Category Archives: Spring

[Note To Self] Spring Security Default Target URL

Just a quick note to self on Spring Security Default Target URLs. In one of my recent projects, I noticed that suddenly my Spring Security based login does not use the specified default target url in the configuration. Instead, it was hitting the root of the application always. This application was working perfectly fine until recently, and default target URL has not been changed since.

The Spring Security definition was:

<security:http auto-config="true">
   <security:intercept-url 
      pattern="/!/signin" 
      access="IS_AUTHENTICATED_ANONYMOUSLY" />
   <security:intercept-url 
      pattern="/!/**" 
      access="ROLE_LOGIN" />
   <security:form-login 
      login-page="/!/signin"
      default-target-url="/!/"
      login-processing-url="/!/authenticate" 
      authentication-failure-url="/!/signin#failed"
      authentication-success-handler-ref="authenticationSuccessHandler" />
   <security:logout logout-url="/!/signout" logout-success-url="/!/signin" />
</security:http>

After debugging through Spring Security code, I noticed that the defaultTargetURL of¬†AbstractAuthenticationTargetUrlRequestHandler is not set to my value, but it uses the default ‘/’. Then after some digging up, it turned out that I’ve added a new Authentication Success Handler to my definition for a different purpose, and when an authentication-success-handler-ref is present in the configuration, the ‘default-target-url’ element in XML configuration is not used.

To fix this, the solution was  to specify the default target URL on my authentication success handler bean as follows.

<bean id="authenticationSuccessHandler" 
   class="com.xyz.PlatformAuthenticationSuccessHandler">
   <property name="defaultTargetUrl" value="/!/" />
</bean>

The reason behind this is, the value we provide on the XML configuration goes to the default authentication success handler only. When we define our own, that value goes no where, so we need to specify it manually on the bean itself. This ate up about 15 mins of my time, before luckily noticing that the success handler change was the reason.

 

STS in OS X – Where’s the sts.ini?

I’ve been using STS (SpringSource Tool Suite) on OS X Lion for sometime now, and today I realized that it’s getting a bit slow. I thought of tuning the heap size a bit to give it more memory, so I went into the installation to look for eclipse.ini, and there was none. So I googled, and found that STS bundles a ‘sts.ini’ file instead. Unfortunately for me, I wasn’t able to find this one in the folder either! Startled, I tried searching on the directory, etc, but it was not there. After googling around a bit more, I found in Spring Forums that the actual sts.ini file for Mac OS comes inside the application bundle. So if you are using Mac OS, and want to edit the sts.ini file, here are the steps.

  1. Go to your STS installation, and right-click on STS Application
  2. Select ‘Show Package Contents’
  3. A new Finder window will open and show the content of the application bundle. Go to ‘Contents’ directory in this window.
  4. Inside ‘Contents’, go to ‘MacOS’ directory

In this folder (Contents/MacOS) you will find the actual executable (STS) and the STS.ini file. Do your changes to STS.ini file (ex.changing Xmx) and save it just like you would under Linux / Windows with eclipse.ini / sts.ini.

Eventing with Spring Framework

Spring Framework, since it’s inception, included an eventing mechanism which can be used for application-wide eventing. This eventing mechanism was developed to be used internally by Spring Framework for eventing, such as notification of context being refreshed, etc, but it can be used for application specific custom events as well. This eventing API is based on¬† an interface named {java}org.springframework.context.ApplicationListener{/java}, which defined one method named {java}onApplicationEvent{/java}. Below code snippet shows a simple events listener which just logs the event information.

package com.yohanliyanage.blog.springevents;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationEvent;
import org.springframework.context.ApplicationListener;

public class MyEventListener implements ApplicationListener {

	private static final Log LOG = LogFactory.getLog(MyEventListener.class);
	
	public void onApplicationEvent(ApplicationEvent event) {
		LOG.info("Event Occurred : " + event);
	}
}

Continue reading