CODEWITHSUNDEEP
javaspring
user3663882
user3663882

Reputation: 7357

Why isn't loadUserByUserName invoke?

The following spring-security-context:

<security:http auto-config="true" use-expressions="true">
    <security:access-denied-handler error-page="/403" />
    <security:intercept-url pattern="/admin/**" access="hasRole('ADMIN')" />
    <security:form-login login-page="/" username-parameter="user" password-parameter="pass" login-processing-url="/" default-target-url="/admin"/>
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service data-source-ref="xaDataSource" 
        authorities-by-username-query="select name, role from users where name = ?" 
        users-by-username-query="select name, password, enabled from users_auth where name = ?" />
    </security:authentication-provider>
</security:authentication-manager>

Inside the index.jsp I have the form:

<body>
<h2>Hello, dear user</h2>
<form id="login" method="POST">
<!--    <label for="user">User: <label/> -->
    <input type="text" name="user" /><br/>
<!--    <label for="password">Passowrd: <label/> -->
    <input type="text" name="pass" /><br/>
    <input type="submit" value="login">
</body>

The issue is after clicking on the submit button the 403 page is rendered. Why? I checked org.springframework.security.core.userdetails.jdbc.JdbcDaoImpl under a debugger and neither of loadUserByUsername(String username), loadUsersByUsername(String username), loadUserAuthorities(String username), loadGroupAuthorities(String username) was called. The followig web.xml:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/coreContext.xml /WEB-INF/securityContext.xml</param-value>
  </context-param>

  <!-- servlets -->

  <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>

  <filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
  </filter-mapping>

What's wrong?

Upvotes: 0

Views: 155

Answers (1)

MrSimpleMind
MrSimpleMind

Reputation: 8587

Try this...

Your security is defined using the page:

login-page="/"

But the form is given in index.jsp and there is no action either.

Try with:

change security context to login-page=/index.jsp

And try change the form also to use action=/index.jsp

Do specify a authentication-failure-url, just to check that it does a call.

See an example here

Upvotes: 1

Related Questions