Databases
StackOverflow2013
Postsdbo
POGetting redirect to the authentication failure url when trying to authenticate with Spring Security + Spring MVC
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POGetting redirect to the authentication failure url when trying to authenticate with Spring Security + Spring MVC
    text
    copied!<p>I am having troubles implementing Spring Security along with Spring MVC and Hibernate.</p> <p>When I give the credentials and validate the form, it goes to the following URL: http: //localhost:8080/test/login_error.htm;jsessionid=9BE14BCXXXXXXXXXXXXXXXX So it redirects me to the login_error.htm page that I have configured in my spring-security.xml. It looks like a session has been created so the problems occurs after that.</p> <p>I did try to debug to find out more and here is the deal:</p> <p>Since UserDetailsService is configured as my authenticationProvider in my spring-security.xml, it goes into the findByUserName method in the UserDetailsServiceImpl class:</p> <pre><code>public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException, DataAccessException { UserEntity userEntity = dao.findByName(username); if (userEntity == null) throw new UsernameNotFoundException("user not found"); return (UserDetails)assembler.buildUserFromUserEntity(userEntity); } </code></pre> <p>When it goes to the return, the user is properly loaded, so the connection to the DB has been made and the user has been found, no issue on that side. I can't figure out where the problem is.</p> <p>Here is the UserEntityDAOImpl class that I am using:</p> <pre><code>@Repository("userEntityDao") public class UserEntityDAOImpl implements UserEntityDAO { private SessionFactory sessionFactory; @Autowired public void setSessionFactory(SessionFactory sessionFactory) { this.sessionFactory = sessionFactory; } public void addUser(UserEntity user) { sessionFactory.getCurrentSession().save(user); } public UserEntity findByName(String username) { Session session = sessionFactory.getCurrentSession(); UserEntity user = (UserEntity)session.createQuery("select u from UserEntity u where u.username = '" + username + "'").uniqueResult(); return user; } ...others methods like activate, listUsers, etc... </code></pre> <p><strong>Edit:</strong></p> <pre><code>@Service("assembler") public class Assembler { @Transactional(readOnly = true) User buildUserFromUserEntity(UserEntity userEntity) { String username = userEntity.getUsername(); String password = userEntity.getPassword(); boolean enabled = userEntity.getActive(); boolean accountNonExpired = userEntity.getActive(); boolean credentialsNonExpired = userEntity.getActive(); boolean accountNonLocked = userEntity.getActive(); Collection&lt;SimpleGrantedAuthority&gt; authorities = new ArrayList&lt;SimpleGrantedAuthority&gt;(); for (SecurityRoleEntity role : userEntity.getSecurityRoleCollection()) { authorities.add(new SimpleGrantedAuthority(role.getName())); } User user = new User(username, password, enabled, accountNonExpired, credentialsNonExpired, accountNonLocked, authorities); return user; } } </code></pre> <p>It is retrieving the roles properly from the DB (ROLE_Admin in my case).</p> <p>Here is my spring-security.xml:</p> <pre><code>&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"&gt; &lt;http pattern="/resources/**" security="none"/&gt; &lt;http auto-config='true' use-expressions='true'&gt; &lt;intercept-url pattern="/login*" access="isAnonymous()" /&gt; &lt;intercept-url pattern="/secure/**" access="hasRole('ROLE_Admin')" /&gt; &lt;logout logout-success-url="/home.htm" /&gt; &lt;form-login login-page="/login.htm" login-processing-url="/j_spring_security_check" authentication-failure-url="/login_error.htm" default-target-url="/home.htm" always-use-default-target="true" /&gt; &lt;/http&gt; &lt;beans:bean id="com.daoAuthenticationProvider" class="org.springframework.security.authentication.dao.DaoAuthenticationProvider"&gt; &lt;beans:property name="userDetailsService" ref="userDetailsService" /&gt; &lt;/beans:bean&gt; &lt;beans:bean id="authenticationManager" class="org.springframework.security.authentication.ProviderManager"&gt; &lt;beans:property name="providers"&gt; &lt;beans:list&gt; &lt;beans:ref local="com.daoAuthenticationProvider" /&gt; &lt;/beans:list&gt; &lt;/beans:property&gt; &lt;/beans:bean&gt; &lt;authentication-manager&gt; &lt;authentication-provider user-service-ref="userDetailsService"&gt; &lt;password-encoder hash="plaintext" /&gt; &lt;/authentication-provider&gt; &lt;/authentication-manager&gt; &lt;/beans:beans&gt; </code></pre> <p>Here is the web.xml:</p> <pre><code>&lt;web-app id="WebApp_ID" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"&gt; &lt;display-name&gt;Spring MVC Application&lt;/display-name&gt; &lt;!-- Spring MVC --&gt; &lt;servlet&gt; &lt;servlet-name&gt;mvc-dispatcher&lt;/servlet-name&gt; &lt;servlet-class&gt;org.springframework.web.servlet.DispatcherServlet&lt;/servlet-class&gt; &lt;load-on-startup&gt;1&lt;/load-on-startup&gt; &lt;/servlet&gt; &lt;servlet-mapping&gt; &lt;servlet-name&gt;mvc-dispatcher&lt;/servlet-name&gt; &lt;url-pattern&gt;/&lt;/url-pattern&gt; &lt;/servlet-mapping&gt; &lt;/servlet&gt; --&gt; &lt;!-- This listener creates the root application Context --&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.web.context.ContextLoaderListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;listener&gt; &lt;listener-class&gt;org.springframework.web.context.request.RequestContextListener&lt;/listener-class&gt; &lt;/listener&gt; &lt;context-param&gt; &lt;param-name&gt;contextConfigLocation&lt;/param-name&gt; &lt;param-value&gt; /WEB-INF/applicationContext.xml /WEB-INF/spring-security.xml &lt;/param-value&gt; &lt;/context-param&gt; &lt;!-- Spring Security --&gt; &lt;filter&gt; &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt; &lt;filter-class&gt;org.springframework.web.filter.DelegatingFilterProxy&lt;/filter-class&gt; &lt;/filter&gt; &lt;filter-mapping&gt; &lt;filter-name&gt;springSecurityFilterChain&lt;/filter-name&gt; &lt;url-pattern&gt;/*&lt;/url-pattern&gt; &lt;/filter-mapping&gt; &lt;/web-app&gt; </code></pre>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload