Spring Security login returns 404

java spring jsp spring-mvc spring-security
18,101

Solution 1

Ok that was so frustrating and I have found my answer by hit and trial. To all others who are facing my problem I am posting my solution. I had to change only one line in my web.xml file. I had to replace this code

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/admin/*</url-pattern>
</filter-mapping>

with this code

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

and I don't even need this line in spring-security.xml file

<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>

Hope that might help somebody. Happy coding...

Solution 2

Did you try setting the login-processing-url attribute of your <security:form-login> element? I use the same up-to-date versions of Spring and Spring Security as you and I added the login-processing-url attribute as follows:

login-processing-url="/j_spring_security_check"

Everything works properly, and I don't even need the following element:

<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>

Of course, if you wish to use /login instead of /j_spring_security_check, you are free to do so. Just make sure the URIs you put in your JSP and in your Spring Security configuration file match.

Hope this will help...

Jeff

------------ UPDATE ------------

I think about it... Spring Security introduced Cross-Site Request Forgery (CSRF) protection in version 4. When I updated my code, in order to avoid adding CSRF management in all my protected JSPs (not necessary for my business needs), I had to add the following element in my <security:http> element:

<security:csrf disabled="true"/>

Please give it a try and tell me whether it worked.

Share:
18,101
Abhisek Lamsal
Author by

Abhisek Lamsal

Updated on June 18, 2022

Comments

  • Abhisek Lamsal
    Abhisek Lamsal almost 2 years

    I am currently working on my blog in Spring framework. I am implementing the Spring Security for login purpose. Everything works as expected until I submit the login credentials which is always returning 404 code.

    Here is my web.xml code

    <?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee 
    http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">

<display-name>avispring</display-name>          

<error-page>
    <error-code>404</error-code>
    <location>/404.html</location>
</error-page>

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>/WEB-INF/spring-database.xml</param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy
    </filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/admin/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>

<servlet>
    <servlet-name>spring</servlet-name>
    <servlet-class>
        org.springframework.web.servlet.DispatcherServlet
    </servlet-class>
    <load-on-startup>1</load-on-startup>        
</servlet>
<servlet-mapping>
    <servlet-name>spring</servlet-name>
    <url-pattern>/</url-pattern>        
</servlet-mapping>

    Here is my spring security code:

    <bean id="dataSource"
    class="org.springframework.jdbc.datasource.DriverManagerDataSource">
    <property name="driverClassName" value="com.mysql.jdbc.Driver"/>
    <property name="url" value="jdbc:mysql://localhost:3306/avispring"/>
    <property name="username" value="root"/>
    <property name="password" value=""/>
</bean>
<security:debug/>
<security:http auto-config="true">
    <security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
    <security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
    <security:form-login        
    login-page="/login.html"
    authentication-failure-url="/login?login_error=1"
    default-target-url="/admin/home.html"/>     
</security:http>

<security:authentication-manager>
    <security:authentication-provider>
        <security:jdbc-user-service 
            data-source-ref="dataSource"
            users-by-username-query="select USERNAME,PASSWORD,ENABLED from USER_AUTHENTICATION where USERNAME=?"
            authorities-by-username-query="select u1.USERNAME,u2.ROLE from USER_AUTHENTICATION u1,USER_AUTHORIZATION u2 where u1.USER_ID=u2.USER_ID and u1.USERNAME=?"/>
    </security:authentication-provider>
</security:authentication-manager>

    part of my login.jsp code is 

    <form action="<c:url value="/login"/>" method="post">
      <div class="form-group has-feedback">
        <input type="email" class="form-control" placeholder="Email" name="username">
        <span class="glyphicon glyphicon-envelope form-control-feedback"></span>
      </div>
      <div class="form-group has-feedback">
        <input type="password" class="form-control" placeholder="Password" name="password">
        <span class="glyphicon glyphicon-lock form-control-feedback"></span>
      </div>
      <div class="row">
        <div class="col-xs-8">
          <div class="checkbox icheck">
            <label>
              <input type="checkbox"> Remember Me
            </label>
          </div>
        </div><!-- /.col -->
        <div class="col-xs-4">
          <button type="submit" class="btn btn-primary btn-block btn-flat"     name="submit">Sign In</button>
        </div><!-- /.col -->
      </div>
    </form>

    and the console output is

    Oct 16, 2015 1:06:03 AM org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/avispring/login] in DispatcherServlet with name 'spring'

    Note:

    1. I am using spring 4.2.1 and spring security 4.0.2
    2. Most of the forums are pointing to the context path i.e [appname/login] or [appname/j_spring_security_check] and I think mine is ok regarding it

    Please help...

