I have created a custom login form using spring security some point of time it working as perfect but some times after login URL is redirecting to css or images or js folders. After i hit refresh it working fine, i dont know what is wrong with my spring security.
Custom login page
<form:form class="form-vertical login-form" action="j_spring_security_check" method="post">
<h3 class="form-title">Login to your account</h3>
<input type="text" autocomplete="off" placeholder="Username" name="j_username"/>
<input type="password" autocomplete="off" placeholder="Password" name="j_password"/>
<font color="red">
<span>${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}</span>
</font>
</form:form>
Security context xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- We will be defining all security related configurations in this file -->
<http pattern="/" security="none"/>
<http use-expressions="true">
<intercept-url pattern="/**" access="isAuthenticated()"/> <!-- this means all URL in this app will be checked if user is authenticated -->
<!-- We will just use the built-in form login page in Spring -->
<form-login login-page="/" login-processing-url="/j_spring_security_check" default-target-url="/home" authentication-failure-url="/"/>
<logout logout-url="/logout" logout-success-url="/"/> <!-- the logout url we will use in JSP -->
</http>
<authentication-manager>
<authentication-provider>
<!-- Normally, in this part, you will declare the source of your users
But for simplicity, we will hard-code the users. This is very useful while testing setup -->
<user-service>
<user name="admin" password="admin" authorities="Admin, User"/>
<user name="user" password="user" authorities="User"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
Login Controller
@RequestMapping("/")
public String loginForm()
{
return "login";
}
Web xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd" id="WebApp_ID" version="2.5">
<display-name>YESKAY</display-name>
<!-- Spring security -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-servlet.xml
/WEB-INF/security-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
</listener>
<!-- Define a filter to enable Spring Security, be sure to use the suggested name 'springSecurityFilterChain' -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- <welcome-file-list>
<welcome-file>index.html</welcome-file>
<welcome-file>index.htm</welcome-file>
<welcome-file>index.jsp</welcome-file>
<welcome-file>default.html</welcome-file>
<welcome-file>default.htm</welcome-file>
<welcome-file>default.jsp</welcome-file>
</welcome-file-list>-->
</web-app>
Successful login url
http://localhost:8080/PROJECT/home
Some times redirect to below url or something else
http://localhost:8080/PROJECT/resources/assets/plugins/font-awesome/font/fontawesome-webfont.ttf?v=3.2.0
My folder Structure
You need to omit requests for your static resources path from Spring Security's filters, otherwise it can get confused about what the actual request was that triggered a login (since the browser will also send requests for the page resources such as images).
Adding something like
<http pattern="/resources/**" security="none"/>
to the top of your configuration should do it.
この記事はインターネットから収集されたものであり、転載の際にはソースを示してください。
侵害の場合は、連絡してください[email protected]
コメントを追加