来源:蜘蛛抓取(WebSpider)
时间:2014-10-22 20:47
标签:
tomcat status 404
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free.
Hi I am trying to configure spring security on my application.But once I enter the username and password and submit the form, I get error
HTTP Status 404 - /j_spring_security_check The requested resource is not available.
Following are the my configuration files :
&filter-mapping&
&filter-name&CharacterEncodingFilter&/filter-name&
&url-pattern&/*&/url-pattern&
&/filter-mapping&
&filter-name&springSecurityFilterChain&/filter-name&
&filter-class&org.springframework.web.filter.DelegatingFilterProxy&/filter-class&
&filter-mapping&
&filter-name&springSecurityFilterChain&/filter-name&
&url-pattern&/*&/url-pattern&
&/filter-mapping&
&listener&
&listener-class&org.springframework.web.context.ContextLoaderListener&/listener-class&
&/listener&
&context-param&
¶m-name&contextConfigLocation&/param-name&
¶m-value&/WEB-INF/applicationContext.xml,/WEB-INF/taskTracker-app.xml,/WEB-INF/taskTracker-servlet.xml,/WEB-INF/taskTracker-security.xml&/param-value&
&/context-param&
&servlet-name&taskTracker&/servlet-name&
&servlet-class&org.springframework.web.servlet.DispatcherServlet&/servlet-class&
&load-on-startup&2&/load-on-startup&
&/servlet&
&servlet-mapping&
&servlet-name&taskTracker&/servlet-name&
&url-pattern&*.html&/url-pattern&
&/servlet-mapping&
taskTracker-servlet.xml
&?xml version="1.0" encoding="UTF-8"?&
&beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.directwebremoting.org/schema/spring-dwr
http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd"&
&bean id="TaskTrackerLoginController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController"&
&property name="viewName"&
&value&/taskTracker/sign-in&/value&
&/property&
&bean id="TaskTrackerErrorController"
class="org.springframework.web.servlet.mvc.ParameterizableViewController"&
&property name="viewName"&
&value&/taskTracker/error&/value&
&/property&
&bean id="WelcomeController" class="com.tracker.web.controllers.WelcomeController"&
&property name="BusinessLogic"&
&ref bean="BusinessLogic" /&
&/property&
&property name="viewName"&
&value&/taskTracker/welcome&/value&
&/property&
&bean id="nonSecurePageMappings"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"&
&property name="mappings"&
&prop key="/taskTracker/sign-in.html"&TaskTrackerLoginController&/prop&
&prop key="/taskTracker/error.html"&TaskTrackerErrorController&/prop&
&/property&
&bean id="PageMappings"
class="org.springframework.web.servlet.handler.SimpleUrlHandlerMapping"&
&property name="mappings"&
&prop key="/taskTracker/welcome.html"&WelcomeController&/prop&
&/property&
&bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver"&
&property name="viewClass"&
&value&org.springframework.web.servlet.view.JstlView&/value&
&/property&
&property name="prefix"&
&value&/WEB-INF/jsp/&/value&
&/property&
&property name="suffix"&
&value&.jsp&/value&
&/property&
taskTracker-security.xml
&beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd"&
&bean id="SecurityService" class="com.tracker.web.security.SecurityService"&
&property name="BusinessLogic"&
&ref bean="BusinessLogic" /&
&/property&
&security:http access-denied-page="/taskTracker/tracker/error.html" auto-config="false"&
&security:session-management invalid-session-url="/taskTracker/sign-in.html"&
&/security:session-management&
&security:form-login login-page="/taskTracker/sign-in.html" default-target-url="/taskTracker/welcome.html"
always-use-default-target="false" authentication-failure-url="/taskTracker/sign-in.html?error=1" /&
&security:logout invalidate-session="true" logout-success-url="/taskTracker/sign-in.html" /&
&security:intercept-url pattern="/taskTracker/sign-in.html*" filters="none" /&
&security:intercept-url pattern="/taskTracker/welcome.html*" /&
&/security:http&
&security:authentication-manager&
&security:authentication-provider user-service-ref="SecurityService" /&
&/security:authentication-manager&
taskTracker-app.xml
&?xml version="1.0" encoding="UTF-8"?&
&beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:dwr="http://www.directwebremoting.org/schema/spring-dwr"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
http://www.directwebremoting.org/schema/spring-dwr
http://www.directwebremoting.org/schema/spring-dwr-2.0.xsd"&
&bean id="userDao" class="com.tracker.data.dao.jdbc.UserJdbcDao"&
&property name="dataSource"&
&ref bean="dataSource" /&
&/property&
&bean id="BusinessLogic" class="com.tracker.business.logic.TrackerBusinessLogicImpl"&
&property name="userLogic"&
&ref bean="userLogic" /&
&/property&
&bean id="userLogic" class="com.tracker.business.logic.user.UserLogic"&
&property name="userDao"&
&ref bean="userDao" /&
&/property&
SecurityService.java
package com.tracker.web.
