I am stuck trying to create a web app using spring security 3.2.
I am trying to implement two login pages with a different authentication manager. This configuration works fine if I use a http-basic form but when using a form-login, I receive a 404 on j_spring_security_check. Any Idea ? Why the j_spring_security_check is not generated by spring on this situation ?
Thanks in advance
<http pattern="/admin/login.html" security="none" />
<http pattern="/user/login.html" security="none" />
<http use-expressions="true" pattern="/user/**" authentication-manager-ref="userAuthMgr">
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<form-login login-page="/user/login.html" always-use-default-target="true" default-target-url="/user/index.html" />
</http>
<http use-expressions="true" pattern="/admin/**" authentication-manager-ref="adminAuthMgr">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<form-login login-page="/admin/login.html" always-use-default-target="true" default-target-url="/admin/index.html" />
</http>
<debug/>
<authentication-manager id="adminAuthMgr">
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
<authentication-manager id="userAuthMgr">
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_USER" />
<user name="vip" password="vip" authorities="ROLE_USER, ROLE_VIP" />
</user-service>
</authentication-provider>
</authentication-manager>
And my login.jsp
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<div class="container">
<form class="form-signin" role="form" action="<c:url value='/j_spring_security_check' />" method='POST'>
<input type="text" name='j_username' class="form-control" placeholder="Username" required="" autofocus="">
<input type="password" name='j_password' class="form-control" placeholder="Password" required="">
<button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
</form>
<c:if test="${not empty sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}">
<div class="alert alert-danger">
${sessionScope.SPRING_SECURITY_LAST_EXCEPTION.message}
</div>
</c:if>
From Spring Boot 2.7, WebSecurityConfigurerAdapter is deprecated.
For a quick demonstration, we'll configure two authentication providers – a custom authentication provider and an in-memory authentication provider.
Spring Boot provides a default global AuthenticationManager (with only one user) unless you pre-empt it by providing your own bean of type AuthenticationManager . The default is secure enough on its own for you not to have to worry about it much, unless you actively need a custom global AuthenticationManager .
You can use multiple authentication provider:
-One 'default' Authentication Provider: with 'alias'
-others Authenfication Provider: with 'id'
<http use-expressions="true" pattern="/user/**" authentication-manager-ref="userAuthMgr">
<intercept-url pattern="/user/**" access="hasRole('ROLE_USER')" />
<form-login login-page="/user/login.html" always-use-default-target="true" default-target-url="/user/index.html" />
</http>
<http use-expressions="true" pattern="/admin/**" authentication-manager-ref="adminAuthMgr">
<intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
<form-login login-page="/admin/login.html" always-use-default-target="true" default-target-url="/admin/index.html" />
</http>
<debug/>
<!--default Authentication Provider -->
<authentication-manager alias="adminAuthMgr">
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_ADMIN" />
</user-service>
</authentication-provider>
</authentication-manager>
<authentication-manager id="userAuthMgr">
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_USER" />
<user name="vip" password="vip" authorities="ROLE_USER, ROLE_VIP" />
</user-service>
</authentication-provider>
</authentication-manager>
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With