Why j_spring_security_check 404?
13,934
I think it may be the fact your security form should point to
/master/j_spring_security_check
Author by
xwhyz
Updated on June 27, 2022Comments
-
xwhyz almost 2 years
I'm trying to implement form based authentication with Spring security. Redirection works fine: my main page works correctly and for
http://localhost:8080/master/admin
I'm redirected to login page (http://localhost:8080/master/login/
):<form action="j_spring_security_check" method="POST"> <label for="username">User Name:</label> <input id="username" name="j_username" type="text"/> <label for="password">Password:</label> <input id="password" name="j_password" type="password"/> <input type="submit" value="Log In"/> </form> but when I submit I get 404 on address: `http://localhost:8080/master/login/j_spring_security_check`
Here's my configuration web.xml:
<context-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/root-context.xml</param-value> </context-param> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <!-- Creates the Spring Container shared by all Servlets and Filters --> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <!-- Processes application requests --> <servlet> <servlet-name>appServlet</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value> </init-param> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>appServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping>
And my root-context.xml (i made redirection to google so that I know page exists in context)
<sec:http auto-config="true"> <sec:intercept-url pattern="/admin/**" access="ROLE_USER" /> <sec:form-login login-page="/login/" authentication-failure-url="http://www.google.com" default-target-url="http://www.google.com" /> <sec:logout logout-success-url="/logout" /> </sec:http> <sec:authentication-manager> <sec:authentication-provider> <sec:user-service> <sec:user name="test" password="test" authorities="ROLE_USER, ROLE_ADMIN" /> <sec:user name="testuser" password="testuserpassword" authorities="ROLE_USER" /> </sec:user-service> </sec:authentication-provider> </sec:authentication-manager>
I've lost quite a lot of time already, trying different combinations but no luck. Any help is appreciated!
-
Joshua Moore over 10 yearsHere is some further information that will allow you better understand how and why: stackoverflow.com/questions/15365477/…