CODEWITHSUNDEEP
javaspring-mvcspring-security
Vercryger
Vercryger

Reputation: 620

Spring Security intercept does not work

I am getting started with spring security via java configurations, but when i go to http://localhost:8080/myapp , i am not redirected to the login form, as we expected.

I have the basic configurations, i have been following this guide.

I am using Spring Security 3.2.5.RELEASE and Spring Version 4.1.2.RELEASE.

This is my security config:

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
        .authorizeRequests()
            .anyRequest().authenticated()
            .and()
        .formLogin()
            .loginPage("/login")
            .permitAll();
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER").and()
                .withUser("admin").password("password").roles("USER", "ADMIN");
    }
}

and my security initializer:

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {



}

My Spring Servlet Dispatcher:

<servlet>
    <servlet-name>appServlet</servlet-name>
    <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
    <init-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
    </init-param>
    <load-on-startup>1</load-on-startup>
</servlet>

<servlet-mapping>
    <servlet-name>appServlet</servlet-name>
    <url-pattern>/</url-pattern>
</servlet-mapping>

Upvotes: 3

Views: 206

Answers (1)

shazin
shazin

Reputation: 21883

Seems like the problem in your case is that springSecurityFilterChain is not being created because your SecurityConfig is not being scanned.

Many things can be reason for this;

  1. Your web container doesn't support Web Application 3.0 (Only Jetty 8.x supported)
  2. You have no @ComponentScan to cover SecurityConfig so that it can register filter bean springSecurityFilterChain

You must either Register the SecurityConfig class explicitly in your SecurityInitializer and make sure the SecurityInitializer is being called. 

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {

    public SecurityInitializer() {
        super(SecurityConfig.class);
    }

}

Upvotes: 0

Related Questions