s:mvcUrl builds wrong URL with Spring Security and DispatcherServlet mapped to subfolder

[ventuc]

Summary

When using Spring Security the JSP taglib function s:mvcUrl produces wrong URLs. This happens only when the request is served by a DispatcherServlet that is not mapped to the root folder, but to a subfolder (e.g. <url-pattern>/backend/*</url-pattern> instead of <url-pattern>/*</url-pattern>).

Actual Behavior

Suppose that in web.xml a DispatcherServlet is configured as follows:

<servlet>
    <servlet-name>backend-web</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>WEB-INF/backend-web-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>backend-web</servlet-name>
    <url-pattern>/backend/*</url-pattern>
</servlet-mapping>

and that Spring Security's filter chain is configured as follows:

<filter>
	<filter-name>springSecurityFilterChain</filter-name>
	<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
	<filter-name>springSecurityFilterChain</filter-name>
	<url-pattern>/*</url-pattern>
</filter-mapping>

Suppose also that there's a simple controller like the following one:

@Controller
@RequestMapping(path="/hello", name="HelloCtl")
public class HelloController {
	
	@RequestMapping(path="/random", method=RequestMethod.GET, name="random")
	public String randomHello(Model model){
		...
	}
	
}

If in a JSP the following function is called, the URL produced is wrong:

${s:mvcUrl('HelloCtl#random')} --> output is /hello/random

Expected Behavior

In the above scenario the call to s:mvcUrl() should produce /backend/hello/random. The base path given by the mapping of the DispatcherServlet is missing (/backend).

This happens only when Spring Security is enabled. Otherwise the URL is built properly.

Configuration

This issue should affect configurations in which there's a DispatcherServlet mapped to url pattern which is a non-root path. In particular configuration with multiple web contexts.

Version

The problem occurs with Spring 4.3.6 and Spring Security 4.2.1. I've not tried older versions. Consider that s:mvcUrl exists only since Spring 4.2.

Sample

The attached ZIP includes a Maven sample application that reproduces the problem. You can see that the problem is solved if the Spring Security is disabled by removing the filter chain configuration from web.xml.

To see the problem, point the browser the URL /backend/hello/random. The rendered JSP uses s:mvcUrl() to print out the URL pointing to HelloController#randomHello(), which is the action that renders the JSP itself. You should see that it's not correct. Credentials are: username: user / password: password.

spring-security-demo.zip

[ventuc]

For now, I've solved by creating my own mvcUrl JSTL function, to use in place of s:mvcUrl. Internally it gets the current request and builds the URL getting the servlet path of the originating servlet using UrlPathHelper.

public static MethodArgumentBuilder fromMappingName(String name){
	RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
	HttpServletRequest servletRequest = ((ServletRequestAttributes) requestAttributes).getRequest();
	
	UrlPathHelper pathHelper = new UrlPathHelper();
	UriComponentsBuilder baseUri = UriComponentsBuilder.fromPath(pathHelper.getOriginatingContextPath(servletRequest));
	baseUri.path(pathHelper.getOriginatingServletPath(servletRequest));
	
	return MvcUriComponentsBuilder.fromMappingName(baseUri, name);
}

This is just a temporary workaround... the problem seems to be that when Spring Security is enabled, request.getServletPath() returns the full path to the rendered JSP instead of the path to the servlet.