• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Junilu Lacar
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Piet Souris
  • Tim Holloway
  • Jj Roberts
  • Stephan van Hulst
Bartenders:
  • Himai Minh
  • Carey Brown
  • Frits Walraven

j_spring_security_check 404 status and not able to proceed

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Issue : After providing credentials in the login page, the page is redirected to http://localhost:8080/BOOKS/j_spring_security_check. I am using custom login page for authenticating. This application runs on Tomcat 9 and it is a spring mvc 5 framework

Could you please check why it is redirected to j_spring_security_check instead of target page.

Here is my spring-security.xml file


<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">

<http pattern="/resources/**" security="none" />
<http entry-point-ref="loginUrlAuthenticationEntryPoint" use-expressions="true">
<intercept-url pattern="/web/**" access="permitAll" />
<intercept-url pattern="/j_spring security_check" access="isAnonymous()" />
<intercept-url pattern="/web/j_spring security_check" access="isAnonymous()" /> <intercept-url pattern="/**" access="hasAnyRole('USER_ROLE', 'USER_ADMIN')" />
<logout success-handler-ref="CustomLogoutHandler" invalidate-session="true" delete-cookies="JSESSIONID" />
<access-denied-handler error-page="/web/Index.html" />

<custom-filter position="CONCURRENT_SESSION_FILTER" ref="concurrencySesFilter" />
<custom-filter position="FORM_LOGIN_FILTER" ref="FormFilter"/>
<custom-filter position="LAST" ref="appFilter" />
<session-management session-authentication strategy-ref="comsess" invalid-session-url="/web/Sessioninvalid.html" />
</http>

   <authentication-manager alias="authenticationManager">
<authentication-provider ref="CustomAuthenticationProvider"/>
   </authentication-manager>

   <beans:bean id="springSecurityFilterChain" class="org.springframework.web.filter.DelegatingFilterProxy"/>
   <beans:bean id="CustomLogoutHandler" class="com.books.authentication.CustomLogoutHandler"/>
   <beans:bean id="CustomAuthentication Provider" class="com.books.authentication.CustomAuthenticationProvider"/>
   <beans:bean id="customAuthenticationSuccessHandler" class="com.books.authentication.CustomAuthenticationSuccessHandler"/>
   <beans:bean id="appFilter" class="com.books.vamp.filter.ApplicationFilter"/>
   <beans:bean id="customAuthenticationFailureHandler" class="com.books.authentication.CustomAuthenticationFailureHandler"/>

   <beans:bean id="redirectSessionInformationExpiredStrategy" class="org.springframework.security.web.session.SimpleRedirectSessionInformationExpiredStrategy">
      <beans:constructor-arg name="invalidSessionUrl" value="/web/Sessioninvalid.html" />
   </beans:bean>

   <beans:bean id="concurrencySesFilter" class="org.springframework.security.web.session.ConcurrentSessionFilter">
<beans:constructor-arg name="sessionRegistry" ref="sessionRegistry" />
<beans:constructor-arg name="sessionInformationExpiredStrategy" ref="redirectSessionInformationExpiredStrategy" />
   </beans:bean>

   <beans:bean id="FormFilter" class="org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter">
<beans:property name="sessionAuthenticationStrategy" ref="comsess" />
<beans:property name="authenticationManager" ref="authentication Manager" />
<beans:property name="authenticationFailureHandler" ref="customAuthenticationFailureHandler"/>
<beans:property name="authenticationSuccessHandler" ref="customAuthenticationSuccessHandler"/>
<beans:property name="usernameParameter" value="username"/>
<beans:property name="passwordParameter" value="password"/>
   </beans:bean>

<beans:bean id="sessionRegistry" class="org.springframework.security.core.session.SessionRegistryImpl" />

   <beans:bean id="loginUrlAuthenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:constructor-arg name="loginFormUrl" value="/web/Index.html" />
   </beans:bean>

<beans:bean id="comsess" class="org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy">
<beans:constructor-arg>
<beans:list>

<beans:bean class="org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry"/>
<beans:property name="maximumSessions" value="1" />
<beans:property name="exceptionIfMaximumExceeded" value="false" />
</beans:bean>

<beans:bean class="org.springframework.security.web.authentication.session.SessionFixationProtectionStrategy">
</beans:bean>

<beans:bean class="org.springframework.security.web.authentication.session.RegisterSessionAuthenticationStrategy">
<beans:constructor-arg ref="sessionRegistry"/>
</beans:beans>
</beans:list>
</beans:constructor-arg>
</beans:beans>


</beans:beans>


dispatcher-servlet.xml

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:task="http://www.springframework.org/schema/task"
xmlns:cache="http://www.springframework.org/schema/cache"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang
http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task.xsd
http://www.springframework.org/schema/cache
http://www.springframework.org/schema/cache/spring-cache.xsd">


<mvc: annotation-driven />

<context: annotation-config />
<context:component-scan base-package="com.books.book.utils" />
<context:component-scan base-package="com.books.book.vamp" />

<!-- added for spring5 mvc -->
<beans:bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
<property name="useDefaultSuffixPattern" value="false" />
</beans:bean>
<beans:bean class="org.springframework.web.servlet.mvc.annotation.Request MappingHandlerMapping" />


<!-- JSP -->
<beans:bean id="jspViewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/views/" />
<property name="suffix" value=".jsp" />
</beans:bean>

<!-- Resource -->
<- <mvc:resources mapping="/resources/*** location="/resources/" />-->
<resources mapping="/resources/*** location="/resources/" />

<!-- DB -->
<beans:bean id="vampjdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
<property name="dataSource" ref="dataSource" />
</beans:bean>

<beans:bean id="dataSource" class="org.springframework.jndi.JndiObjectFactoryBean">
<property name="jndiName">
<value>jdbc/vampDS</value>
</property>
</beans:bean>

<tx:annotation-driven transaction-manager="transactionManager" />

<beans:bean id="transactionManager" class="org.springframework.jdbc.datasource.DataSourceTransactionManager" scope="singleton">
<property name="dataSource" ref="dataSource" />
</beans:bean>

</beans>





 
Bartender
Posts: 2101
13
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
With Spring boot, the security configuration can be done with Java classes instead of xml.
I found a stackoverflow thread, which may be helpful:
https://stackoverflow.com/questions/31606057/j-spring-security-check-http-status-404-custom-login/31606282
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic