java - Spring Security Custom Login Error (on submit login processing url is not invoked) -
i new spring. in need of creating login module using spring security, while using custom login page on submit of form nothing happens , when debugging found getting error code 400 though sending right parameters. using spring 4.0.6.release , spring security 4.0.1.release.
below spring security xml file, login.jsp , web.xml, in advance.
security-context.xml
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:security="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.0.xsd"> <security:http pattern="/static/**" security="none" /> <security:http pattern="/assets/**" security="none" /> <security:http pattern="/resources/**" security="none" /> <security:http pattern="/login.jsp*" security="none" /> <security:http pattern="/login" security="none" /> <security:http pattern="/logout" security="none" /> <security:http pattern="/error" security="none" /> <security:http entry-point-ref="authenticaionentrypoint" access-decision-manager-ref="accessdecisionmanager" use-expressions="true"> <security:intercept-url pattern="/**" access="hasrole('role_user')" /> <security:custom-filter position="form_login_filter" ref="formloginfilter" /> </security:http> <beans:bean id="formloginfilter" class="org.springframework.security.web.authentication.usernamepasswordauthenticationfilter"> <beans:property name="authenticationmanager" ref="authenticationmanager" /> <beans:property name="filterprocessesurl" value="/spring_security_check" /> <beans:property name="usernameparameter" value="username " /> <beans:property name="passwordparameter" value="password" /> <beans:property name="authenticationsuccesshandler" ref="customsuccesshandler" /> <beans:property name="authenticationfailurehandler" ref="customfailurehandler" /> </beans:bean> <security:authentication-manager alias="authenticationmanager"> <security:authentication-provider user-service-ref='userdetailsservice'> <password-encoder ref="bcryptpasswordencoder" /> </security:authentication-provider> </security:authentication-manager> <beans:bean id="authenticaionentrypoint" class="org.springframework.security.web.authentication.loginurlauthenticationentrypoint"> <beans:constructor-arg value="/login" /> </beans:bean> <beans:bean id="accessdecisionmanager" class="org.springframework.security.access.vote.affirmativebased"> <beans:constructor-arg> <beans:list> <beans:bean class="org.springframework.security.web.access.expression.webexpressionvoter" /> <beans:ref bean="rolevoter" /> <beans:ref bean="authenticatedvoter" /> </beans:list> </beans:constructor-arg> </beans:bean> <beans:bean id="rolevoter" class="org.springframework.security.access.vote.rolevoter"> <beans:property name="roleprefix" value="role_" /> </beans:bean> <beans:bean id="authenticatedvoter" class="org.springframework.security.access.vote.authenticatedvoter"> </beans:bean> <beans:bean id="userdetailsservice" class="com.itus.service.security.customsubscriberdetailsservice"> </beans:bean> <beans:bean id='bcryptpasswordencoder' class='org.springframework.security.crypto.bcrypt.bcryptpasswordencoder'></beans:bean> <beans:bean id="customsuccesshandler" class="com.itus.web.security.customsuccesshandler"> </beans:bean> <beans:bean id="customfailurehandler" class="com.itus.web.security.customfailurehandler"> <beans:constructor-arg name="defaultfailureurl" value="/login?authenticated=false" /> </beans:bean> login page (login.jsp)
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> <html> <head> <style> .error { padding: 15px; margin-bottom: 20px; border: 1px solid transparent; border-radius: 4px; color: #a94442; background-color: #f2dede; border-color: #ebccd1; } .msg { padding: 15px; margin-bottom: 20px; border: 1px solid transparent; border-radius: 4px; color: #31708f; background-color: #d9edf7; border-color: #bce8f1; } #login-box { width: 300px; padding: 20px; margin: 100px auto; background: #fff; -webkit-border-radius: 2px; -moz-border-radius: 2px; border: 1px solid #000; } </style> </head> <body onload='document.loginform.username.focus();'> <h1>spring security custom login form (annotation)</h1> <div id="login-box"> <h2>login username , password</h2> <c:if test="${not empty error}"> <div class="error">${error}</div> </c:if> <c:if test="${not empty msg}"> <div class="msg">${msg}</div> </c:if> <form name='loginform' action="<c:url value='/spring_security_check' />" method='post'> <table> <tr> <td>user:</td> <td><input type='text' name='username' value=''></td> </tr> <tr> <td>password:</td> <td><input type='password' name='password' /></td> </tr> <tr> <td colspan='2'><input name="submit" type="submit" value="submit" /></td> </tr> </table> <input type="hidden" name="${_csrf.parametername}" value="${_csrf.token}" /> </form> </div>
web.xml
<?xml version="1.0" encoding="utf-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xsi:schemalocation="http://xmlns.jcp.org/xml/ns/javaee" xmlns:web="http://xmlns.jcp.org/xml/ns/javaee/web-app_3_1.xsd" version="3.1" xmlns="http://xmlns.jcp.org/xml/ns/javaee"> <display-name>itus</display-name> <welcome-file-list> <welcome-file>index.jsp</welcome-file> </welcome-file-list> <context-param> <param-name>contextconfiglocation</param-name> <param-value> /web-inf/spring/applicationcontext.xml /web-inf/spring/security-context.xml /web-inf/spring/mongo-config.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.contextloaderlistener </listener-class> </listener> <servlet> <servlet-name>spring</servlet-name> <servlet-class> org.springframework.web.servlet.dispatcherservlet </servlet-class> <init-param> <param-name>contextconfiglocation</param-name> <param-value>/web-inf/spring/spring-servlet.xml</param-value> </init-param> <init-param> <param-name>mappedfile</param-name> <param-value>false</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <filter> <filter-name>springsecurityfilterchain</filter-name> <filter-class>org.springframework.web.filter.delegatingfilterproxy </filter-class> </filter> <filter-mapping> <filter-name>springsecurityfilterchain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
in security context.xml
<beans:bean id="authenticaionentrypoint" class="org.springframework.security.web.authentication.loginurlauthenticationentrypoint"> <beans:constructor-arg value="/login" /> **<----** entry point /login
in jsp file trying enter "/spring_security_check"
ok in all, have try playing 2 urls.
Comments
Post a Comment