Geek Answers Handbook

Spring Security - escaping the require-channel value

I need to support HTTP and HTTPS in my Spring security file and dynamically switch between them at runtime.

So, I'm trying to create a properties file containing one of any / http / https, but this will not parse the XML configuration.

Spring Security Configuration:

<sec:http entry-point-ref="portalEntryPoint"> <sec:anonymous /> <sec:intercept-url pattern = "/portal" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="${user-security.login.channel}" /> <!-- rest omitted --> </sec:http>

Property File:

 user-security.login.channel=https

I get the following error:

 Caused by: org.xml.sax.SAXParseException: cvc-enumeration-valid: Value '${user-security.login.channel}' is not facet-valid with respect to enumeration '[http, https, any]'. It must be a value from the enumeration.

I am using Spring 3 and Spring Security 2. Any ideas?

+4
source share
2 answers

If you absolutely SHOULD use profiles to configure your portal entry point. Obviously, this means that you copy and paste spring ....

Example from springsource document:

 <bean id="transferService" class="com.bank.service.internal.DefaultTransferService"> <constructor-arg ref="accountRepository"/> <constructor-arg ref="feePolicy"/> </bean> <bean id="accountRepository" class="com.bank.repository.internal.JdbcAccountRepository"> <constructor-arg ref="dataSource"/> </bean> <bean id="feePolicy" class="com.bank.service.internal.ZeroFeePolicy"/> <beans profile="dev"> <jdbc:embedded-database id="dataSource"> <jdbc:script location="classpath:com/bank/config/sql/schema.sql"/> <jdbc:script location="classpath:com/bank/config/sql/test-data.sql"/> </jdbc:embedded-database> </beans> <beans profile="production"> <jee:jndi-lookup id="dataSource" jndi-name="java:comp/env/jdbc/datasource"/> </beans>

link http://blog.springsource.com/2011/02/14/spring-3-1-m1-introducing-profile/

+1
source

This is not possible in Spring Security 2, you must use Spring Security 3.0 +

This support fixes an issue that was fixed before the release of Spring Security 3.0.

+1
source

More articles:


All Articles