Spring Security login returns 404
Solution 1
Ok that was so frustrating and I have found my answer by hit and trial. To all others who are facing my problem I am posting my solution. I had to change only one line in my web.xml file. I had to replace this code
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/admin/*</url-pattern>
</filter-mapping>
with this code
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
and I don't even need this line in spring-security.xml file
<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
Hope that might help somebody. Happy coding...
Solution 2
Did you try setting the login-processing-url
attribute of your <security:form-login>
element? I use the same up-to-date versions of Spring and Spring Security as you and I added the login-processing-url
attribute as follows:
login-processing-url="/j_spring_security_check"
Everything works properly, and I don't even need the following element:
<security:intercept-url pattern="/j_spring_security_check" access="permitAll"/>
Of course, if you wish to use /login
instead of /j_spring_security_check
, you are free to do so. Just make sure the URIs you put in your JSP and in your Spring Security configuration file match.
Hope this will help...
Jeff
------------ UPDATE ------------
I think about it... Spring Security introduced Cross-Site Request Forgery (CSRF) protection in version 4. When I updated my code, in order to avoid adding CSRF management in all my protected JSPs (not necessary for my business needs), I had to add the following element in my <security:http>
element:
<security:csrf disabled="true"/>
Please give it a try and tell me whether it worked.
Abhisek Lamsal
Updated on June 18, 2022Comments
-
Abhisek Lamsal almost 2 years
I am currently working on my blog in Spring framework. I am implementing the Spring Security for login purpose. Everything works as expected until I submit the login credentials which is always returning 404 code.
Here is my web.xml code
<?xml version="1.0" encoding="UTF-8"?> <web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"> <display-name>avispring</display-name> <error-page> <error-code>404</error-code> <location>/404.html</location> </error-page> <context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring-database.xml</param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/admin/*</url-pattern> </filter-mapping> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>spring</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet </servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>spring</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>
Here is my spring security code:
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource"> <property name="driverClassName" value="com.mysql.jdbc.Driver"/> <property name="url" value="jdbc:mysql://localhost:3306/avispring"/> <property name="username" value="root"/> <property name="password" value=""/> </bean> <security:debug/> <security:http auto-config="true"> <security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/> <security:intercept-url pattern="/j_spring_security_check" access="permitAll"/> <security:form-login login-page="/login.html" authentication-failure-url="/login?login_error=1" default-target-url="/admin/home.html"/> </security:http> <security:authentication-manager> <security:authentication-provider> <security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select USERNAME,PASSWORD,ENABLED from USER_AUTHENTICATION where USERNAME=?" authorities-by-username-query="select u1.USERNAME,u2.ROLE from USER_AUTHENTICATION u1,USER_AUTHORIZATION u2 where u1.USER_ID=u2.USER_ID and u1.USERNAME=?"/> </security:authentication-provider> </security:authentication-manager>
part of my login.jsp code is
<form action="<c:url value="/login"/>" method="post"> <div class="form-group has-feedback"> <input type="email" class="form-control" placeholder="Email" name="username"> <span class="glyphicon glyphicon-envelope form-control-feedback"></span> </div> <div class="form-group has-feedback"> <input type="password" class="form-control" placeholder="Password" name="password"> <span class="glyphicon glyphicon-lock form-control-feedback"></span> </div> <div class="row"> <div class="col-xs-8"> <div class="checkbox icheck"> <label> <input type="checkbox"> Remember Me </label> </div> </div><!-- /.col --> <div class="col-xs-4"> <button type="submit" class="btn btn-primary btn-block btn-flat" name="submit">Sign In</button> </div><!-- /.col --> </div> </form>
and the console output is
Oct 16, 2015 1:06:03 AM org.springframework.web.servlet.DispatcherServlet noHandlerFound WARNING: No mapping found for HTTP request with URI [/avispring/login] in DispatcherServlet with name 'spring'
Note:
- I am using spring 4.2.1 and spring security 4.0.2
- Most of the forums are pointing to the context path i.e [appname/login] or [appname/j_spring_security_check] and I think mine is ok regarding it
Please help...
