I am using Spring MVC 4.1 and Spring Security 4.0. I want to use my own login page, but Spring Security always give me access denied page. If I use default login page everything is good. Here is my security.xml
<http auto-config="true">
<intercept-url pattern="/"
access="permitAll"/>
<intercept-url pattern="/login"
access="permitAll()"/>
<intercept-url pattern="/signup"
access="permitAll"/>
<intercept-url pattern="/logout"
access="permitAll"/>
<intercept-url pattern="/errors/**"
access="permitAll"/>
<intercept-url pattern="/users"
access="hasRole('USER')"/>
<intercept-url pattern="/forum"
access="hasRole('USER')"/>
<!-- access denied page -->
<access-denied-handler
error-page="/errors/403"/>
<form-login
login-page="/login"
login-processing-url="/login"
username-parameter="username"
password-parameter="password"
/>
<logout
logout-success-url="/welcome"/>
<!--logout-url="/j_spring_security_logout"-->
<!-- enable csrf protection -->
<!--<csrf/>-->
</http>
<b:import resource="classpath:ru/forque/service/applicationContext-service.xml"/>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService">
<password-encoder ref="passwordEncoder"/>
</authentication-provider>
</authentication-manager>
here is login.jsp
<html>
<head>
<title>Log in</title>
</head>
<body>
<div class="row">
<div class="container">
<h1>Forque Sign In</h1>
<c:url value="/login" var="loginUrl"/>
<form action="${loginUrl}" method="post">
<c:if test="${param.error != null}">
<div class="alert alert-error">
Failed to login.
<c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
</c:if>
</div>
</c:if>
<c:if test="${param.logout != null}">
<div class="alert alert-success">
You have been logged out.
</div>
</c:if>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
<div class="form-actions">
<input class="btn" type="submit" value="Login"/>
</div>
</form>
</div>
</div>
</body>
</html>
尝试删除登录处理网址
<form-login login-page="/login" username-parameter="username" password-parameter="password" authentication-failure-url="/Access_Denied"/>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.