404 error on spring security

Question

Using spring security with hibernate, When the user comes at /login and enters his credentials, he is supposed to be forwarded to /users/home . but he is not for the very first time he logins in, he is show a 404 message The requested resource is not available (some times at /favicon.ico if its on a live domain and localhost/ if its on localhost). If he returns back to the login page and logins again with SAME credentials, he is correctly landed to /users/home. why is that? http://pastie.org/8586150

spring security xml:

<security:form-login
    login-page="/login"

    authentication-failure-url="/login?error=true"

    default-target-url="/users/home"/>

 <security:authentication-manager>
         <security:authentication-provider user-service-ref="customUserDetailsService">
         </security:authentication-provider>
 </security:authentication-manager>

-Controller--------

@RequestMapping(value = "/users/home" )
    public String userHome(ModelMap model, HttpServletRequest request) {
        User springUser = (User)SecurityContextHolder.getContext().getAuthentication().getPrincipal();
        String loginId = springUser.getUsername(); //get logged in username

        result = userService.getUserByLoginId(loginId); 
        Users user = (Users)result.getObject();
        HttpSession session = request.getSession(true);
        session.setAttribute("userName", user.getName());
//        model.addAttribute("username", user.getName());

        return "/users/home";       
    }

---

package web.service.common;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Repository;
import web.dao.UsersDAO;
import web.dao.impl.jpa.UsersDAOImpl;
import web.entity.Users;


@Service
public class CustomUserDetailsService implements UserDetailsService{

    //@Resource
   @Autowired
   private UsersDAO userDAO;

 public UserDetails loadUserByUsername(String email)
   throws UsernameNotFoundException, DataAccessException {


  // Declare a null Spring User
  UserDetails springUser = null;


  try {
    System.out.println("the email passed from CustomUserDetailsService in method loadUserByUsername is: " +email);

   Users dbUser = userDAO.getUserByLoginId(email);

   springUser =  new User(
     dbUser.getEmail(),
     dbUser.getPassword().toLowerCase(),
     true,
     true,
     true,
     true,
     //getAuthorities(dbUser.getAccess()) );
     getAuthorities(2) );

  } catch (Exception e) {

   e.printStackTrace();
    System.out.println(e.getMessage());
   throw new UsernameNotFoundException("Error in retrieving user");
  }
   System.out.println("debug ---- 4");

  return springUser;
 }

  public Collection<GrantedAuthority> getAuthorities(Integer access) {
   List<GrantedAuthority> authList = (List<GrantedAuthority>) new ArrayList<GrantedAuthority>(2);


   authList.add(new GrantedAuthorityImpl("ROLE_USER"));


   return authList;
   }

}

Answer 1

It may be due to dosnt getting user from database. Try to return null when u not found any user from database.

Users dbUser = userDAO.getUserByLoginId(email);
if(dbUser==null){
    return null;
}

I am also sharing tutorial develop by me for Spring security with UserService. It may be help you for further

https://www.mediafire.com/?9e2rd4ozb4qujuj

Answer 2

<security:intercept-url pattern="/favicon.ico" access="permitAll"/> 
<security:intercept-url pattern="/" access="permitAll"/> 

solved the problem :)

Answer 3

You need to allow access to all for the favicon. :)