The page isn't redirecting properly spring security

Shabarinath Volam Published at Dev

Shabarinath Volam

Hi I am trying to integrate spring security in my project after integrating when I am trying to login I am seeing this below error enter image description here

Here is my web.xml and spring-security.xml files

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee  
    http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<!-- The definition of the Root Spring Container shared by all Servlets and Filters -->

Enable this after correcting spring security
<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/applicationContext.xml,
        /WEB-INF/spring-security.xml
    </param-value>
</context-param> 

<context-param>
    <param-name>log4jConfigLocation</param-name>
    <param-value>/WEB-INF/log4j.xml</param-value>
</context-param>

<!-- Logging listener -->
<listener>
    <listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>


<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<!-- Spring Security disabled enable after correcting spring security-->
 <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>
          org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping> 

<filter>
   <filter-name>openSessionInViewFilter</filter-name>
   <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
   <init-param>
        <param-name>sessionFactoryBeanName</param-name>
        <param-value>sessionFactory</param-value>
   </init-param>
</filter>

<filter-mapping>
        <filter-name>openSessionInViewFilter</filter-name>
        <url-pattern>/*</url-pattern>
</filter-mapping>

<filter>
    <filter-name>sitemesh</filter-name>
    <filter-class>
        com.opensymphony.module.sitemesh.filter.PageFilter
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>sitemesh</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<servlet>
    <servlet-name>Image</servlet-name>
    <servlet-class>com.property.servlet.ImageServlet</servlet-class>
</servlet>

<servlet-mapping>
    <servlet-name>Image</servlet-name>
    <url-pattern>/images/*</url-pattern>
</servlet-mapping>

</web-app>

spring-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.3.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-2.0.xsd">

<!-- Mappings that do not require security (authentication/principal object is not available for these urls)-->
<!-- Pattern should start with /web . Patterns like /login,/home are not effected -->

<http use-expressions="true" auto-config="false" entry-point-ref="authenticationEntryPoint" access-denied-page="/accessDenied.jsp">
    <intercept-url pattern="/**" access="isAuthenticated()"/>
    <intercept-url pattern="/login" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
    <custom-filter position="FORM_LOGIN_FILTER" ref="authenticationProcessingFilter"  />
    <logout logout-url="/logout" logout-success-url="/login" />
</http>

<!-- loginFormUrl pattern is /login -->
<beans:bean id="authenticationEntryPoint"  class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
    <beans:property name="loginFormUrl" value="/login"/>
    <beans:property name="forceHttps" value="true"/>
</beans:bean>


<beans:bean id="authenticationProcessingFilter" class="com.property.controller.auth.PropertyAuthenticationProviderManager">
    <beans:property name="authenticationManager">
        <beans:ref bean="authenticationManager" />
    </beans:property>
    <beans:property name="filterProcessesUrl">
        <beans:value>/j_spring_security_check</beans:value>
    </beans:property>
    <beans:property name="rememberMeServices" ref="rememberMeServices"/>
    <beans:property name="authenticationSuccessHandler">
        <beans:ref bean="simpleUrlAuthenticationSuccessHandler" />
    </beans:property>
    <beans:property name="authenticationFailureHandler">
        <beans:ref bean="simpleUrlAuthenticationFailureHandler" />
    </beans:property>
</beans:bean>

<beans:bean id="rememberMeFilter" class="org.springframework.security.web.authentication.rememberme.RememberMeAuthenticationFilter">
  <beans:property name="rememberMeServices" ref="rememberMeServices"/>
  <beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>

<beans:bean id="rememberMeServices" class="org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices">
  <beans:property name="userDetailsService">
    <beans:bean class="com.property.controller.auth.UserAuthenticationService" />
  </beans:property>
  <beans:property name="key" value="springRocks"/>
</beans:bean>

<beans:bean id="simpleUrlAuthenticationSuccessHandler" class="com.property.controller.auth.PropertyUrlAuthenticationSuccessHandler">
    <beans:property name="defaultPortalTargetUrl">
        <beans:value>/home</beans:value>
    </beans:property>
</beans:bean>

<beans:bean id="simpleUrlAuthenticationFailureHandler" class="com.property.controller.auth.PropertyUrlAuthenticationFailureHandler">
    <beans:property name="defaultPortalFailureUrl">
        <beans:value>/login?error=1</beans:value>
    </beans:property>
</beans:bean>   

<beans:bean id="logoutSuccessHandler" class="org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler">
    <beans:property name="targetUrlParameter">
        <util:constant static-field="org.springframework.security.web.authentication.AbstractAuthenticationTargetUrlRequestHandler.DEFAULT_TARGET_PARAMETER"/>
    </beans:property>
</beans:bean>


<authentication-manager alias="authenticationManager">
    <authentication-provider ref='daoAuthenticationProvider'/>
</authentication-manager>

<beans:bean id="daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">       
    <beans:property name="userDetailsService">
        <beans:bean class="com.property.controller.auth.UserAuthenticationService" />
    </beans:property>
    <beans:property name="saltSource">
        <beans:ref bean="saltSource" />
    </beans:property>
    <beans:property name="passwordEncoder">
        <beans:ref bean="passwordEncoder" />
    </beans:property>
</beans:bean>

<beans:bean id="passwordEncoder" class="com.property.controller.auth.PasswordEncoder">
    <beans:property name="encodeHashAsBase64">
        <beans:value>false</beans:value>
    </beans:property>
</beans:bean>

<!-- aop:advisors(preauth and postauth...) configuration  -->
<beans:bean id="httpRequestAccessDecisionManager"   class="org.springframework.security.access.vote.AffirmativeBased">
    <beans:property name="allowIfAllAbstainDecisions">
        <beans:value>false</beans:value>
    </beans:property>
    <beans:property name="decisionVoters">
        <beans:list>
            <beans:bean class="org.springframework.security.access.vote.RoleVoter">
                <beans:property name="rolePrefix" value=""/>
            </beans:bean>
            <beans:bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
        </beans:list>
    </beans:property>
</beans:bean>

<beans:bean id="propertySecurity" class="org.springframework.security.access.intercept.aopalliance.MethodSecurityInterceptor">
    <beans:property name="authenticationManager" ref="authenticationManager" /> 
    <beans:property name="accessDecisionManager" ref="httpRequestAccessDecisionManager" />
    <beans:property name="securityMetadataSource" ref="securityMetadataSource"/>
</beans:bean>

<beans:bean id="saltSource" class="com.property.controller.auth.SaltSource">
</beans:bean>

<beans:bean id="securityMetadataSource" class="org.springframework.security.access.annotation.SecuredAnnotationSecurityMetadataSource"/>

<beans:bean class="org.springframework.security.web.access.expression.DefaultWebSecurityExpressionHandler"/>

 </beans:beans>

Here I am having two issues:

when I type localhost in my browser its redirecting to localhost/login (where should i change to redirect to /home)
when its redirected to login page I am getting the above error

can any once help me in resolving this issue

Chetan Aher

What is your app URL if its app/login

change your <intercept-url pattern="/login/**" access="permitAll" />

This worked for me Cheers!

Collected from the Internet

Please contact [email protected] to delete if infringement.