Reputation: 1
How to prevent Spring Security 2.5 from overriding the loading of a Welcome Page (index.html)
I have a Spring MVC Web app that I'd like to show a simple Welcome Page (index.html). On that page, I just to have a 2 href links: one to bring me to the Login Page that is then implemented using Spring Security (2.5.6) and Hibernate 3 and the other to a Registration Page for new users.
However, the problem is that Spring Security automatically loads my login page each time and does NOT load the index.html page where I have coded the 2 links to forward me to either login or registration. I am brought to the login page which works fine. However, I never get to show the initial index.html page of my web application.
Can anyone shed light on how to prevent Spring Security from overriding the 'Welcome Page' with it's Login Page.
Many thanks.
Here is my Spring Security set up in web.xml:
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
WEB-INF/spring-beans.xml
WEB-INF/spring-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
Upvotes: 0
Views: 1292
Answers (3)
Reputation: 1737
Controller should handle user's request and in your case no controller which mapped to this URL. When controller found, it performs some logic and returns view name which will be used to represent server's response. So, view name translator called only after controller and only for deduce full path to particular JSP file.
<mvc:view-controller path="/" view-name="index"/>
Try to add
Upvotes: 0
Reputation: 40186
There's nothing wrong with your web.xml file, you need to show us your WEB-INF/spring-security.xml file.
If you keep getting directed to the login page, chances are you mess up the intercept-url pattern that causes your welcome page to be caught by Spring Security for further authentication before displaying it.
This is an example of the intercept-url tags that you will find in your WEB-INF/spring-security.xml file:-
<http auto-config="true" access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/admin/searchUsers.do" access="ROLE_ADMIN" />
<intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN" />
<form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/home.do"/>
<logout logout-success-url="/home.do"/>
</http>
Upvotes: 1
Related Questions
- spring security login page does not load resources
- Spring Security disable default login page
- Spring MVC/Security - Users still can access login page after successful login
- How to prevent spring security from redirecting to the previous page after successful login?
- Spring security does not redirect to home page
- Spring Security: Cannot access target page even after successful login
- Spring Security with MVC does not work for unauthenticated pages
- Spring mvc / security : excluding the login page from spring security
- spring security. forward after login page
- JSF set welcome page