oscar
Reputation: 1756
Spring security with user XML configuration does not work
Spring security with user XML configuration does not work
I have a project with Spring Security with a user configured in the xml and do not work for me, I have done more to test small projects but this time does not work and I do not know why. The urls are properly protected but I fail to login. The result is always "error". Always redirects to "/login.html?error" although the username and password are correct.
My pom.xml:
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.company</groupId>
<artifactId>foo</artifactId>
<packaging>war</packaging>
<version>0.0.1-SNAPSHOT</version>
<name>foo Maven Webapp</name>
<url>http://maven.apache.org</url>
<properties>
<spring.version>3.2.2.RELEASE</spring.version>
<tiles.version>3.0.4</tiles.version>
</properties>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<version>3.8.1</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.1.0</version>
</dependency>
<dependency>
<groupId>jstl</groupId>
<artifactId>jstl</artifactId>
<version>1.2</version>
</dependency>
<dependency>
<groupId>org.apache.tiles</groupId>
<artifactId>tiles-extras</artifactId>
<version>${tiles.version}</version>
</dependency>
<!-- Hibernate Validator -->
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-validator</artifactId>
<version>4.2.0.Final</version>
</dependency>
<dependency>
<groupId>javax.validation</groupId>
<artifactId>validation-api</artifactId>
<version>1.1.0.Final</version>
</dependency>
<dependency>
<groupId>commons-collections</groupId>
<artifactId>commons-collections</artifactId>
<version>3.2.1</version>
</dependency>
<!-- Jackson JSON Mapper -->
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-mapper-asl</artifactId>
<version>1.9.13</version>
</dependency>
<dependency>
<groupId>org.codehaus.jackson</groupId>
<artifactId>jackson-core-asl</artifactId>
<version>1.9.13</version>
</dependency>
<!-- MySQL database driver -->
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<version>5.1.32</version>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.hibernate</groupId>
<artifactId>hibernate-core</artifactId>
<version>4.2.11.Final</version>
</dependency>
<dependency>
<groupId>org.javassist</groupId>
<artifactId>javassist</artifactId>
<version>3.18.2-GA</version>
</dependency>
<dependency>
<groupId>org.apache.tomcat</groupId>
<artifactId>tomcat-dbcp</artifactId>
<version>7.0.55</version>
</dependency>
<!-- Spring security -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
<version>${spring.version}</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-aspects</artifactId>
<version>${spring.version}</version>
</dependency>
</dependencies>
<build>
<finalName>foo</finalName>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.1</version>
<configuration>
<source>1.7</source>
<target>1.7</target>
</configuration>
</plugin>
</plugins>
</build>
</project>
My dispatcher-servlet.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd">
<context:component-scan base-package="com.company.foo.controladores, com.company.foo.servicio, com.company.foo.fachada, com.company.foo.dao" />
<context:annotation-config />
<mvc:annotation-driven />
<tx:annotation-driven transaction-manager="txManager"/>
<!-- Tiles Configuration -->
<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles/templates.xml</value>
<value>/WEB-INF/tiles/equipo-tiles.xml</value>
<value>/WEB-INF/tiles/jugador-tiles.xml</value>
</list>
</property>
</bean>
<!-- Tiles View Url Based Resolver -->
<bean id="tilesViewResolver"
class="org.springframework.web.servlet.view.UrlBasedViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.tiles3.TilesView" />
</bean>
<!-- css y js -->
<mvc:resources mapping="/assets/**" location="/assets/" />
</beans>
My web.xml:
<web-app
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>foo-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>foo-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/foo-dispatcher-servlet.xml,
classpath:hibernate4Config.xml,
classpath:spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
My spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/" access="isAuthenticated()" />
<intercept-url pattern="/jugadores**" access="isAuthenticated()" />
<intercept-url pattern="/jugadores/**" access="isAuthenticated()" />
<intercept-url pattern="/equipos**" access="isAuthenticated()" />
<intercept-url pattern="/equipos/**" access="isAuthenticated()" />
<intercept-url pattern="/login**" access="isAnonymous()" />
<form-login
login-page="/login.html"
default-target-url="/jugadores.html"
authentication-failure-url="/login.html?error"
username-parameter="username"
password-parameter="password" />
<logout logout-success-url="/login.html?logout" />
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="root" password="1234" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
My controller:
@Controller
public class LoginController {
@RequestMapping(value="/login", method = RequestMethod.GET)
public final ModelAndView printLogin(@RequestParam(value = "error", required = false) final String error,
@RequestParam(value = "logout", required = false) final String logout)
{
ModelAndView view = new ModelAndView("login");
if (error != null) {
view.addObject("error", "Error");
}
if (logout != null) {
view.addObject("msg", "Exit");
}
return view;
}
}
And my login page:
<%@ include file="/WEB-INF/views/includes/taglibs.jsp"%>
<div class="wrapper">
<form class="form-signin" action="<c:url value='/j_spring_security_check' />" method="POST">
<c:if test="${not empty msg}">
<div class="msg">${msg}</div>
</c:if>
<c:if test="${not empty error}">
<div class="error">${error}</div>
</c:if>
<h4 class="form-signin-heading">Login</h4>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input type="text" class="form-control" name='j_username' placeholder="Login" />
<br />
<input type="password" class="form-control" name='j_password' placeholder="Password" />
<br />
<button class="btn btn-lg btn-primary btn-block" type="submit">OK</button>
</form>
</div>
I can not find anywhere what fails me.
Upvotes: 0
Views: 1397
Answers (2)
oscar
Reputation: 1756
I have solved my problem. I changed versions of the XML schemas.
In my dispatcher.xml I changed::
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.2.xsd">
and in my spring-security.xml:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
Upvotes: 0
Ralph
Reputation: 120761
I think it is because your jsp/html input filed names does not match the parameter names expected/configured by/for spring security.
In your jsp you use the (default) names j_username and j_username but you configured spring security to use username and password
So change your configuration to use j_username and j_username instead :
<form-login
login-page="/login.html"
default-target-url="/jugadores.html"
authentication-failure-url="/login.html?error"
username-parameter="j_username"
password-parameter="j_username" />
Upvotes: 1
Related Questions
- Why is Spring Security not working?
- Spring Security XML config
- spring security configuration doesn't work
- Why is my Spring Security not working?
- Spring Security with XML configuration does not authenticate user
- spring-security is not working as expected
- Spring security does not parse xml
- give access with spring security in xml file for one user
- Spring XML using <bean>
- Spring Security 3 configuration in XML