UPDATE:
when I used log4j, the debug output at the time of form submission is as follows:
DEBUG: org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: org.apache.catalina.connector.RequestFacade@c8b445 DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'spring' processing POST request for [/avispring/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /login DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Did not find handler method for [/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping@138f01b] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.handler.BeanNameUrlHandlerMapping - No handler mapping found for [/login] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.handler.SimpleUrlHandlerMapping@1ff154c] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - No handler mapping found for [/login] WARN : org.springframework.web.servlet.PageNotFound - No mapping found for HTTP request with URI [/avispring/login] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.DispatcherServlet - Cleared thread-bound request context: org.apache.catalina.connector.RequestFacade@c8b445 DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in WebApplicationContext for namespace 'spring-servlet': ServletRequestHandledEvent: url=[/avispring/login]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[3ms]; status=[OK] DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in Root WebApplicationContext: ServletRequestHandledEvent: url=[/avispring/login]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[3ms]; status=[OK] DEBUG: org.springframework.web.servlet.DispatcherServlet - Bound request context to thread: org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG: org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'spring' processing POST request for [/avispring/404.html] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler map [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping@16fffcf] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /404.html DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Found 1 matching mapping(s) for [/404.html] : [{[/404.html]}] DEBUG: org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Returning handler method [public org.springframework.web.servlet.ModelAndView com.avispring.controllers.HelloController.errorPage()] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.HttpRequestHandlerAdapter@511db5] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.SimpleControllerHandlerAdapter@1a86ee] DEBUG: org.springframework.web.servlet.DispatcherServlet - Testing handler adapter [org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter@c26a5f] DEBUG: org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - Invoking [HelloController.errorPage] method with arguments [] DEBUG: org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod - Method [errorPage] returned [ModelAndView: reference to view with name '/404'; model is null] DEBUG: org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name '/404'; URL [/WEB-INF/jsp//404.jsp]] in DispatcherServlet with name 'spring' DEBUG: org.springframework.web.servlet.view.JstlView - Rendering view with name '/404' with model {} and static attributes {} DEBUG: org.springframework.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/jsp//404.jsp] in InternalResourceView '/404' DEBUG: org.springframework.web.servlet.DispatcherServlet - Cleared thread-bound request context: org.apache.catalina.core.ApplicationHttpRequest@bb82df DEBUG: org.springframework.web.servlet.DispatcherServlet - Successfully completed request DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in WebApplicationContext for namespace 'spring-servlet': ServletRequestHandledEvent: url=[/avispring/404.html]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[1ms]; status=[OK] DEBUG: org.springframework.web.context.support.XmlWebApplicationContext - Publishing event in Root WebApplicationContext: ServletRequestHandledEvent: url=[/avispring/404.html]; client=[0:0:0:0:0:0:0:1]; method=[POST]; servlet=[spring]; session=[BC0FB7E62DC0AFABD8EF72B8BF1CED54]; user=[null]; time=[1ms]; status=[OK]
-
Abhisek Lamsal over 8 yearsyes, I did set login-processing-url before but it didn't work. I also tried setting username-parameter and password-parameter as well but no luck :(
-
Jeff Morin over 8 yearsSorry about that... I will definitely need to see the rest of your code to find out what the differences are between your code and mine around credentials handling.
-
Abhisek Lamsal over 8 yearsnow I have only the controller code left should I include that one too?
-
Jeff Morin over 8 yearsI don't think it is likely to have anything to do with your problem, but if you add it I will have a look at it. I really double-checked my configuration and according to your previous notes, it should be quite isomorphous to mine by now.
-
Abhisek Lamsal over 8 yearsdid you get any solutions? I'm really stuck in this. :(
-
Jeff Morin over 8 yearsI'll try to have a look at another project in which I configured Spring Security, hopefully version 4, this weekend. I will tell you the outcome of my investigations tomorrow or Monday.
-
Abhisek Lamsal over 8 years@ Jeff Morin: Thank you so much for your help but I have already found my solution. see below :)
-
Ron Sher over 7 yearsWhat was the solution @AbhisekLamsal ? I'm having the same issue
-
Abhisek Lamsal over 7 years@RonSher look at the springSecurityFilterChain url pattern in the accepted answer. I have stated it above. If it still doesn't work please tell me