Spring 4 MVC + security issue

Question

I have been working with spring MVC app. Going to add security. All works correct.

according to the doc http://docs.spring.io/autorepo/docs/spring-security/4.0.4.RELEASE/reference/htmlsingle/#abstractsecuritywebapplicationinitializer-with-spring-mvc

added next implementation.

1. MessageSecurityWebApplicationInitializer
2. MessageWebApplicationInitializer
3. SecurityConfig

login form works.

After success authorization, have got - HTTP Status 404 -

Also I can debug method into appController after authorization, I mean next method public String listPatients(ModelMap model) .

Why I have got 404 ? what should I fix ?

public class MessageSecurityWebApplicationInitializer
        extends AbstractSecurityWebApplicationInitializer {
}


public class MessageWebApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[]{AppConfig.class};
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[]{AppConfig.class};
    }


    @Override
    protected String[] getServletMappings() {
        return new String[] {"/*"};
    }

}

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .and()
                .httpBasic();
    }

}

@Controller
@RequestMapping("/")
public class AppController {

    public static final String jsonPage = "json";
    @RequestMapping(value = {"/"}, method = RequestMethod.GET)
    public String listPatients(ModelMap model) {
        model.addAttribute("json", "test"}");
        return jsonPage;
    }

BR!

Answer 1

This is what I have (working):

AppInitializer

public class AppInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] {
                SpringRootConfig.class,
                DatabaseConfig.class,
                SecurityConfig.class,
                SecurityInitializer.class,
                WsdlMarshallerConfig.class
        };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return new Class[] { SpringWebConfig.class };
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

}

SecurityInitializer

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {
}

SecurityConfig

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private DataSource dataSource;

    @Override
    protected void configure(AuthenticationManagerBuilder auth)
            throws Exception {
        // @formatter:off
        auth
            .jdbcAuthentication()
                .dataSource(dataSource)
                    .usersByUsernameQuery("SELECT username, password, enabled FROM users WHERE username = ?")
                    .authoritiesByUsernameQuery("SELECT username, role FROM user_roles WHERE username = ?");
        // @formatter:on
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        // @formatter:off
        http
            .authorizeRequests()
                .antMatchers("/resources/**").permitAll()
                .antMatchers("/login").permitAll()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")
                .and()
            .csrf()
                .disable();
        // @formatter:on
    }

}