I am in the process of porting an application that has run successfully on Jetty, Tomcat, and Cloud Foundry to NetWeaver and am seeing an issue that I have no seen on other application servers.
Here is the warning:
>>> Warnings <<< 1). com.sap.ASJ.web.000607 (Failed in component: sap.com/eds-ear, ) Initialization of servlet [uploadServlet] failed. Check init() method of servlet. Error is: [org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.filterChainProxy': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration]
Here is my app-web-security.xml that I believe the error is is complaining about:
<?xml version="1.0" encoding="UTF-8"?><beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd"> <!-- Anonymous assets --> <http pattern="/favicon.ico" security="none" /> <http pattern="**/images/**" security="none" /> <http pattern="**/styles/**" security="none" /> <http pattern="/solutionsuiteui/styles/**" security="none" /> <http pattern="/solutionsuiteui/images/**" security="none" /> <http pattern="/solutionsuiteui/dojo/**" security="none" /> <http pattern="/solutionsuiteui/dijit/**" security="none" /> <http pattern="/solutionsuiteui/dojox/**" security="none" /> <http pattern="/solutionsuiteui/yui/**" security="none" /> <http authentication-manager-ref="authenticationManager" entry-point-ref="authEntryPoint" use-expressions="true"> <intercept-url pattern="/login.jsp" access="permitAll()" /> <intercept-url pattern="/solutionsuiteui/remote_logging" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN') and permitAll()" /> <intercept-url pattern="/solutionsuiteui/dispatch" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN') and permitAll()" /> <intercept-url pattern="/**" access="hasAnyRole('ROLE_USER', 'ROLE_ADMIN')" /> <custom-filter position="FIRST" ref="retainAnchorFilter" /> <custom-filter ref="usernamePasswordAuthenticationFilter" after="FORM_LOGIN_FILTER" /> <custom-filter ref="logoutFilter" after="LOGOUT_FILTER" /> <custom-filter ref="tamperedUrlLogoutFilter" after="LAST" /> <access-denied-handler ref="accessDeniedHandlerImpl" /> </http></beans:beans>
Does anybody know what's wrong with my XML?