Announcement Announcement Module
Collapse
No announcement yet.
Spring-security login not working 404 Error Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring-security login not working 404 Error

    Hello, Im using
    Spring-security 3.0.5
    Hibernate 3.5.0
    jdk 1.6
    tomcat 6.0.29
    GWT 2.1.1


    I have tried to deploy my app to apache tomcat and it loads successfully. But when I try to login, I get an error message
    Code:
    The requested resource (/j_spring_security_check) is not available.
    Apparently when I run the app in development mode on eclipse using jetty, im able to log in successfully.

    When I take a look at the logs, nothing useful is logged which I can be able to know where my app breaks. Here is an output from my catalina.log log file

    Code:
    2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - SessionListener: contextDestroyed()
    2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - ContextListener: contextDestroyed()
    2011-03-03 12:45:47,454 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Shutting down log4j
    2011-03-03 12:45:47,461 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Closing Spring root WebApplicationContext
    2011-03-03 12:45:47,493 [Thread-2] ERROR org.apache.catalina.loader.WebappClassLoader - The web application [/precisionweb] registered the JBDC driver [org.postgresql.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered.
    2011-03-03 12:45:47,718 [Thread-2] WARN  org.apache.catalina.connector.MapperListener - Error unregistering MBeanServerDelegate
    java.lang.NullPointerException
            at org.apache.catalina.connector.MapperListener.destroy(MapperListener.java:176)
            at org.apache.catalina.connector.Connector.stop(Connector.java:1135)
            at org.apache.catalina.core.StandardService.stop(StandardService.java:596)
            at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
            at org.apache.catalina.startup.Catalina.stop(Catalina.java:648)
            at org.apache.catalina.startup.Catalina$CatalinaShutdownHook.run(Catalina.java:692)
    2011-03-03 12:45:47,719 [Thread-2] INFO  org.apache.coyote.http11.Http11Protocol - Stopping Coyote HTTP/1.1 on http-8080
    2011-03-03 12:45:47,719 [Thread-2] ERROR org.apache.catalina.connector.Connector - Coyote connector has not been started
    and this is an excerpt from my localhost.log
    Code:
    2011-03-03 12:45:43,746 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Initializing Spring root WebApplicationContext
    2011-03-03 12:45:46,220 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Set web app root system property: 'webapp.root' = [/usr/local/tomcat/webapps/precisionweb/]
    2011-03-03 12:45:46,220 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Initializing log4j from [/usr/local/tomcat/webapps/precisionweb/WEB-INF/classes/log4j.properties]
    2011-03-03 12:45:46,369 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - ContextListener: contextInitialized()
    2011-03-03 12:45:46,370 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - SessionListener: contextInitialized()
    2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - SessionListener: contextDestroyed()
    2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - ContextListener: contextDestroyed()
    2011-03-03 12:45:47,454 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Shutting down log4j
    2011-03-03 12:45:47,461 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Closing Spring root WebApplicationContext
    and from my catalina.out log file
    Code:
    [DEBUG] [http-8080-2 12:45:49] (AbstractSecurityInterceptor.java:authenticateIfRequired:292) Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 73ED62DBA4A7190169F657233DF21C81; Granted Authorities: ROLE_ANONYMOUS
    [DEBUG] [http-8080-2 12:45:49] (AffirmativeBased.java:decide:53) Voter: org.springframework.security.access.vote.RoleVoter@12f9924, returned: 0
    [DEBUG] [http-8080-1 12:45:49] (ExceptionTranslationFilter.java:doFilter:100) Chain processed normally
    [DEBUG] [http-8080-2 12:45:49] (AffirmativeBased.java:decide:53) Voter: [email protected]12, returned: 1
    [DEBUG] [http-8080-1 12:45:49] (HttpSessionSecurityContextRepository.java:saveContext:338) SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    [DEBUG] [http-8080-2 12:45:49] (AbstractSecurityInterceptor.java:beforeInvocation:213) Authorization successful
    [DEBUG] [http-8080-1 12:45:49] (SecurityContextPersistenceFilter.java:doFilter:89) SecurityContextHolder now cleared, as request processing completed
    [DEBUG] [http-8080-2 12:45:49] (AbstractSecurityInterceptor.java:beforeInvocation:223) RunAsManager did not change Authentication object
    [DEBUG] [http-8080-2 12:45:49] (FilterChainProxy.java:doFilter:362) /resources/Scarab-Precision-Green.gif reached end of additional filter chain; proceeding with original chain
    [DEBUG] [http-8080-2 12:45:49] (ExceptionTranslationFilter.java:doFilter:100) Chain processed normally
    [DEBUG] [http-8080-2 12:45:49] (HttpSessionSecurityContextRepository.java:saveContext:338) SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
    [DEBUG] [http-8080-2 12:45:49] (SecurityContextPersistenceFilter.java:doFilter:89) SecurityContextHolder now cleared, as request processing completed
    Here is my filter chain in my web.xml file

