StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

POSpring Custom AuthenticationProvider never invoked - 404 error on http://localhost:8080/igloo/j_spring_security_check
text
Body
copied!<p>I am trying to get an example of custom j_spring_security_check working on tomcat 7.0.47. Spring MVC goes to login page ok but gives error after clicking submit - what I am expecting is spring to fill in the user roles and then go to main.jsp. </p> <p>spring main config:</p> <pre><code><?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">  <context:component-scan base-package="frostbyte.igloo" />  <mvc:resources mapping="/resources/**" location="/resources/"/>  <mvc:annotation-driven/>  <bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property> <property name="prefix" value="WEB-INF/jsp/"></property> <property name="suffix" value=".jsp"></property> </bean>  <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource"> <property name="basename" value="classpath:messages"></property> <property name="defaultEncoding" value="UTF-8"></property> </bean>  </beans> </code></pre> <p>spring security config:</p> <pre><code><?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd">  <beans:bean id="FrostByteAuthenticationProvider" class="frostbyte.igloo.jsp.custom.FrostByteAuthenticationProvider"></beans:bean> <authentication-manager alias="authenticationManager"> <authentication-provider ref="FrostByteAuthenticationProvider"></authentication-provider> </authentication-manager>  <http auto-config="true" use-expressions="true"> <form-login login-processing-url="/login" login-page="/login" default-target-url="/main" username-parameter="j_username" password-parameter="j_password" authentication-failure-url="/login?auth=fail"/> <intercept-url pattern="/login" access="permitAll"></intercept-url> <intercept-url pattern="/logout" access="permitAll"></intercept-url> <intercept-url pattern="/**" access="hasRole('ADMIN')"/> <logout logout-url="/logout" logout-success-url="/logout_success"></logout> </http>  </beans:beans> </code></pre> <p>the AuthenticationProvider (non of these log messages ever get printed) :</p> <pre><code>package frostbyte.igloo.jsp.custom; import java.util.ArrayList; import java.util.List; import org.apache.log4j.Logger; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import frostbyte.common.FrostbyteRole; import frostbyte.common.FrostbyteUser; public class FrostByteAuthenticationProvider implements AuthenticationProvider { private static final Logger LOG = Logger.getLogger(FrostByteAuthenticationProvider.class); @Override public boolean supports(Class<?> authentication) { LOG.error("FrostByteAuthenticationProvider : supports : Marker 1"); System.out.println("FrostByteAuthenticationProvider : supports : Marker 1"); return true; } @Override public Authentication authenticate(Authentication authentication) throws AuthenticationException { LOG.error("FrostByteAuthenticationProvider : authenticate : Marker 1"); System.out.println("FrostByteAuthenticationProvider : authenticate : Marker 1"); Authentication rtn = null; String username = authentication.getName(); String password = authentication.getCredentials().toString(); LOG.error("FrostByteAuthenticationProvider : authenticate : Marker 10 : username = "+username); LOG.error("FrostByteAuthenticationProvider : authenticate : Marker 20 : password = "+password); FrostbyteUser user = new FrostbyteUser(); //for test everything validates user.setUsername(username); user.getRoles().add(new FrostbyteRole("ADMIN")); LOG.debug("Authenticate : Marker 100"); //if (user.getUsername().equalsIgnoreCase("username")) if (true) { LOG.debug("Authenticate : Marker 200"); if (true) //if (password.equalsIgnoreCase(user.getPassword())) { LOG.debug("Authenticate : Marker 300"); List<GrantedAuthority> grants = new ArrayList<GrantedAuthority>(); for (FrostbyteRole _role:user.getRoles()) { if (_role.equals("ADMIN")) { for ( String __role : _role.getRoles() ) { grants.add(new SimpleGrantedAuthority(__role.toUpperCase())); } } } rtn = new UsernamePasswordAuthenticationToken(username, password, grants); LOG.debug("Authenticate : Marker 898,000 : rtn = "+ rtn); } LOG.debug("Authenticate : Marker 899,000 : rtn = "+ rtn); } LOG.debug("Authenticate : Marker 900,000 : rtn = "+ rtn); return rtn; } } </code></pre> <p>the login jsp:</p> <pre><code><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <%@ include file="/WEB-INF/jsp/include.jsp" %> <meta http-equiv="pragma" content="no-cache"> <html> <head> <title></title> <link rel="stylesheet" href="resources/styles.css" type="text/css" media="screen" /> <style type="text/css"></style> </head> <body> request.getAttribute("message") = <%= request.getAttribute("message") %> <br /> request.getParameter("message") = <%= request.getParameter("message") %> <form action="<c:url value = "/j_spring_security_check" />" method="post"> <br /><br /><br /> <br /><br /><br /> <br /> <div class="containerCenterAlign"> <div class="container"> <div class="titleClass">Igloo<br /><div class="errorMessage"><%= message %></div></div> <ul class="loginUL"> <li class="loginLeft"> <label class="loginLabel" for="j_username">Username</label> <input id="username" name="j_username" class="loginText" type="text" value="" maxlength="150" /> <label class="loginLabel" for="j_password">Password</label> <input id="password" name="j_password" class="loginText" type="password" value="" maxlength="150" /> </li> <li class="loginRight"> <input type="submit" name="submit" id="submit" value="Login" class="loginSubmit" /> </li> </ul> <div style="clear: both; height: 2px;"></div> </div> </div> </form> </body> </html> </code></pre> <p>include.jsp:</p> <pre><code><%@ page language="java" contentType="text/html;charset=UTF-8"%> <%@ page session="false"%> <%@ page import="java.io.*" %> <%@ page import="java.util.*" %> <%@ page import="frostbyte.*" %> <%@ page import="org.apache.log4j.*" %> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %> <%@ taglib prefix="s" uri="http://www.springframework.org/tags"%> <%@ taglib prefix="sform" uri="http://www.springframework.org/tags/form"%> <%@ taglib prefix="frostbyte" uri="http://frostbyte/tags" %> </code></pre>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload