spring mvc with ssl enabled - no session attribute available

Question

I have a problem with my spring MVC project. On my local machine, my project runs without SSL configured in spring security and form submits works fine. But if I enable SSL and upload the project to my server, I get on each form submit the following exception:

org.springframework.web.HttpSessionRequiredException: Expected session attribute 'xxxxx' org.springframework.web.method.annotation.ModelFactory.initModel(ModelFactory.java:114) org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandleMethod(RequestMappingHandlerAdapter.java:758) org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:721) org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:83) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:943) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:877) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:966) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:868) javax.servlet.http.HttpServlet.service(HttpServlet.java:646) org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:842) javax.servlet.http.HttpServlet.service(HttpServlet.java:727) com.github.dandelion.core.web.DandelionFilter.doFilter(DandelionFilter.java:138) org.springframework.orm.jpa.support.OpenEntityManagerInViewFilter.doFilterInternal(OpenEntityManagerInViewFilter.java:177) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.tuckey.web.filters.urlrewrite.gzip.GzipFilter.doFilter(GzipFilter.java:85) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:118) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter.doFilter(RememberMeAuthenticationFilter.java:146) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:154) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:105) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) de.eseven.bleckmannschulze.profiler.core.security.AjaxSessionTimeoutFilter.doFilter(AjaxSessionTimeoutFilter.java:38) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261) org.tuckey.web.filters.urlrewrite.RuleChain.handleRewrite(RuleChain.java:176) org.tuckey.web.filters.urlrewrite.RuleChain.doRules(RuleChain.java:145) org.tuckey.web.filters.urlrewrite.UrlRewriter.processRequest(UrlRewriter.java:92) org.tuckey.web.filters.urlrewrite.UrlRewriteFilter.doFilter(UrlRewriteFilter.java:389) org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)

I have no idea watts going wrong here. Login and normal get requests works, but if I submit a form with a session attribute, I get this exception.

It would be nice, to get some hints, where I can research for my problem.

The problem is not likely related to SSL. Different version of Spring on your server? There's a similar issue at stackoverflow.com/questions/2757198/… — gknicker
– gknicker, Commented Jan 6, 2015 at 1:31
The only different to my local test machine is that on my online server there is an apache before tomcat and connected thru ajp to the tomcat. — RizziCR
– RizziCR, Commented Jan 6, 2015 at 10:14
After more testing. SSL and Apache unintressted. without ssl configured and with direct access to tomcat, i get the same error. So there are no difference between my local machine and the server. same application war-file. same java jre and tomcat 7 on both systems. i have no more idea where i can search for the problem — RizziCR
– RizziCR, Commented Jan 6, 2015 at 12:20
On my local machine i have no problems with the session attributes, only on the server — RizziCR
– RizziCR, Commented Jan 6, 2015 at 12:24
This answer should solve your problem stackoverflow.com/a/2757449/1594449 — gknicker
– gknicker, Commented Jan 6, 2015 at 23:06

RizziCR · Accepted Answer · 2015-01-07 00:11:41Z

0

Thanks.. I solved my problem now.. the problem was, that i use a custom session attribute store and annotated my security config with @EnableWebMvcSecurity.

Here on my local machine, my custom store replace the spring security store. But on the server its in other way around. There the spring security store replace my custom store. I don't know way its declared in different order. Now i changed to @EnableWebSecurity everything works fine!

answered Jan 7, 2015 at 0:11

RizziCR

1902 silver badges10 bronze badges

Sign up to request clarification or add additional context in comments.

Collectives™ on Stack Overflow

spring mvc with ssl enabled - no session attribute available

1 Answer 1

Comments

Your Answer

Linked

Hot Network Questions

Collectives™ on Stack Overflow

1 Answer 1

Comments

Your Answer

Sign up or log in

Post as a guest

Linked

Related