All geek questions in one place

Creating a Custom Login Form Using Spring Security

I am trying to get a custom login form to work with Spring Security 3.0.

The default login form works fine with the security configuration below. Then I added the form-login attribute, created the login controller and jsp page to handle the url / accounts / login and now has this problem: when I enter my guest / guest credentials, they send me back to the login page.

One thing I noticed in the catalina.out log is that a successful check looks through / j _security_check, while a failed search / accounts / j _security_check.

Here is my security-config.xml:

<http auto-config="true" use-expressions="true">
    <form-login login-page="/accounts/logIn" /><!--ADDED THIS AFTER TESTING DEFAULT LOGIN-->
    <intercept-url pattern="/accounts/logIn" access="permitAll()"/>
    <intercept-url pattern="/**" access="isAuthenticated()"/>
</http>

<authentication-manager alias="authenticationManager">
    <authentication-provider>
 <user-service>
            <user authorities="ROLE_USER" name="guest" password="guest"/>
        </user-service>
    </authentication-provider>
</authentication-manager>

Here is the catalina.out section that looks relevant:


DEBUG: org.springframework.security.web.FilterChainProxy - Candidate is: '/accounts/j_spring_security_check'; pattern is /**; matched=true
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 1 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@8cbb423'
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.sessi\
on.StandardSessionFacade@4679cf8c. A new one will be created.
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 2 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.authentication.logout.LogoutFilter@5d49453c'
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 3 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@756095fc'
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 4 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.authentication.www.BasicAuthenticationFilter@18170f98'
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 5 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@1200d083'
DEBUG: org.springframework.security.web.savedrequest.DefaultSavedRequest - pathInfo: both null (property equals)
DEBUG: org.springframework.security.web.savedrequest.DefaultSavedRequest - queryString: arg1=null; arg2=j_username=guest&j_password=guest (property not equals)
DEBUG: org.springframework.security.web.savedrequest.HttpSessionRequestCache - saved request doesn't match
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 6 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@737951b0'
DEBUG: org.springframework.security.web.FilterChainProxy - /accounts/j_spring_security_check?j_username=guest&j_password=guest at position 7 of 10 in additional filter\
 chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@49c06a6d'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.secur\
ity.authentication.AnonymousAuthenticationToken@6faaf9b0: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.securit\
y.web.authentication.WebAuthenticationDetails@ffff8868: RemoteIpAddress: 0:0:0:0:0:0:0:1%0; SessionId: 0560416CA2D07AFF3040E75867157A95; Granted Authorities: ROLE_ANON\
YMOUS'
+3
2

, , POST j_spring_security_check ; .

/accounts/j_spring_security_check?j_username=guest&j_password=guest

, , , .

, URL j_spring_security_check .

:

  • URL- "/accounts/j_spring_security_check" . "/j_spring_security_check".

  • <intercept-url> , URL . ( catch-all "/**" ). . <intercept-url>, URL , .

+4

, . default-target-url form-login, , .

,

<form-login default-target-url="/accounts/home" login-page="accounts/logIn" />

0

Source: https://habr.com/ru/post/1759026/

More articles:


All Articles