Shabarinath Volam
Reputation: 747
The page isn't redirecting properly spring security
Hi I am trying to integrate spring security in my project after integrating when I am trying to login I am seeing this below error
Here is my web.xml and spring-security.xml files
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->
Enable this after correcting spring security
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>/WEB-INF/log4j.xml</param-value>
</context-param>
<!-- Logging listener -->
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Spring Security disabled enable after correcting spring security-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>openSessionInViewFilter</filter-name>
<filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
<init-param>
<param-name>sessionFactoryBeanName</param-name>
<param-value>sessionFactory</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>openSessionInViewFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>sitemesh</filter-name>
<filter-class>
com.opensymphony.module.sitemesh.filter.PageFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>sitemesh</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>Image</servlet-name>
<servlet-class>com.property.servlet.ImageServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Image</servlet-name>
<url-pattern>/images/*</url-pattern>
</servlet-mapping>
</web-app>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">
<!-- Mappings that do not require security (authentication/principal object is not available for these urls)-->
<!-- Pattern should start with /web . Patterns like /login,/home are not effected -->
<http use-expressions="true" auto-config="false" entry-point-ref="authenticationEntryPoint" access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/**" access="isAuthenticated()"/>
<intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter" />
<logout logout-url="/logout" logout-success-url="/login" />
</http>
<!-- loginFormUrl pattern is /login -->
<beans:bean id="authenticationEntryPoint" class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
<beans:property name="loginFormUrl" value="/login"/>
<beans:property name="forceHttps" value="true"/>
</beans:bean>
<beans:bean id="authenticationProcessingFilter" class="com.property.controller.auth.PropertyAuthenticationProviderManager">
<beans:property name="authenticationManager">
<beans:ref bean="authenticationManager" />
</beans:property>
<beans:property name="filterProcessesUrl">
<beans:value>/j_spring_security_check</beans:value>
</beans:property>
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationSuccessHandler">
<beans:ref bean="simpleUrlAuthenticationSuccessHandler" />
</beans:property>
<beans:property name="authenticationFailureHandler">
<beans:ref bean="simpleUrlAuthenticationFailureHandler" />
</beans:property>
</beans:bean>
<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
<beans:property name="rememberMeServices" ref="rememberMeServices"/>
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
<beans:property name="userDetailsService">
<beans:bean class="com.property.controller.auth.UserAuthenticationService" />
</beans:property>
<beans:property name="key" value="springRocks"/>
</beans:bean>
<beans:bean id="simpleUrlAuthenticationSuccessHandler" class="com.property.controller.auth.PropertyUrlAuthenticationSuccessHandler">
<beans:property name="defaultPortalTargetUrl">
<beans:value>/home</beans:value>
</beans:property>
</beans:bean>
<beans:bean id="simpleUrlAuthenticationFailureHandler" class="com.property.controller.auth.PropertyUrlAuthenticationFailureHandler">
<beans:property name="defaultPortalFailureUrl">
<beans:value>/login?error=1</beans:value>
</beans:property>
</beans:bean>
<beans:bean id="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
<beans:property name="targetUrlParameter">
<util:constant static-field="org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler.DEFAULT_TARGET_PARAMETER"/>
</beans:property>
</beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref='daoAuthenticationProvider'/>
</authentication-manager>
<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
<beans:property name="userDetailsService">
<beans:bean class="com.property.controller.auth.UserAuthenticationService" />
</beans:property>
<beans:property name="saltSource">
<beans:ref bean="saltSource" />
</beans:property>
<beans:property name="passwordEncoder">
<beans:ref bean="passwordEncoder" />
</beans:property>
</beans:bean>
<beans:bean id="passwordEncoder" class="com.property.controller.auth.PasswordEncoder">
<beans:property name="encodeHashAsBase64">
<beans:value>false</beans:value>
</beans:property>
</beans:bean>
<!-- aop:advisors(preauth and postauth...) configuration -->
<beans:bean id="httpRequestAccessDecisionManager" class="org.springframework.security.access.vote.AffirmativeBased">
<beans:property name="allowIfAllAbstainDecisions">
<beans:value>false</beans:value>
</beans:property>
<beans:property name="decisionVoters">
<beans:list>
<beans:bean class="org.springframework.security.access.vote.RoleVoter">
<beans:property name="rolePrefix" value=""/>
</beans:bean>
<beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
</beans:list>
</beans:property>
</beans:bean>
<beans:bean id="propertySecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
<beans:property name="authenticationManager" ref="authenticationManager" />
<beans:property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
<beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
</beans:bean>
<beans:bean id="saltSource" class="com.property.controller.auth.SaltSource">
</beans:bean>
<beans:bean id="securityMetadataSource" class="org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource"/>
<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>
</beans:beans>
Here I am having two issues:
- when I type localhost in my browser its redirecting to localhost/login (where should i change to redirect to /home)
- when its redirected to login page I am getting the above error
can any once help me in resolving this issue
Upvotes: 1
Views: 3768
Answers (1)
Chetan Aher
Reputation: 174
What is your app URL if its app/login
change your
<intercept-url pattern="/login/**" access="permitAll" />
This worked for me Cheers!
Upvotes: 2
Related Questions
- Why can't I redirect to an page with spring security?
- spring security does not redirect after successful login
- Page Redirection Issue in Spring Boot Security
- page not redirecting in controller
- Unable to redirect a user to a desired page after login with Spring Security
- Spring-security :The page isn't redirecting properly
- Spring redirect view is not working
- Spring Security configuration causing redirect loop
- Spring-security /login redirecting
- This webpage has a redirect loop in spring-security application