Announcement Announcement Module
Collapse
No announcement yet.
Form Login page spring_security_log is not available (HTTP Status 404) Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Form Login page spring_security_log is not available (HTTP Status 404)

    My server has been using spring security (current version 3.0.5.RELEASE) successfully on its SOAP interface for a long time.

    The server also has a REST interface implemented using jersey. I am now adding spring security based authentication on some of the Jersey resource methods. I want the REST client to be forced to authenticate when accessing the search() method of my jersey resource. So I annotate it with the org.springframework.security.access.prepost.PreAut horize annotation as follows:

    Code:
    @Path("/")
    @Component
    @Scope("singleton")
    public class MyRestResource {
    
        @Path("/search")
        @GET
        @PreAuthorize("isAuthenticated()")
        public Response search(...) {
        }
    }
    Next I edited my web.xml to add the following:

    Code:
    <web-app version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" 
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
      xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
        ...
        <filter>
            <filter-name>springSecurityFilterChain</filter-name>
            <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
            </filter-class>
        </filter>
    
        <filter-mapping>
            <filter-name>springSecurityFilterChain</filter-name>
            <url-pattern>/rest/*</url-pattern>
    
        </filter-mapping>
        ...
    </web-app>
    Finally I edited my servers application context to enable form based authentication on my REST interface with teh following additions:

    Code:
    <beans xmlns="http://www.springframework.org/schema/beans"
           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
           xmlns:security="http://www.springframework.org/schema/security"
           xmlns:util="http://www.springframework.org/schema/util"
           xmlns:p="http://www.springframework.org/schema/p"
           xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                               http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd
           http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-3.0.xsd">
        ...
        <security:global-method-security pre-post-annotations="enabled" />
    
        <security:http auto-config='true'>
            <security:intercept-url pattern="/**"  />
            <security:anonymous username="guest" granted-authority="ROLE_Guest"/>
            <security:form-login/>
            <security:logout/>
        </security:http>    
    <beans>
    When I start my server it works as normal with SOAP requests (good, nothing broke). When I try the REST request it tries to navigate to http://localhost:8080/my-app-context...security_login (good, redirect is being attempted). However, it gets a 404 when accessing that page (bad).

    Can any one guide me as to why I am getting a 404 on the spring-security provided web page spring_security_login? Also, where can I find the source to this page so I can customize it.
    Thank you for your help.

  • #2
    If you donít prefer the default login page, you can provide a custom login page of your own:

    HTML Code:
    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
    <html>
    <head>
    <title>Login</title>
    </head>
    <body>
    	<form method="POST" action="<c:url value="/j_spring_security_check" />">
    		<table>
    			<tr>
    				<td align="right">Username</td>
    				<td><input type="text" name="j_username" /></td>
    			</tr>
    			<tr>
    				<td align="right">Password</td>
    				<td><input type="password" name="j_password" /></td>
    			</tr>
    			<tr>
    				<td align="right">Remember me</td>
    				<td><input type="checkbox" name="_spring_security_remember_me" /></td>
    			</tr>
    			<tr>
    				<td colspan="2" align="right"><input type="submit"
    					value="Login" /> <input type="reset" value="Reset" /></td>
    			</tr>
    		</table>
    	</form>
    </body>
    </html>
    In order for Spring Security to display your custom login page when a login is requested, you have to
    specify its URL in the login-page attribute:
    HTML Code:
    <http>
    ...
    <form-login login-page="/login.jsp" />
    </http>

    Comment

    Working...
    X