I am working with Spring Security 4 based on XML.
This is my configuration:
<security:http use-expressions="true" authentication-manager-ref="authenticationManager" entry-point-ref="authenticationEntryPoint">
<security:intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<security:form-login authentication-success-handler-ref="authenticationSuccessHandler"
authentication-failure-handler-ref="authenticationFailureHandler"
/>
<security:logout success-handler-ref="logoutSuccessHandler"/>
<security:csrf disabled="true"/>
</security:http>
<security:authentication-manager id="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="username" authorities="ROLE_USER" password="password"/>
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
<bean id="authenticationEntryPoint" class="package.CustomBasicAuthenticationEntryPoint">
authenticationEntryPoint has the following implementation:
public class CustomBasicAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException e) throws IOException, ServletException {
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
}
}
The problem is when trying to authenticate:
http://localhost:8080/myApp/api/j_spring_security_check with body: j_password=password&j_username=username
I always have error 401 due to my user entry point. It seems to me that Spring Security does not call the authentication manager. Did I miss something?
Thanks for the help.
Update
Thanks for your answers, I worked with Spring Security 3.2, I changed j_username, j_password and j_spring_security_check to username, password and login. I still have the same problem: 401 code status: Spring Security triggers user authentication by EnterPoint even when I try to authenticate using a form (POST).