Spring security xml, form not working



I am new to spring and I am lost in XML configuration. I want to use spring-security 3.2 to protect my Admin area and Resources area. So i have 2 "entry points":


Login form and mvc area:



/admin


oAuth2, rest resources (not an issue at the moment):



/api


When I enter the credentials i get 404. This is the page with log in form:



http://localhost:8080/springmvcrest/admin/login


On log in I get this:



http://localhost:8080/springmvcrest/j_spring_security_check


web.xml:



<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/applicationContext.xml
            /WEB-INF/spring-security.xml
        </param-value>
    </context-param>
    <filter>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>  
    </filter>  
    <filter-mapping>  
        <filter-name>springSecurityFilterChain</filter-name>  
        <url-pattern>/*</url-pattern>  
        <dispatcher>REQUEST</dispatcher>
        <dispatcher>FORWARD</dispatcher>
    </filter-mapping> 
<listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>

    <!--     Servlet for Web Services API -->
   <servlet>
       <servlet-name>rest-dispatcher</servlet-name>
       <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
            <param-name>throwExceptionIfNoHandlerFound</param-name>
            <param-value>true</param-value>
        </init-param>
        <init-param>
                <param-name>debug</param-name>
                <param-value>true</param-value>
        </init-param> 
       <load-on-startup>1</load-on-startup>
       <async-supported>true</async-supported>
   </servlet>
    <servlet-mapping>
            <servlet-name>rest-dispatcher</servlet-name>
            <url-pattern>/api/*</url-pattern>
    </servlet-mapping>
    <!--     Dispatcher servlet for MVC -->
    <servlet>
        <servlet-name>mvc-dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <init-param>
                <param-name>debug</param-name>
                <param-value>true</param-value>
        </init-param> 
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>mvc-dispatcher</servlet-name>
        <url-pattern>/admin/*</url-pattern>
    </servlet-mapping>


spring-security.xml



<http pattern="/admin/**" authentication-manager-ref="adminAuthManager">  

    <intercept-url pattern="/api/**" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <intercept-url pattern="/assets/css/*.css" access="IS_AUTHENTICATED_ANONYMOUSLY"/> 
    <intercept-url pattern="/assets/js/*.js" access="IS_AUTHENTICATED_ANONYMOUSLY"/>   
    <intercept-url pattern="/assets/images/*.png" access="IS_AUTHENTICATED_ANONYMOUSLY"/>  
    <intercept-url pattern="/assets/icons/*.png" access="IS_AUTHENTICATED_ANONYMOUSLY"/>   
    <intercept-url pattern="/admin/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>   

    <intercept-url pattern="/admin/**" access="ROLE_ADMIN"/>

    <form-login login-page="/admin/login" 
                default-target-url="/admin/success-login" 
                authentication-failure-url="/admin/error-login"/>  

</http>  


<beans:bean class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" id="passwordEncoder" />
<beans:bean id="customUserDetailsService" class="com.katropine.services.CustomUserDetailsService" />  
<authentication-manager alias="adminAuthManager" xmlns="http://ift.tt/1c8inpe">  
    <authentication-provider user-service-ref="customUserDetailsService">  
        <password-encoder hash="bcrypt" />

    </authentication-provider>  
</authentication-manager>


controller:



@Controller
public class SecurityNavigationController {

    @RequestMapping(value={"/login"}, method=RequestMethod.GET )
    public String loginForm(Model model) {
        model.addAttribute("message", "Login...");
        return "login";
    } 

    @RequestMapping(value="/error-login", method=RequestMethod.GET)
    public String invalidLogin(Model model) {
        model.addAttribute("message", "Wrong Username/Password combination");
        return "login";
    }

    @RequestMapping(value="/success-login", method=RequestMethod.GET)
    public String successLogin(Model model, Principal principal) {           
        String name = "";
        name = principal.getName(); //get logged in username
        return "redirect:/admin/springmvc/greeting/"+name;
    }
}


/WEB-INF/view/login.jsp



<form id="login" action="<c:url value="/j_spring_security_check"></c:url>" ....


I have tried /j_spring_security_check or ../j_spring_security_check or /admin/j_spring_security_check ... no success.


I can log in when the http is auto-config="true" and url-pattern in web.xml is set to /* 



spring-mvc-4.0, spring-security-3.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)