Reputation: 173
Spring security: j_spring_security_check page not found
I'm trying to use Spring Security but when I use form login (with or without correct username/password), I get a 404 error to: http://localhost/HomeAutomation/j_spring_security_check.
Here my files:
SecurityConfig.java:
@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("greg").password("123").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/home/**").access("hasRole('ROLE_USER')")
.and()
.formLogin().permitAll().loginPage("/index").failureUrl("/index?loginError=1")
.defaultSuccessUrl("/home", true).successHandler(new LoginSuccessHandler())
.usernameParameter("username").passwordParameter("password")
.and()
.logout().logoutSuccessUrl("/index?logout=1")
.and()
.csrf();
}
}
SpringMvcInitializer.java
public class SpringMvcInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[] { AppConfig.class };
}
@Override
protected Class<?>[] getServletConfigClasses() {
return null;
}
@Override
protected String[] getServletMappings() {
return new String[] { "/" };
}
}
SpringSecurityInitializer.java
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer{
//nothing to do
}
index.jsp:
<c:if test="${not empty loginError}">
<div class="errorMsg">${loginError}</div>
</c:if>
<form name='loginForm' action="<c:url value='j_spring_security_check' />" method='post'>...</form>
Have you any idea why this doesn't work ?
Sorry for my english. Thank you in advance.
Upvotes: 0
Views: 1728
Answers (1)
Reputation: 21730
Spring Security's Java Configuration defaults to different URLs that the XML configuration. That means since you specified:
http
.formLogin()
.permitAll()
.loginPage("/index")
.failureUrl("/index?loginError=1")
.defaultSuccessUrl("/home", true)
.successHandler(new LoginSuccessHandler())
.usernameParameter("username")
.passwordParameter("password")
Spring Security will redirect using a GET /index to request your log in page (the same value as your loginPage attribute). Spring Security will monitor POST /index for the username and password to be submitted (on the HTTP parameters username and password).
If you want to change this, you can use:
http
.formLogin()
// MODIFY HERE
.loginProcessingUrl("/j_spring_security_check")
.permitAll()
.loginPage("/index")
.failureUrl("/index?loginError=1")
.defaultSuccessUrl("/home", true)
.successHandler(new LoginSuccessHandler())
.usernameParameter("username")
.passwordParameter("password")
Additional notes:
- It makes the Java Configuration much easier to read if you follow a few conventions on formatting. See https://spring.io/blog/2013/07/11/spring-security-java-config-preview-readability/
- You are specifying a number of properties that are the same as the defaults. For example, you do not need the usernameParameter, passwordParameter, csrf, etc
Upvotes: 1
Related Questions
- spring-mvc 5 j_spring_security_check 404 page error
- Why j_spring_security_check 404?
- Spring Security Login error Status 404 - /j_spring_security_check
- /j_spring_security_check HTTP error 404
- Error 404 : /j_spring_security_check is not available
- j_spring_security_check - The requested resource is not available
- spring security bean not found exception
- 404 on 'j_spring_security_check'
- j_spring_security_check 404 issue
- j_spring_security_check is not available