xwhyz xwhyz - 5 months ago 34
Java Question

Why j_spring_security_check 404?

I'm trying to implement form based authentication with Spring security. Redirection works fine:
my main page works correctly and for

http://localhost:8080/master/admin
I'm redirected to login page (
http://localhost:8080/master/login/
):

<form action="j_spring_security_check" method="POST">
<label for="username">User Name:</label>
<input id="username" name="j_username" type="text"/>
<label for="password">Password:</label>
<input id="password" name="j_password" type="password"/>
<input type="submit" value="Log In"/>
</form>

but when I submit I get 404 on address: `http://localhost:8080/master/login/j_spring_security_check`


Here's my configuration web.xml:

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>


And my root-context.xml (i made redirection to google so that I know page exists in context)

<sec:http auto-config="true">
<sec:intercept-url pattern="/admin/**" access="ROLE_USER" />
<sec:form-login login-page="/login/"
authentication-failure-url="http://www.google.com" default-target-url="http://www.google.com" />
<sec:logout logout-success-url="/logout" />
</sec:http>

<sec:authentication-manager>
<sec:authentication-provider>
<sec:user-service>
<sec:user name="test" password="test" authorities="ROLE_USER, ROLE_ADMIN" />
<sec:user name="testuser" password="testuserpassword"
authorities="ROLE_USER" />
</sec:user-service>
</sec:authentication-provider>
</sec:authentication-manager>


I've lost quite a lot of time already, trying different combinations but no luck. Any help is appreciated!

Answer

I think it may be the fact your security form should point to

/master/j_spring_security_check