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <!DOCTYPE web-app
        PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
        "http://java.sun.com/dtd/web-app_2_3.dtd">
    
    <web-app>
      <!-- Location for Log4j logging properties -->
      <context-param>
          <param-name>log4jConfigLocation</param-name>
          <param-value>/WEB-INF/classes/log4j.properties</param-value>
       </context-param>
       
      <!-- Spring security filters -->
      <filter>
      <filter-name>springSecurityFilterChain</filter-name>
      <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
      </filter>
    	 
      <filter-mapping>
      <filter-name>springSecurityFilterChain</filter-name>
      <url-pattern>/*</url-pattern>
      </filter-mapping>
        .....
    from my application-context.xml
    Code:
    <http auto-config="true" access-denied-page="/">
            <intercept-url pattern="/precisionweb/**" access="ROLE_USER"/>
            <intercept-url pattern="/gwt/**" access="ROLE_USER"/>
            <intercept-url pattern="/**/*.html" access="ROLE_USER"/>
            <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
            <intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
            <form-login login-page="/login.jsp"/>
        </http>
    and my login.jsp

    Code:
    <div id="login_dialog" class="login_dialog">
       <form name="f" action="/j_spring_security_check" method="POST">
        <div id="user_name_login">
          <h2>Username</h2>
          <input autocapitalize="off" autocorrect="off" id="username" name="j_username" type="text"><br>
    
          <h2>Password</h2>
          <input id="password" name="j_password" type="password"><br>
    
            <label><input class="auto" id="remember_me" name="remember_me" value="1" type="checkbox"> Remember me on this computer</label><br>
    
          <input class="button" name="commit" value="Sign in" type="submit">
    My guess is that the security context filter isn't forwarding the login request properly. Help on this is highly appreciated.
    Last edited by kibyegon; Mar 3rd, 2011, 04:06 AM.

  • #2
    Thanks for providing log file excerpts, but unfortunately they don't show the actual login attempt.

    What is the actual URL that is displayed in your browser when you get the 404? Does it have a webapp context path in front of it (e.g. /precisionweb/j_spring_security_check) or not? When you were running in Jetty, was this application at the root of the web server (e.g. no "/precisionweb" prefix)?

    You are using a relative URL in your form ("/j_spring_security_check"), so unless you are doing something that you aren't sharing with us, this will resolve to the URL http://localhost:8080/j_spring_security_check (for example). Your web application is deployed to a context path, so the URL should be http://localhost:8080/precisionweb/j...security_check (for example). I'd suggest using the JSTL "url" tag to create a context-relative path, or use an analogous type of link building command in whatever UI framework you are using.

    Comment


    • #3
      thanks pmularien for your prompt answer.

      And you are right by stating that the context path i had in the form in my login page was resolving to the url http://localhost:8080/j_spring_security_check. I changed it to this action="/precisionweb/j_spring_security_check" method="POST"> and now it works. I ran the app on jetty and looked at the response using firebug and it actually gave the same error message
      Failed to load source for: http://127.0.0.1:8888/j_spring_security_check. Wonder why it logged me in anyway. Thanks for that, you really saved me alot of agony.

      Regarding your suggestions, I am using spring-security to provide security to my gwt app. I'm using jsps for the login, after that its all gwt. In this scenario, would using the JSTL "url" tag be a good option?

      Comment

      Working...
      X