HTTP Status 404 - /j_spring_security_check

Hi with spring mvc 3.0.5 and spring security 4.3.0, my login thrown the following error exception:

HTTP Status 404 - /j_spring_security_check

here is my security-config.xml file:

<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:tx="http://www.springframework.org/schema/tx" xmlns:security="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <!-- Configure Spring Security --> <security:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" > <security:intercept-url pattern="/auth/login" access="permitAll"/> <security:intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')" /> <!-- <security:intercept-url pattern="/j_spring_security_check" access="ROLE_SUPERVISOR" />--> <security:form-login login-page="/auth/login" authentication-failure-url="/auth/login?error=true" default-target-url="/admin"/> <security:logout invalidate-session="true" logout-success-url="/" logout-url="/auth/logout"/> </security:http> <security:authentication-manager> <!-- Declare an authentication-manager to use a custom userDetailsService --> <security:authentication-provider user-service-ref="customUserDetailsService"> <security:password-encoder ref="passwordEncoder"/> </security:authentication-provider> </security:authentication-manager> <context:annotation-config /> <!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database --> <!-- <bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/>--> <!-- use BCrypt encoder --> <bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEncoder"/> <!-- A custom service where Spring will retrieve users and their corresponding access levels --> <bean id="customUserDetailsService" class="LuxuryLiving.manager.service.CustomUserDetailsService" /> <context:component-scan base-package="LuxuryLiving" annotation-config="true" /> </beans>

servlet-context.xml file:
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:aop="http://www.springframework.org/schema/aop" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd"> <!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure --> <!-- Enables the Spring MVC @Controller programming model --> <mvc:annotation-driven /> <!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory --> <mvc:resources mapping="/resources/**" location="/resources/" /> <!-- Application Message Bundle --> <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <property name="basename" value="/WEB-INF/messages/messages" /> <property name="cacheSeconds" value="0" /> </bean> <!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/views/" /> <property name="suffix" value=".jsp" /> </bean> <bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver"> <property name="maxUploadSize" value="20480000" /> </bean> <bean class="org.springframework.web.servlet.mvc.annotation.AnnotationMethodHandlerAdapter" > <property name="messageConverters"> <list> <bean class = "org.springframework.http.converter.StringHttpMessageConverter"> <property name = "supportedMediaTypes"> <list> <value>text/html;charset=UTF-8</value> </list> </property> </bean> </list> </property> </bean> <context:component-scan base-package="LuxuryLiving" annotation-config="true" /> </beans>

web.xml file:
<?xml version="1.0" encoding="UTF-8"?> <web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter> <filter-name>characterEncodingFilter</filter-name> <filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class> <init-param> <param-name>encoding</param-name> <param-value>UTF-8</param-value> </init-param> <init-param> <param-name>forceEncoding</param-name> <param-value>true</param-value> </init-param> </filter> <filter-mapping> <filter-name>characterEncodingFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/root-context.xml /WEB-INF/spring/appServlet/security-config.xml </param-value> </context-param> <!-- Creates the Spring Container shared by all Servlets and Filters --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Processes application requests --> <servlet> <servlet-name>dispatcherServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/appServlet/servlet-context.xml </param-value> </init-param> <load-on-startup>1</load-on-startup> <multipart-config> <max-file-size>20480000</max-file-size> <max-request-size>20480000</max-request-size> </multipart-config> </servlet> <servlet-mapping> <servlet-name>dispatcherServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> </web-app>

IF I change the url-pattern to /*, it will break part of my controller mapping, but with / mapping, it breaks the security login mapping.

Any suggestion is very well appreciated.
Thanks
Sam

Here is my login page:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> <%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %> <%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %> <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Morfeusflex Admin Login Page</title> </head> <body style="text-decoration: underline; right: auto; left: auto; text-align: left;" > <h1>Morfeusflex Admin Login Page</h1> <div id="login-error">${error}</div> <form action="../../j_spring_security_check" method="post" > <table align="left"> <tr style="background-color: #F1F1F1;"> <!-- <td colspan="3"> <strong>Admin Login Page </strong> <a href="<c:url value="/deliveries/adminsignup/createadmin" />">Sign up</a> | <a link="#"> Get help</a> </td>--> </tr> <tr> <td width="118"><label for="j_username" > Login Name:</label></td> <td colspan="2"><input id="j_username" name="j_username" type="text" /></td> </tr> <tr> <td width="118"><label for="j_password" > Password:</label></td> <td colspan="2"><input id="j_password" name="j_password" type="password" /></td> </tr> <tr> <td colspan=2><hr> <input type="submit" value="Login"/></td> </tr> </table> <p> <img src="<c:url value="/resources/10113.jpg" />" width="800" alt="Seacell Mattress" > </p> </form> </body> </html>

login controller:
@Controller @RequestMapping("/auth") public class LoginLogoutController { protected static Logger logger = Logger.getLogger("LoginLogoutController.class"); private AdminService adminService; @Autowired public LoginLogoutController(AdminService adminService) { this.adminService = adminService; } /** * Handles and retrieves the login JSP page * * @return the name of the JSP page */ @RequestMapping(value = "/login", method = RequestMethod.GET) public String getLoginPage(@RequestParam(value="error", required=false) boolean error, ModelMap model) { logger.debug("Received request to show login page"); // Add an error message to the model if login is unsuccessful // The 'error' parameter is set to true based on the when the authentication has failed. // We declared this under the authentication-failure-url attribute inside the spring-security.xml /* See below: <form-login login-page="/krams/auth/login" authentication-failure-url="/krams/auth/login?error=true" default-target-url="/krams/main/common"/> */ if (error == true) { // Assign an error message model.put("error", "You have entered an invalid username or password!"); } else { model.put("error", ""); } // This will resolve to /WEB-INF/jsp/loginpage.jsp return "/loginpage"; } /** * Handles and retrieves the denied JSP page. This is shown whenever a regular user * tries to access an admin only page. * * @return the name of the JSP page */ @RequestMapping(value = "/denied", method = RequestMethod.GET) public String getDeniedPage() { logger.debug("Received request to show denied page"); // This will resolve to /WEB-INF/jsp/deniedpage.jsp return "/deniedpage"; }