Spring security Login implementation
Question
web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5">
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/wifAdmin/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>/wifAdmin</welcome-file>
</welcome-file-list>
</web-app>
spring-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:task="http://www.springframework.org/schema/task"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/task
http://www.springframework.org/schema/task/spring-task-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd
">
<context:annotation-config />
<context:component-scan base-package="com.xsiraul.chat.controller" />
<task:annotation-driven />
<bean id="multipartResolver"
class="org.springframework.web.multipart.commons.CommonsMultipartResolver" />
<bean id="jspViewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/jsp/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id='placeholderConfig'
class='org.springframework.beans.factory.config.PropertyPlaceholderConfigurer'>
<property name='locations'>
<list>
<value>classpath:login.properties</value>
</list>
</property>
</bean>
<bean id='dataSource' class='com.mchange.v2.c3p0.ComboPooledDataSource'>
<!--Driver name to connect to the database -->
<property name='driverClass'>
<value>${login.jdbc.driver}</value>
</property>
<!--DB URL -->
<property name='jdbcUrl'>
<value>${login.url}</value>
</property>
<!--DB User used to connect to the schema -->
<property name='user'>
<value>${login.username}</value>
</property>
<!--Password required to access for the above user -->
<property name='password'>
<value>${login.password}</value>
</property>
<!-- configuration pool via c3p0 -->
<property name='acquireIncrement'>
<value>${login.c3p0.acquireIncrement}</value>
</property>
<property name='idleConnectionTestPeriod'>
<value>${login.c3p0.idleConnectionTestPeriod}</value>
<!-- seconds -->
</property>
<property name='maxPoolSize'>
<value>${login.c3p0.maxPoolSize}</value>
</property>
<property name='maxStatements'>
<value>${login.c3p0.maxStatements}</value>
</property>
<property name='minPoolSize'>
<value>${login.c3p0.minPoolSize}</value>
</property>
<property name='initialPoolSize'>
<value>${login.c3p0.initialPoolSize}</value>
</property>
<property name='maxIdleTime'>
<value>${login.c3p0.maxIdleTime}</value>
</property>
<property name='acquireRetryAttempts'>
<value>${login.c3p0.acquireRetryAttempts}</value>
</property>
<property name='acquireRetryDelay'>
<value>${login.c3p0.acquireRetryDelay}</value>
</property>
<property name='breakAfterAcquireFailure'>
<value>${login.c3p0.breakAfterAcquireFailure}</value>
</property>
</bean>
<sec:http>
<sec:intercept-url pattern="/wifAdmin/*" access="ROLE_USER" />
<sec:form-login login-page='/wifAdmin'
default-target-url='/wifAdmin' authentication-failure-url='/wifAdmin?error=true' />
<sec:logout logout-success-url='/wifAdmin' />
<sec:anonymous username='guest' granted-authority='ROLE_GUEST' />
<sec:remember-me />
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name='admin' password='secret' authorities='ROLE_ADMIN,ROLE_USER' />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>
</beans>
index.jsp:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login</title>
</head>
<body>
<c:if test="${not empty param.error}">
<font color="red"> Login error. <br /> Reason :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</font>
</c:if>
<form method="POST" action="<c:url value="/wifAdmin/logged" />">
<table>
<tr>
<td align="right">Username</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td align="right">Password</td>
<td><input type="password" name="j_password" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit"
value="Login" /></td>
</tr>
</table>
</form>
</body>
</html>
manage.jsp:
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="sec"
uri="http://www.springframework.org/security/tags"%>
<html>
<head>
<title>Home</title>
</head>
<body>
<a href=<c:url value="/j_spring_security_logout"/>>Logout</a>
<br />
<sec:authorize ifAnyGranted="ROLE_ADMIN">
<h1>Only admin can see this</h1>
<br />
<a href="admin"> Admin Home </a>
</sec:authorize>
<h1>Welcome</h1>
</body>
</html>
ChatController.java:
@Controller
public class WifchatManagement {
@RequestMapping(value = "/wifAdmin", method = RequestMethod.GET)
public String wifAdmin(Model model) {
return "wifManagement/index";
}
@RequestMapping(value = "/wifAdmin/logged", method = RequestMethod.GET)
public String setUp(Model model) {
return "wifManagement/manage";
}
}
Problems:
- Spring Security doesn't filter URL, and I can access /wifAdmin/logged as a guest.
- In index.jsp form, the action URL only redirects to /wifAdmin/logged. If I change action value to "j_spring_security_check" - it gives "Not found" error. It looks like Spring Security doesn't work.
I use:
- spring framework 4.0.2
- spring security 3.2.1
Thank you for any help.
2 answers
solution1
1 2014-03-17 12:22:23
First try changing
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/wifAdmin/*</url-pattern>
</filter-mapping>
To
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
Now is spring security filter chain getting hit or not ?
solution2
0 ACCPTED 2014-03-17 12:59:47
I missed ContextLoaderListener in web.xml. Added these lines, and it works:
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-servlet.xml
</param-value>
</context-param>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.
Related Question
Own login page in spring security 6. new implementation
Spring Security SAML Implementation
Spring Security with UserDetailsService implementation
Login with Spring Security and jdbcTemplate
Spring security login and register
Auto Login Spring Security
Spring security fail login
Special Login with Spring Security
Spring Security /login not found
Unable to login in Spring Security
Related Tags