Wicket
  1. Wicket
  2. WICKET-5266

Issue with TomcatWebSocketFilter and Spring Security

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 6.9.0
    • Fix Version/s: 6.10.0, 7.0.0-M1
    • Labels:
      None
    • Environment:
      Tomcat

      Description

      Spring Security has a way of wrapping HTTP servlet requests seems to clash with the code in org.apache.wicket.protocol.ws.tomcat7.Tomcat7WebSocketFilter. The request has to be unwrapped before being cast to RequestFacade.

      Before:

      		((RequestFacade) req).doUpgrade(tomcatWebSocket); // Crashes with class cast exception
      

      Should be:

      		while (req instanceof HttpServletRequestWrapper) {
      			req = (HttpServletRequest) ((HttpServletRequestWrapper) req).getRequest();
      		}
      		((RequestFacade) req).doUpgrade(tomcatWebSocket);
      

      This happens when configuring Spring Security in the web.xml with:

      	<filter>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      	</filter>
      	<filter-mapping>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<url-pattern>/*</url-pattern>
      	</filter-mapping>
      

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Martin Grigorov
            Reporter:
            Christophe Levesque
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development