Announcement Announcement Module
No announcement yet.
spring security - login logout configuration Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • spring security - login logout configuration

    My below configuration ain't working not sure wats wrong ..

    <http auto-config='true' path-type="regex">
    		<http-basic />
    		<intercept-url pattern="/js/.*" filters="none"/>
    		<intercept-url pattern="/htmlTest/login.html" filters="none"/>
    		<intercept-url pattern=".*" access="ROLE_USER" />
    		<form-login login-page="/htmlTest/login.html" />		
    		<logout logout-success-url="/htmlTest/login.html" />

    In the login.html there is a form that does post to ../j_spring_security_check

    **Note that the html pages are in htmlTest directory.

    The directory structure would look like this -
         |- htmlTest
         |- WEB-INF
              | - ...other folders
              | - ....other folders
    When I click on the login button in the form it does a POST request to
    localhost:8080/myApp/j_spring_security_check. What that gets back is the login.html page again !!!!

    Something is not right here in the configuration.

  • #2
    You'll need to include the default-target-url, which will be the landing page after a successful authentication.
    e.g <form-login login-page="/htmlTest/login.html" default-target-url="/html/htmlTest/successfullogin.html"/>


    • #3
      documentation says something different though -

      Maps to the defaultTargetUrl property of UsernamePasswordAuthenticationFilter. If not set, the default value is "/" (the application root). A user will be taken to this URL after logging in, provided they were not asked to login while attempting to access a secured resource, when they will be taken to the originally requested URL.
      The last line is confusing.. :/


      • #4
        And what authorization does the application-root require? If the application root requires access level that doesn't match the access granted to the logged in user, then the login form will be redisplayed.
        Resources are usually protected as follows:
        <intercept-url pattern="/htmlTest/**" access="ROLE_ADMIN"/>


        • #5
          here is the problem. Everything works fine without using the form. I can see default login page etc..

          Now when i use a login page, it basically submits the form and waits for response either success or failure. Which i doubt the spring security 3 returns back.
          After successful authentication I can see that I am directed to the required resource ...
          so for example, the POST request after clicking the login button in the form, gets back with the default index.html page in the web application. However, I am still on the login page though.

          So here is how the response looks like
          Request -
          POST http://localhost:8080/myApp/j_spring_security_check
          Response - 
          302 Moved Temporarily 
          <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "">
          <meta HTTP-EQUIV="REFRESH" content="0; url=./htmlTest/index.html">
          Which to me seems right, but I would want to change the page or get the location of the resource which in the above case would be /index.html


          • #6
            that POST request comes back with 302 Resource moved temporarily and tries to fetch the requested resource on successfull authentication.


            • #7
              Originally posted by muncher View Post
              that POST request comes back with 302 Resource moved temporarily and tries to fetch the requested resource on successfull authentication.
              Oops, the problem was instead of doing standard submit, i did an AJAX request. My Bad.