import org.apache.log4j.L
import org.springframework.dao.DataAccessE
import org.springframework.security.core.userdetails.UserD
import org.springframework.security.core.userdetails.UserDetailsS
import org.springframework.security.core.userdetails.UsernameNotFoundE
import com.tracker.business.logic.TrackerBusinessL
import com.tracker.business.model.U
public class SecurityService implements UserDetailsService {
private final static Logger log = Logger.getLogger(SecurityService.class);
private TrackerBusinessLogic trackerBusinessL
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
String errMsg = "User with username: " +
User user = trackerBusinessLogic.loadUser(username);
if(user!=null) {
// user has been loaded
log.error("User with username: " + username + " not found");
public TrackerBusinessLogic getBusinessLogic() {
return trackerBusinessL
public void setBusinessLogic(TrackerBusinessLogic trackerBusinessLogic) {
this.trackerBusinessLogic = trackerBusinessL
sign-in.jsp
&html lang="en-US"&
&title&Login&/title&
&div class="login"&
&h1&Task Tracker Login&/h1&
&form action="/j_spring_security_check" method="post"&
&input type="text" name="j_username" value="" placeholder="Username" required="required" /&
&input type="password" name="j_password" placeholder="Password" required="required" /&
&input type="hidden" name="referrer" value="${param.referrer}" /&
&input type="submit" value="Let me in." class="btn btn-primary btn-block btn-large"&
Please help me with what am I missing here. Thank You.
7,36271739
In your sign-in.jsp, you need to change the URL to which you are submitting the login request, which you can achieve as below:
&c:url value="/j_spring_security_check" var="loginUrl" /&
and use this in your form action:
&form action="${loginUrl}" method="post"&
The login-processing-url attribute defaults to /j_spring_security_check, and specifies the URL that the login form (which should include the username and password) should be submitted to, using an HTTP post.
5,30121020
I fixed that error when add ${request.contextPath} before /j_spring_security_check
Your Answer
Sign up or
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Post as a guest
By posting your answer, you agree to the
Not the answer you're looking for?
Browse other questions tagged
Stack Overflow works best with JavaScript enabledISSUU - _ca_vancouver by Metro Canada
_ca_vancouver
_ca_vancouverHTTP Status 404 - /j_spring_security_check (Spring forum at JavaRanch)
This week's book giveaway is in the
forum.We're giving away four copies of Amazon Web Services in Action and have Andreas Wittig & Michael Wittig on-line!See
for details.
A friendly place for programming greenhorns!
Big Moose Saloon
Win a copy of
this week in the
HTTP Status 404 - /j_spring_security_check
Hi, with spring mvc 3.0 ,
, jboss7, I created a login page with user id and password.
When I entered user id and password, it shown the following error:
HTTP Status 404 - /j_spring_security_check
on console:
09:54:48,820 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http--192.168.1.20-8080-1) Access is denied (user is anonymous); redirecting to authentication entry point: org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) [spring-security-core-3.0.2.RELEASE.jar:]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) [spring-security-core-3.0.2.RELEASE.jar:]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) [spring-web-3.0.4.RELEASE.jar:3.0.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) [spring-web-3.0.4.RELEASE.jar:3.0.4.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_07]
There are 2 issues here, firstly is the on page error, secondly is authentication failed even I have defined user/password in my security-config.xml file.
