Unable to download excel file using anchor tag

168 views Asked by At

I am facing some unexpected problem. I work on a Spring MVC application with spring security implemented. I designed a page where I gave a link which should download an excel file already present in the project resources.

<a href="CustomerUploadTemplate.xlsx" target="_blank">Click here to download template</a>

This anchor tag is defined on a page at "http://localhost:8080/epayui/app/customer/uploadCustomer" For simplification, I put the excel file in same folder as jsp.
As soon as I click on the anchor link, I get redirected to 'http://localhost:8080/epayui/app/customer/CustomerUploadTemplate.xlsx' and gets the error like "Error occurred while authenticating" which is due to spring security.
But in application security xml it is defined:

<intercept-url pattern="/app/customer/*" access="isAuthenticated() />

No error is printed on the console. The problem here is, when I click on the link it tries to open "customer/CustomerUploadTemplate.xls" view. But there is no such view defined.

web-application-security.xml looks like this:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.0.xsd
       http://www.springframework.org/schema/context
       http://www.springframework.org/schema/context/spring-context-3.0.xsd">

<global-method-security secured-annotations="enabled"></global-method-security>
<context:property-placeholder
    location="classpath:/properties/${ENV:local}/environment.properties" />


<!-- Configuring Spring Security for authorizing the following URL patterns 
    based on the access(Roles) mentioned below.  -->

<http auto-config='true' use-expressions="true" entry-point-ref="customAuthenticationEntryPoint" access-denied-page="/app/security/accessDenied?errorid=6" >
    <intercept-url pattern="/app/security/accessDenied" filters="none" />
    <intercept-url pattern="/app/home/*" access="isAuthenticated()" />
    <intercept-url pattern="/app/payments/enterPayment" access="isAuthenticated() and hasRole('EPAY_ENTER_PAYMENT_VIEW')" />
    <intercept-url pattern="/app/payments/enterProfilePayment" access="isAuthenticated() and hasRole('EPAY_ENTER_PAYMENT_VIEW')" />
    <intercept-url pattern="/app/payments/searchPayment" access="hasRole('EPAY_SEARCH_PAYMENT_VIEW')" />
    <intercept-url pattern="/app/ccpayments/cardPayment" access="isAuthenticated()" />
    <intercept-url pattern="/app/payments/editPayment" access="isAuthenticated()" />
    <intercept-url pattern="/app/payments/enterManualPayment" access="hasRole('EPAY_ENTER_ACH_MANUAL_PAYMENT') or hasRole('EPAY_ENTER_CRT_MANUAL_PAYMENT')" />
    <intercept-url pattern="/app/payments/*" access="isAuthenticated()" />
    <intercept-url pattern="/app/queuedPayments/viewQueued" access="hasRole('EPAY_QUEUE_APPROVE')" />
    <intercept-url pattern="/app/queuedPayments/*" access="isAuthenticated()" />
    <intercept-url pattern="/app/admin/userSetup" access="hasRole('EPAY_USER_SETUP')" />
    <intercept-url pattern="/app/admin/insertUser" access="hasRole('EPAY_USER_SETUP')" />
    <intercept-url pattern="/app/admin/roleSetup" access="hasRole('EPAY_ROLE_SETUP')" />
    <intercept-url pattern="/app/admin/viewLogs" access="hasRole('EPAY_LOG_VIEW')" />
    <intercept-url pattern="/epayui/app/reports/enterReport" access="hasRole('EPAY_REPORT_MENU')" />
    <intercept-url pattern="/epayui/app/reports/enterReport/*" access="hasRole('EPAY_REPORT_MENU')" />
    <intercept-url pattern="/app/admin/unauthorizedAccounts" access="hasRole('EPAY_UNAUTH_ACCOUNT')" />
    <intercept-url pattern="/app/admin/*" access="isAuthenticated()" />
    <intercept-url pattern="/app/recurring/enterRecurringSchedules" access="hasRole('EPAY_RECURRING_CRT') or hasRole('EPAY_RECURRING_READ_ONLY') or hasRole('EPAY_RECURRING_CRT_REC_WEB') or hasRole('EPAY_RECURRING_CRT_ENA')"/>
    <intercept-url pattern="/app/recurring/searchRecurringSchedules" access="hasRole('EPAY_RECURRING_CRT_REC') or hasRole('EPAY_RECURRING_ACH_REC')"/> 
    <intercept-url pattern="/app/recurring/*" access="isAuthenticated()" />
    <intercept-url pattern="/app/reports/*" access="isAuthenticated()" />
    <intercept-url pattern="/app/customer/*" access="isAuthenticated() and  hasRole('MANAGE_CUSTOMERS')" />
    <!-- <intercept-url pattern="/app/ccpayments/cardPayment" access="isAuthenticated() and (hasRole('EPAY_PROFILE_CREATE') or hasRole('EPAY_PROFILE_UPDATE') or hasRole('EPAY_PAYMENT_CRT_SAVE'))"/> -->
    <intercept-url pattern="/app/*" access="isAuthenticated()" />
    <intercept-url pattern="/images/*" filters="none" />
    <intercept-url pattern="/css/images/*" filters="none" />
    <intercept-url pattern="/css/*" filters="none" />
    <intercept-url pattern="/js/*" filters="none" />
    <intercept-url pattern="/resources/*" filters="none" />
    <intercept-url pattern="/logout.jsp" filters="none" />
    <intercept-url pattern="/*" access="isAuthenticated()" />
    <custom-filter position="PRE_AUTH_FILTER" ref="siteminderFilter" />
    <session-management>
        <concurrency-control expired-url="/app/security/accessDenied?errorid=7"/>
    </session-management>
</http>


<beans:bean id="siteminderFilter" class="com.ge.epay.web.security.filters.CustomRequestHeaderAuthenticationFilter">
    <beans:property name="principalRequestHeader" value="georaclehrid"/>
    <beans:property name="firstNameHeader" value="givenname"/>
    <beans:property name="lastNameHeader" value="sn"/>
    <beans:property name="authenticationManager" ref="authenticationManager"/>
    <beans:property name="referSsoURL" value="${gecars.sso.logout.refer}"/>
</beans:bean>   

<authentication-manager alias="authenticationManager" >
          <authentication-provider ref="preauthAuthProvider"/>
</authentication-manager>

<beans:bean id="preauthAuthProvider"
  class="org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationProvider">
    <beans:property name="preAuthenticatedUserDetailsService" ref="userDetailsService"/>

</beans:bean>

<beans:bean id="userDetailsService" class="com.ge.epay.web.security.services.AuthenticationUserDetailsServiceImpl"/>

<beans:bean id="customAuthenticationEntryPoint" class="com.ge.epay.web.security.services.CustomAuthenticationEntryPoint"></beans:bean>

Am I doing something wrong. Any guidance will be appreciated. Thanks in advance.

0

There are 0 answers