All geek questions in one place

Spring security custom UserDetailsService implementation + custom login page

I was trying to figure out how I can implement a simple application using Spring security 3.1 and struts2. In fact, I want to provide a custom implementation of UserDetailsService and also provide my own login page.

Although I worked on this small simple application for more than 10 days, I could not get it to work ... And the official documentation did not explain clearly how to do it.

In the configuration below, if I use the default login page provided by Spring Security, everything works correctly. When I try to use mine, I cannot log in, although the loadUserByUsername method is called, and a valid UserDetails is returned from the database, and I stick to the login page.

In the console, I get a message:

WARNING: No configuration found for the specified action: '/myApplication/j_spring_security_check' in namespace: ''. Form action defaulting to 'action' attribute literal value.

So I have a problem with the namespace?

Here is my code

web.xml

 <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN" "http://java.sun.com/dtd/web-app_2_3.dtd" > <web-app> <display-name>Archetype Created Web Application</display-name> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/applicationContext.xml /WEB-INF/applicationContext-security.xml </param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter> <filter-name>struts2</filter-name> <filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <filter-mapping> <filter-name>struts2</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Spring --> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <welcome-file-list> <welcome-file>public/index.jsp</welcome-file> </welcome-file-list> </web-app>

struts.xml

 <?xml version="1.0" encoding="UTF-8" ?> 

 <package name="public" namespace="/public" extends="struts-default"> <action name="login" class="loginAction"> <result name="success">/secure/welcome.jsp</result> <result name="input">login.jsp</result> </action> <action name="register" class="registerAction"> <result name="success">confirm_register.jsp</result> <result name="input">register.jsp</result> </action> </package> <package name="secure" namespace="/secure" extends="struts-default"> <action name="add" class="myApplication.action.UserAction" method="add"> <result name="success">welcome.jsp</result> </action> <action name="list" class="myApplication.action.UserAction" method="list"> <result name="success">list.jsp</result> </action> </package>

ApplicationContext-security.xml

 <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <global-method-security pre-post-annotations="enabled"> <!-- AspectJ pointcut expression that locates our "post" method and applies security that way <protect-pointcut expression="execution(* bigbank.*Service.post*(..))" access="ROLE_TELLER"/> --> </global-method-security> <http pattern="/resources" security="none" /> <http auto-config="true" use-expressions="true"> <intercept-url pattern="/public/*" access="permitAll" /> <intercept-url pattern="/logout" access="permitAll" /> <intercept-url pattern="/secure/*" access="hasRole('ROLE_USER') or hasRole('ROLE_ADMIN')" /> <intercept-url pattern="/denied" access="hasRole('ROLE_USER')" /> <intercept-url pattern="/" access="hasRole('ROLE_USER')" /> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp" /> <access-denied-handler error-page="/denied" /> <logout invalidate-session="true" logout-success-url="/logout/success" logout-url="/logout" /> </http> <authentication-manager> <authentication-provider user-service-ref="customUserDetailsService" /> </authentication-manager>

login.jsp

 <?xml version="1.0" encoding="ISO-8859-1" ?> <%@ taglib prefix="s" uri="/struts-tags"%> <%@ page language="java" contentType="text/html; charset=ISO-8859-1" pageEncoding="ISO-8859-1"%> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" /> </head> <body> <h1>Identification</h1> <s:form action="/myApplication/j_spring_security_check" method="post"> <s:actionerror /> <s:textfield label="Username" name="username"/> <s:textfield label="Password" name="password"/> <s:submit name="submit" /> </s:form> </body> </html>

Any idea / advice?

+4
source share
1 answer

First of all, use the <s:form> correctly http://struts.apache.org/2.x/docs/url.html or use the form tag. The second default spring is the username and password fields for authentication based on the j_username and j_password . So change the JSP to something similar and see if this works.

 <form action="j_spring_security_check" method="post"> <table> <s:textfield name="j_username" autofocus="autofocus" /> <s:password name="j_password" /> <s:submit/> </table> </form>
+2
source

Source: https://habr.com/ru/post/1443495/

More articles:


All Articles