Here is the security-config.xml file:
&?xml version="1.0" encoding="UTF-8"?&
&beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
&!-- Configure Spring Security --&
&security:http auto-config="true"&
&security:form-login login-page="/auth/login" login-processing-url="/loginProcess"
default-target-url="/categories/search" authentication-failure-url="/auth/login?login_error=1" /&
&security:logout logout-url="/auth/logout" logout-success-url="/logoutSuccess" /&
&security:intercept-url pattern="/addDelivery" access="ROLE_SUPERVISOR" /&
&security:intercept-url pattern="/editDelivery" access="ROLE_SUPERVISOR" /&
&security:intercept-url pattern="/deleteDelivery" access="ROLE_SUPERVISOR" /&
&security:intercept-url pattern="/j_spring_security_check" access="ROLE_SUPERVISOR" /&
&/security:http&
Define local authentication provider, a real app would use an external provider (JDBC, LDAP, CAS, etc)
usernames/passwords are:
sam/mypass
&security:authentication-manager&
&security:authentication-provider&
&security:password-encoder hash="md5" /&
&security:user-service&
&security:user name="sam" password="417cbc25b5da" authorities="ROLE_USER, ROLE_SUPERVISOR" /&
&/security:user-service&
&/security:authentication-provider&
&/security:authentication-manager&
loginpage.jsp:
&%@ taglib uri="/jsp/jstl/core" prefix="c" %&
&%@ taglib uri="http://www.springframework.org/tags/form" prefix="form" %&
&%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %&
&%@ page language="java" contentType="text/ charset=UTF-8"
pageEncoding="UTF-8"%&
&!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"&
&meta http-equiv="Content-Type" content="text/ charset=UTF-8"&
&title&Insert title here&/title&
&h1&Login&/h1&
&div id="login-error"&${error}&/div&
&form action="../../j_spring_security_check" method="post" &
&label for="j_username"&Username&/label&
&input id="j_username" name="j_username" type="text" /&
&label for="j_password"&Password&/label&
&input id="j_password" name="j_password" type="password" /&
type="submit" value="Login"/&
Hello After rewritten the security-config.xml file, I don't know why I am still getting ROLE_ANONYMOUS as shown below:
17:07:29,650 DEBUG [org.springframework.security.web.access.intercept.FilterSecurityInterceptor] (http--192.168.1.20-8080-1) Previously Authenticated: org.springframework.security.authenticati
on.AnonymousAuthenticationToken@: Principal: anonymousU Password: [PROTECTED]; Authenticated: Details: org.springframework.security.web.authentication.WebAuthenticationDetail
s@166c8: RemoteIpAddress: 192.168.1.105; SessionId: ETssDT2jtiDvsCZ7AHN9tcFM. Granted Authorities: ROLE_ANONYMOUS
17:07:29,656 DEBUG [org.springframework.security.access.vote.AffirmativeBased] (http--192.168.1.20-8080-1) Voter: org.springframework.security.web.access.expression.WebExpressionVoter@5293e6bc
, returned: -1
17:07:29,657 DEBUG [org.springframework.security.web.access.ExceptionTranslationFilter] (http--192.168.1.20-8080-1) Access is denied (user is anonymous); redirecting to authentication entry po
int: org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) [spring-security-core-3.0.2.RELEASE.jar:]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203) [spring-security-core-3.0.2.RELEASE.jar:]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54) [spring-security-web-3.0.2.RELEASE.jar:
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilter(BasicAuthenticationFilter.java:177) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:188) [spring-security-web-3.0.2.RELEASE.j
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149) [spring-security-web-3.0.2.RELEASE.jar:]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237) [spring-web-3.0.4.RELEASE.jar:3.0.4.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167) [spring-web-3.0.4.RELEASE.jar:3.0.4.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:280) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:248) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:161) [jbossweb-7.0.13.Final.jar:]
at org.jboss.as.web.security.SecurityContextAssociationValve.invoke(SecurityContextAssociationValve.java:153) [jboss-as-web-7.1.1.Final.jar:7.1.1.Final]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:155) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [jbossweb-7.0.13.Final.jar:]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:368) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [jbossweb-7.0.13.Final.jar:]
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:671) [jbossweb-7.0.13.Final.jar:]
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:930) [jbossweb-7.0.13.Final.jar:]
at java.lang.Thread.run(Thread.java:619) [rt.jar:1.6.0_07]
It looks like my CustomUserDetailsService class didn't get called.
