.xml in the "commercewebservices" extension (line 13 down here):

<!-- Swagger resources -->
	<security:http pattern="/v2/swagger-ui*/**" security="none"/>
	<security:http pattern="/v2/api-docs*/**" security="none"/>

	<!-- Commerce Webservices V2-->
	<http pattern="/v2/**" entry-point-ref="oauthAuthenticationEntryPointV2"
	      access-decision-manager-ref="webSecurityAccessDecisionManager"
	      xmlns="http://www.springframework.org/schema/security" create-session="stateless">

		<anonymous username="anonymous" granted-authority="ROLE_ANONYMOUS"/>
		<!--<session-management session-authentication-strategy-ref="fixation"/>-->

		<intercept-url pattern="/**" requires-channel="https"/>

		...
	</http>

My first try was to override the pattern "/v2/**" with this code in <myextension>-web-spring.xml

<security:http pattern="/v2/**" entry-point-ref="oauthAuthenticationEntryPointV2">
        <security:intercept-url pattern="/**" requires-channel="any" />
    </security:http>

 but I got the next error:

GRAVE: Excepción al enviar evento inicializado de contexto a instancia de escuchador de clase [de.hybris.platform.spring.HybrisContextLoaderListener]
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'defaultCommerceWebServicesFilterChainListV2': Cannot resolve reference to bean 'springSecurityFilterChain' while setting bean property 'sourceList' with key [7]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: The FilterChainProxy contains two filter chains using the matcher Ant [pattern='/v2/**']. If you are using multiple <http> namespace elements, you must use a 'pattern' attribute to define the request patterns to which they apply.

The urls of the request is something like http://<host>/occ/v2/<site>/mocks/<anyPath> So I try to make a new pattern:

<security:http pattern="/v2/*/mocks/**" entry-point-ref="oauthAuthenticationEntryPointV2">
    <security:intercept-url pattern="/**" requires-channel="any" />
</security:http>

But the filter spring security creates is inserted at the end of the FilterChainProxy, so OOTB intercept pattern is cheecked first and captured the request.

I think I know what I need, that is to add my pattern before OOTB patterns are added in commercewebservices, but I cannot find a way to do that. Any ideas that could help me with this issue?

 

Thank you in advance.

Ignacio

Know the answer?

Help others by sharing your knowledge.

Answer

Need more details?

Request clarification before answering.

Show replies
Show replies
rafael_pinto1987
Discoverer
‎2025 Feb 12 9:25 PM
0 Kudos
I‘m having the same problem. Did you solve your issue?

Accepted Solutions (0)

Answers (0)

Ask a Question