    UPDATE:

    when I used log4j, the debug output at the time of form submission is as follows:

    DEBUG: org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: org.apache.catalina.connector.RequestFacade@c8b445 DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'spring' processing POST request for [/avispring/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /login DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Did not find handler method for [/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping@138f01b] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping - No handler mapping found for [/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping@1ff154c] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - No handler mapping found for [/login] WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/avispring/login] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.DispatcherServlet - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@c8b445 DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in WebApplicationContext for namespace 'spring-servlet': ServletRequestHandledEvent: url=[/avispring/login]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[3ms]; status=[OK] DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in Root WebApplicationContext: ServletRequestHandledEvent: url=[/avispring/login]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[3ms]; status=[OK] DEBUG: org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'spring' processing POST request for [/avispring/404.html] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /404.html DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Found 1 matching mapping(s) for [/404.html] : [{[/404.html]}] DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView com.avispring.controllers.HelloController.errorPage()] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter@511db5] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter@1a86ee] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter@c26a5f] DEBUG: org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - Invoking [HelloController.errorPage] method with arguments [] DEBUG: org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - Method [errorPage] returned [ModelAndView: reference to view with name '/404'; model is null] DEBUG: org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name '/404'; URL [/WEB-INF/jsp//404.jsp]] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.view.JstlView - Rendering view with name '/404' with model {} and static attributes {} DEBUG: org.springframework.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/jsp//404.jsp] in InternalResourceView '/404' DEBUG: org.springframework.web.servlet.DispatcherServlet - Cleared thread-bound request context: org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in WebApplicationContext for namespace 'spring-servlet': ServletRequestHandledEvent: url=[/avispring/404.html]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[1ms]; status=[OK] DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in Root WebApplicationContext: ServletRequestHandledEvent: url=[/avispring/404.html]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[1ms]; status=[OK]

  • Abhisek Lamsal
    Abhisek Lamsal over 8 years
    yes, I did set login-processing-url before but it didn't work. I also tried setting username-parameter and password-parameter as well but no luck :(
  • Jeff Morin
    Jeff Morin over 8 years
    Sorry about that... I will definitely need to see the rest of your code to find out what the differences are between your code and mine around credentials handling.
  • Abhisek Lamsal
    Abhisek Lamsal over 8 years
    now I have only the controller code left should I include that one too?
  • Jeff Morin
    Jeff Morin over 8 years
    I don't think it is likely to have anything to do with your problem, but if you add it I will have a look at it. I really double-checked my configuration and according to your previous notes, it should be quite isomorphous to mine by now.
  • Abhisek Lamsal
    Abhisek Lamsal over 8 years
    did you get any solutions? I'm really stuck in this. :(
  • Jeff Morin
    Jeff Morin over 8 years
    I'll try to have a look at another project in which I configured Spring Security, hopefully version 4, this weekend. I will tell you the outcome of my investigations tomorrow or Monday.
  • Abhisek Lamsal
    Abhisek Lamsal over 8 years
    @ Jeff Morin: Thank you so much for your help but I have already found my solution. see below :)
  • Ron Sher
    Ron Sher over 7 years
    What was the solution @AbhisekLamsal ? I'm having the same issue
  • Abhisek Lamsal
    Abhisek Lamsal over 7 years
    @RonSher look at the springSecurityFilterChain url pattern in the accepted answer. I have stated it above. If it still doesn't work please tell me

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

WARN o.s.web.servlet.PageNotFound - No mapping found for HTTP request with URI
Get Spring Security Principal in JSP EL expression
500 error handling in Spring MVC
Spring security 401 Unauthorized even with permitAll
Integrating Spring Security with SiteMinder
Java Spring Security - User.withDefaultPasswordEncoder() is deprecated?
spring security get user id from DB
spring app not finding property on object
Unable to read TLD "META-INF/c.tld" from JAR file
net::ERR_INCOMPLETE_CHUNKED_ENCODING SPRING MVC application using JSP