Announcement Announcement Module
Collapse
No announcement yet.
Custom Login and login-processing-url Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Custom Login and login-processing-url

    Hello everyone,


    EDIT: I have a different problem now, please go to the 4th post, if you'd like to help me


    I have a project where I want to use spring security and of course try to do a custom login JSP.
    The problem I have now is, that when I hit submit, it does not go to the standard Spring "j_spring_security_check" page, but it goes directly to i.e.

    "http://localhost:27151/authentication/j_spring_security_check"

    Instead of staying in the context of the web application.

    I've tried varius things, as I know that I have to change the "login-processing-url" if my files are in a bit different order structure than just lying in the plain "Web Pages" folder, but I can't see to figure out how to do it.

    Here's my config:

    My folder structure is as follows:

    Prototype
    |
    |-Web Pages
    |
    |-authentication (here is the login.jsp)
    Everything else is quite normal.


    login page relevant part:
    HTML Code:
    <form id="loginForm" name="loginForm" action="/authentication/j_spring_security_check" method="post">
            <table>
              <tr><td>Username</td><td><input id="usernameField" type="text" name="j_username" /></td></tr>
              <tr><td>Password</td><td><input id="passwordField" type="password" name="j_password" /></td></tr>
              <tr><td><input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.</td></tr>
    
              <tr><td colspan="2" align="right"><input type="submit" value="Login" /></td></tr>
            </table>
    </form>
    application securiyt config:
    HTML Code:
     <http use-expressions="true" access-denied-page="/authentication/accessDenied.jsp">
            <form-login     login-page="/authentication/login.jsp"
                            login-processing-url="/authentication/j_spring_security_check"
                            authentication-failure-url="/authentication/login.jsp?login_error=1"
                            default-target-url="/index.jsp"/>
    The context of the projekt is "prototype", if that's any help.

    Thanks in advance, if I forgot crucial information, tell me.
    Last edited by sunami; Feb 5th, 2010, 06:46 AM.

  • #2
    I just read a few posts down (in "form login not working on Glassfish v3") that somebody had a problem with his application and the j_spring_security_check.

    I am also using a GF v3 Domain, does that lead to known problems?

    Comment


    • #3
      Hmm, I found my problem.

      Seems I don't need to set the login-processing-url at all, what I did wrong in the first try was to have the form action to be "/j_spring_security_check" instead of "j_spring_security_check".

      Now the login page processes as it should, just never lets anyone through, even with right credentials.
      At least the first problem was solved

      Comment


      • #4
        My problem now is, that I cannot figure out, how to get Spring to actually check anything.
        All it ever does is showing me that it cannot find the resource "j_spring_security_check"
        Please enlighten me how I have to configure the whole thing.


        My folder structure is as follows:

        Prototype
        |
        |-Web Pages
        |
        |-authentication (here is the login.jsp)

        Everything else is quite normal.

        Here's a couple of the debug code:

        Code:
        INFO: 2010-02-04 22:50:56,954 DEBUG [org.springframework.security.web.FilterChainProxy] - <Converted URL to lowercase, from: '/authentication/j_spring_security_check'; to: '/authentication/j_spring_security_check'>
        
        INFO: 2010-02-04 22:50:56,970 DEBUG [org.springframework.security.web.FilterChainProxy] - <Candidate is: '/authentication/j_spring_security_check'; pattern is /**; matched=true>
        
        INFO: 2010-02-04 22:50:56,970 DEBUG [org.springframework.security.web.FilterChainProxy] - </authentication/j_spring_security_check at position 1 of 11 in additional filter chain; firing Filter: '[email protected]1b03c'>
        
        INFO: 2010-02-04 22:50:56,986 DEBUG [org.springframework.security.web.FilterChainProxy] - </authentication/j_spring_security_check at position 2 of 11 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@d96047'>
        That isn't what is supposed to happen, is it?

        My login form looks as following now:

        HTML Code:
        <form id="loginForm" name="loginForm" action="j_spring_security_check" method="post">
                <table>
                  <tr><td>Username</td><td><input id="usernameField" type="text" name="j_username" /></td></tr>
                  <tr><td>Password</td><td><input id="passwordField" type="password" name="j_password" /></td></tr>
                  <tr><td><input type='checkbox' name='_spring_security_remember_me'/> Remember me on this computer.</td></tr>
        
                  <tr><td colspan="2" align="right"><input type="submit" value="Login" /></td></tr>
                </table>
        </form>
        and the relevant config part is:

        HTML Code:
            <http use-expressions="true" access-denied-page="/authentication/accessDenied.jsp">
                <form-login     login-page="/authentication/login.jsp"
                                
                                authentication-failure-url="/authentication/login.jsp?login_error=1"
                                default-target-url="/index.jsp"/>
        
                <!--Anonymer Zugriff ist fuer folgende Seiten erlaubt-->
                <intercept-url pattern="/authentication/login.jsp" access="hasRole('ROLE_ANONYMOUS')"/>
                <intercept-url pattern="/authentication/accessDenied.jsp" access="hasRole('ROLE_ANONYMOUS')"/>
                
                <!-- All other URLs which have no explicit allowance for unauthenticated users are restricted -->
                <intercept-url pattern="/**" access="isAuthenticated()" />
           
        
                <logout logout-success-url="/authentication/logout.jsp"/>
                <remember-me />
        Last edited by sunami; Feb 5th, 2010, 06:49 AM.

        Comment

        Working...
        X