Uploaded image for project: 'Wicket'
  1. Wicket
  2. WICKET-5266

Issue with TomcatWebSocketFilter and Spring Security

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.9.0
    • Fix Version/s: 6.10.0, 7.0.0-M1
    • Labels:
      None
    • Environment:
      Tomcat

      Description

      Spring Security has a way of wrapping HTTP servlet requests seems to clash with the code in org.apache.wicket.protocol.ws.tomcat7.Tomcat7WebSocketFilter. The request has to be unwrapped before being cast to RequestFacade.

      Before:

      		((RequestFacade) req).doUpgrade(tomcatWebSocket); // Crashes with class cast exception
      

      Should be:

      		while (req instanceof HttpServletRequestWrapper) {
      			req = (HttpServletRequest) ((HttpServletRequestWrapper) req).getRequest();
      		}
      		((RequestFacade) req).doUpgrade(tomcatWebSocket);
      

      This happens when configuring Spring Security in the web.xml with:

      	<filter>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy</filter-class&gt;
      	</filter>
      	<filter-mapping>
      		<filter-name>springSecurityFilterChain</filter-name>
      		<url-pattern>/*</url-pattern>
      	</filter-mapping>
      

        Attachments

          Activity

            People

            • Assignee:
              mgrigorov Martin Grigorov
              Reporter:
              totof3110 Christophe Levesque
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: