I'm doing a proof of concept to demonstrate how can Spring Security 2.0 be applied in a Websphere 6.1 environment. My goal is to secure a Webapp using Spring Security instead of J2EE Security.
The first bump in the road came when I was getting a 404 while configuring the AuthenticationProcessingFilter (Form Based Security). The form was posts to:
There are several documented bugs about this filter behavior. Spring Security relies on filters so you need to enable WAS 6.1 to enable for filters to be called even when a static/file resource does not exist. Bassically you need to set a Custom Web Container property:
The first bump in the road came when I was getting a 404 while configuring the AuthenticationProcessingFilter (Form Based Security). The form was posts to:
/j_acegi_security_check
There are several documented bugs about this filter behavior. Spring Security relies on filters so you need to enable WAS 6.1 to enable for filters to be called even when a static/file resource does not exist. Bassically you need to set a Custom Web Container property:
- Go to WAS 6.1 admin console to Application Servers and click on the server you want to configure
- Then on the right side expand the Web Container tree and select Web Conainer
- Click on Custom Properties
- Add a new property called
com.ibm.ws.webcontainer.invokefilterscompatibility
valuetrue
- Restart the server