Menu
I am currently working on my blog in Spring framework. I am implementing the Spring Security for login purpose. Everything works as expected until I submit the login credentials which is always returning 404 code.
Here is my web.xml code
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>avispring</display-name>
<error-page>
<error-code>404</error-code>
<location>/404.html</location>
</error-page>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-database.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
Here is my spring security code:
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver"/>
<property name="url" value="jdbc:mysql://localhost:3306/avispring"/>
<property name="username" value="root"/>
<property name="password" value=""/>
</bean>
<security:debug/>
<security:http auto-config="true">
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<security:form-login
login-page="/login.html"
authentication-failure-url="/login?login_error=1"
default-target-url="/admin/home.html"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select USERNAME,PASSWORD,ENABLED from USER_AUTHENTICATION where USERNAME=?"
authorities-by-username-query="select u1.USERNAME,u2.ROLE from USER_AUTHENTICATION u1,USER_AUTHORIZATION u2 where u1.USER_ID=u2.USER_ID and u1.USERNAME=?"/>
</security:authentication-provider>
</security:authentication-manager>
part of my login.jsp code is
<form action="<c:url value="/login"/>" method="post">
<div class="form-group has-feedback">
<input type="email" class="form-control" placeholder="Email" name="username">
<span class="glyphicon glyphicon-envelope form-control-feedback"></span>
</div>
<div class="form-group has-feedback">
<input type="password" class="form-control" placeholder="Password" name="password">
<span class="glyphicon glyphicon-lock form-control-feedback"></span>
</div>
<div class="row">
<div class="col-xs-8">
<div class="checkbox icheck">
<label>
<input type="checkbox"> Remember Me
</label>
</div>
</div><!-- /.col -->
<div class="col-xs-4">
<button type="submit" class="btn btn-primary btn-block btn-flat" name="submit">Sign In</button>
</div><!-- /.col -->
</div>
</form>
and the console output is
Oct 16, 2015 1:06:03 AM org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/avispring/login] in DispatcherServlet with name 'spring'
Note:
Please help...
UPDATE:
when I used log4j, the debug output at the time of form submission is as follows:
DEBUG: org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: org.apache.catalina.connector.RequestFacade@c8b445 DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'spring' processing POST request for [/avispring/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /login DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Did not find handler method for [/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping@138f01b] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping - No handler mapping found for [/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping@1ff154c] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - No handler mapping found for [/login] WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/avispring/login] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.DispatcherServlet - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@c8b445 DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in WebApplicationContext for namespace 'spring-servlet': ServletRequestHandledEvent: url=[/avispring/login]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[3ms]; status=[OK] DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in Root WebApplicationContext: ServletRequestHandledEvent: url=[/avispring/login]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[3ms]; status=[OK] DEBUG: org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'spring' processing POST request for [/avispring/404.html] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /404.html DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Found 1 matching mapping(s) for [/404.html] : [{[/404.html]}] DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView com.avispring.controllers.HelloController.errorPage()] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter@511db5] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter@1a86ee] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter@c26a5f] DEBUG: org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - Invoking [HelloController.errorPage] method with arguments [] DEBUG: org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - Method [errorPage] returned [ModelAndView: reference to view with name '/404'; model is null] DEBUG: org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name '/404'; URL [/WEB-INF/jsp//404.jsp]] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.view.JstlView - Rendering view with name '/404' with model {} and static attributes {} DEBUG: org.springframework.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/jsp//404.jsp] in InternalResourceView '/404' DEBUG: org.springframework.web.servlet.DispatcherServlet - Cleared thread-bound request context: org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in WebApplicationContext for namespace 'spring-servlet': ServletRequestHandledEvent: url=[/avispring/404.html]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[1ms]; status=[OK] DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in Root WebApplicationContext: ServletRequestHandledEvent: url=[/avispring/404.html]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[1ms]; status=[OK]
329
As with any web application or website, Spring MVC returns the HTTP 404 response code when the requested resource can't be found.
0-M2 we deprecated the WebSecurityConfigurerAdapter , as we encourage users to move towards a component-based security configuration. To assist with the transition to this new style of configuration, we have compiled a list of common use-cases and the suggested alternatives going forward.
Once application up, open the http://localhost:8080/login URL in your browser. We will have the custom login page from spring security. Provide the valid credentials (which you used while registration), click on the “Sign In” button.
From Spring Boot 2.7, WebSecurityConfigurerAdapter is deprecated. In this tutorial, I will show you how to update your Web Security Config class in Spring Security without the WebSecurityConfigurerAdapter example.
Ok that was so frustrating and I have found my answer by hit and trial. To all others who are facing my problem I am posting my solution. I had to change only one line in my web.xml file. I had to replace this code
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
with this code
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and I don't even need this line in spring-security.xml file
<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
Hope that might help somebody. Happy coding...
138
Did you try setting the login-processing-url attribute of your <security:form-login> element? I use the same up-to-date versions of Spring and Spring Security as you and I added the login-processing-url attribute as follows:
login-processing-url="/j_spring_security_check"
Everything works properly, and I don't even need the following element:
<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
Of course, if you wish to use /login instead of /j_spring_security_check, you are free to do so. Just make sure the URIs you put in your JSP and in your Spring Security configuration file match.
Hope this will help...
Jeff
------------ UPDATE ------------
I think about it... Spring Security introduced Cross-Site Request Forgery (CSRF) protection in version 4. When I updated my code, in order to avoid adding CSRF management in all my protected JSPs (not necessary for my business needs), I had to add the following element in my <security:http> element:
<security:csrf disabled="true"/>
Please give it a try and tell me whether it worked.
20
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