Here is the CustomUserDetailsService.java class:
@Transactional(readOnly = true)
public class CustomUserDetailsService implements UserDetailsService {
protected static Logger logger = Logger.getLogger("service");
private UserDAO userDAO = new UserDAO();
* Retrieves a user record containing the user's credentials and access.
public UserDetails loadUserByUsername(String username)
throws UsernameNotFoundException, DataAccessException {
// Declare a null Spring User
UserDetails user =
// Search database for a user that matches the specified username
// You can provide a custom DAO to access your persistence layer
// Or use JDBC to access your database
// DbUser is our custom domain user. This is not the same as Spring's User
DbUser dbUser = userDAO.searchDatabase(username);
// Populate the Spring User object with details from the dbUser
// Here we just pass the username, password, and access level
// getAuthorities() will translate the access level to the correct role type
dbUser.getUsername(),
dbUser.getPassword().toLowerCase(),
getAuthorities(dbUser.getAccess()) );
} catch (Exception e) {
logger.error("Error in retrieving user");
throw new UsernameNotFoundException("Error in retrieving user");
// Return user to Spring for processing.
// Take note we're not the one evaluating whether this user is authenticated or valid
// We just merely retrieve a user that matches the specified username
* Retrieves the correct ROLE type depending on the access level, where access level is an Integer.
* Basically, this interprets the access value whether it's for a regular user or admin.
* @param access an integer value representing the access of the user
* @return collection of granted authorities
public Collection&GrantedAuthority& getAuthorities(Integer access) {
// Create a list of grants for this user
List&GrantedAuthority& authList = new ArrayList&GrantedAuthority&(2);
// All users are granted with ROLE_USER access
// Therefore this user gets a ROLE_USER by default
logger.debug("Grant ROLE_USER to this user");
authList.add(new GrantedAuthorityImpl("ROLE_USER"));
// Check if this user has admin access
// We interpret Integer(1) as an admin user
if ( pareTo(1) == 0) {
// User has admin access
logger.debug("Grant ROLE_ADMIN to this user");
authList.add(new GrantedAuthorityImpl("ROLE_ADMIN"));
// Return list of granted authorities
return authL
security-config.xml file:
&?xml version="1.0" encoding="UTF-8"?&
&beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
&!-- Configure Spring Security --&
&security:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" &
&security:intercept-url pattern="/addDelivery" access="hasRole('ROLE_ADMIN')" /&
&security:intercept-url pattern="/editDelivery" access="hasRole('ROLE_ADMIN')" /&
&security:intercept-url pattern="/deleteDelivery" access="hasRole('ROLE_ADMIN')" /&
&security:intercept-url pattern="/j_spring_security_check" access="ROLE_SUPERVISOR" /&--&
&security:form-login
login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/deliveries"/&
&security:logout
invalidate-session="true"
logout-success-url="/auth/login"
logout-url="/auth/logout"/&
&/security:http&
&security:authentication-manager&
&!-- Declare an authentication-manager to use a custom userDetailsService --&
&security:authentication-provider user-service-ref="customUserDetailsService"&
&security:password-encoder ref="passwordEncoder"/&
&/security:authentication-provider&
&/security:authentication-manager&
&!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database --&
&bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/&
&!-- A custom service where Spring will retrieve users and their corresponding access levels
&bean id="customUserDetailsService" class="deliveries.manager.service.CustomUserDetailsService"/&
Any suggestion is very appreciated.
Wow two confusions in a row for me in this forum.
Is this the same question here
That I posted to already, or is this a different one???
Yes similar problem. I have posted a security-config.xml file here.
Do yo know what is wrong with my spring security configuration?
As I said in the other thread. PLEASE POST with the CODE tags. I can't read your config or code at all without any indentation. It looks ugly and unreadable.
OK, at first I was looking at the config and didn't see a &security:login-page tag. What I did see is that you secured the security check url. How can you run the security check to login if you have to be logged in to login. Basically, you do not secure the login page or j_spring_security_check. It looks like you might have solved that part later on, but again I can't read your config because it is not posted correctly.
&&security:http auto-config="true"
you do not need
auto-config="true"
This could be a big part of why you get ROLE_ANONYMOUS as auto-config will also allow anonymous login.
Your custom UserDetailsService actually looks pretty good. One gotcha, that looks like you avoided was the prefix "ROLE_". By default all roles have to be prefixed with that. There is a way to override that but you are fine there.
Yeah, I think this is a different question than your other post, iirc.
Sorry using incorrect code tag.
Here is my security-config.xml file :
&?xml version="1.0" encoding="UTF-8"?&
&beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd"&
&!-- Configure Spring Security --&
&security:http auto-config="true" use-expressions="true" access-denied-page="/auth/denied" &
&security:intercept-url pattern="/auth/login" access="permitAll"/&
&security:intercept-url pattern="/addDelivery" access="hasRole('ROLE_ADMIN')" /&
&security:intercept-url pattern="/editDelivery" access="hasRole('ROLE_ADMIN')" /&
&security:intercept-url pattern="/deleteDelivery" access="hasRole('ROLE_ADMIN')" /&
&security:intercept-url pattern="/j_spring_security_check" access="ROLE_SUPERVISOR" /&--&
&security:form-login
login-page="/auth/login"
authentication-failure-url="/auth/login?error=true"
default-target-url="/deliveries"/&
&security:logout
invalidate-session="true"
logout-success-url="/auth/login"
logout-url="/auth/logout"/&
&/security:http&
&security:authentication-manager&
&!-- Declare an authentication-manager to use a custom userDetailsService --&
&security:authentication-provider user-service-ref="customUserDetailsService"&
&security:password-encoder ref="passwordEncoder"/&
&/security:authentication-provider&
&/security:authentication-manager&
&!-- Use a Md5 encoder since the user's passwords are stored as Md5 in the database --&
&bean class="org.springframework.security.authentication.encoding.Md5PasswordEncoder" id="passwordEncoder"/&
&!-- A custom service where Spring will retrieve users and their corresponding access levels
&bean id="customUserDetailsService" class="deliveries.manager.service.CustomUserDetailsService"/&
Hi I tried to resolve that by changing url-pattern from / to /* in web.xml:
&servlet-mapping&
&servlet-name&dispatcherServlet&/servlet-name&
&url-pattern&/*&/url-pattern&
&/servlet-mapping&
But it reported " No mapping found for HTTP request with URI [/DeliveriesManager-web/WEB-INF/views/home.jsp] in DispatcherServlet with name 'dispatcherServlet'
when I started up the home page.
Cool you found the CODE tags.
I guess, I'll just post my code and you can compare.
First the filter in my Web.xml
yours would be "/*" if you want your app to use the root context. Make sure your DispatcherServlet has the same mapping
&filter-name&springSecurityFilterChain&/filter-name&
&filter-class&org.springframework.web.filter.DelegatingFilterProxy&/filter-class&
&filter-mapping&
&filter-name&springSecurityFilterChain&/filter-name&
&url-pattern&/*&/url-pattern&
&/filter-mapping&
Here is my security config with a couple of security info removed. But I have a custom UserDetailsService class which is a UserRepository which is not defined in xml as a bean, so you don't see that config in my security xml file. But as you can see if is very very simple. This is for the URLs
Also it goes without saying the security xsd is the default, no prefix.
&form-login login-page="/login.jsp" /&
&anonymous /&
&intercept-url pattern="/login.jsp" filters="none"/&
&intercept-url pattern="/something/inner/*" access="ROLE_ADMIN"/&
&intercept-url pattern="/something/*" access="ROLE_ADMIN, ROLE_USER"/&
&intercept-url pattern="/**" access="hasAnyRole(ROLE_GEORGE, ROLE_JOHN, ROLE_PAUL, ROLE_RINGO)" /&
&logout logout-url="/j_spring_security_logout" logout-success-url="/home" /&
Hope that helps
Here's the link:
subject: HTTP Status 404 - /j_spring_security_check
Similar Threads
All times are in JavaRanch time: GMT-6 in summer, GMT-7 in winter
