Spring Security无法正常运行的登录页面URL（http：// localhost：8080 / site / j_spring_security_check）转到PAGE NOT FOUND

Question

I am new to hippo and working on hippo cms site. I am working on creating a login page with spring security. For this I created the following files and did the configuration for spring and spring security.

Here is my Login.jsp.

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
    color: #ff0000;
    background-color: #ffEEEE;
    border: 3px solid #ff0000;
    padding: 8px;
    margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
    <h3>Login with Username and Password (Custom Page)</h3>

    <c:if test="${not empty error}">
        <div class="errorblock">
            Your login attempt was not successful, try again.<br /> Caused :
            ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
        </div>
    </c:if>

    <form name='f' action="/j_spring_security_check"
        method='POST'>

        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='j_username' value=''>
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='j_password' />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="reset" type="reset" />
                </td>
            </tr>
        </table>

    </form>
</body>
</html>

The configuration files.

1) Web.xml configuration

    <?xml version="1.0" encoding="UTF-8"?>
    <web-app id="WebApp_ID" version="2.4"
        xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
        http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

        <display-name>Spring MVC Application</display-name>

        <!-- Spring MVC -->
        <servlet>
            <servlet-name>mvc-dispatcher</servlet-name>
            <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
            <load-on-startup>1</load-on-startup>
        </servlet>
        <servlet-mapping>
            <servlet-name>mvc-dispatcher</servlet-name>
            <url-pattern>/</url-pattern>
        </servlet-mapping>

        <listener>
            <listener class>org.springframework.web.context.ContextLoaderListener</listener-class>
        </listener>

        <context-param>
            <param-name>contextConfigLocation</param-name>
            <param-value>
                /WEB-INF/mvc-dispatcher-servlet.xml,
                /WEB-INF/spring-database.xml,
                /WEB-INF/spring-security.xml
            </param-value>
        </context-param>

        <!-- Spring Security -->
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
        </filter>

        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/*</url-pattern>
        </filter-mapping>

    </web-app>

2) mvc-dispatcher-servlet.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:context="http://www.springframework.org/schema/context"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="
            http://www.springframework.org/schema/beans    
            http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
            http://www.springframework.org/schema/context
            http://www.springframework.org/schema/context/spring-context-3.0.xsd">

        <context:component-scan base-package="com.example.common.controller" />

        <bean
            class="org.springframework.web.servlet.view.InternalResourceViewResolver">
            <property name="prefix">
                <value>/WEB-INF/pages/</value>
            </property>
            <property name="suffix">
                <value>.jsp</value>
            </property>
        </bean>

        <bean id="messageSource"
            class="org.springframework.context.support.ResourceBundleMessageSource">
            <property name="basenames">
                <list>
                    <value>mymessages</value>
                </list>
            </property>
        </bean>

    </beans>

3) spring-database.xml

    <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

        <bean id="dataSource"
            class="org.springframework.jdbc.datasource.DriverManagerDataSource">
            <property name="driverClassName" value="com.mysql.jdbc.Driver" />
            <property name="url" value="jdbc:mysql://localhost:3306/vnp_db" />
            <property name="username" value="root" />
            <property name="password" value="admin" />
        </bean>

    </beans>

4) spring-security.xml

    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
        xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://www.springframework.org/schema/beans
        http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security
        http://www.springframework.org/schema/security/spring-security-3.0.xsd">

        <http auto-config="true">
            <intercept-url pattern="/welcome*" access="ROLE_USER" />
            <form-login login-page="/login" default-target-url="/welcome"
                authentication-failure-url="/loginfailed"  login-processing-url="/j_spring_security_check"/>
            <logout logout-success-url="/logout" />
        </http>

        <authentication-manager>
            <authentication-provider>
              <jdbc-user-service data-source-ref="dataSource"

                    users-by-username-query="
                        select email,password, enabled
                        from users where email=?"

                    authorities-by-username-query="
                        select u.email, ur.authority from users u, authorities ur
                        where u.email = ur.email and u.email =?  "
                />
            </authentication-provider>
        </authentication-manager>

    </beans:beans>

And the controller file

This module also contains registration part using spring thar part is working fine . On the login page I fill the correct username and password and clicks "Login" button. The url goes to " http://testcebs.com:8080/site/j_spring_security_check " and redirects to PAGE NOT FOUND instead of success and fail.No authentication process initatied after clicking on "Login" button. I am not able to understand why it is not working. However the same code and configuration is working fine in eclipse as a spring application.

Answer 1

You've been answered here and here , please don't cross-post

The answers:

if the j_spring_security_check URL is not part of the HST driven then make sure you add it to you hst:hosts exclusions, because otherwise the HST thinks it needs to handle the URL.

and

You need to insert the​ SpringSecurityValve into your existing pipelines​ as well​. ​you can use the hippo-spring-sec​ plugin for a cleaner spring security integration; http://hst-springsec.forge.onehippo.org/