HTTP 404: conflict between spring security url filter and dispatcher surf url mapping

I have two problems here:

• 1st: I get HTTP 404. I think there is a conflict between spring mapping the security filter url and mapping the dispatcher servlets. I say this because when I remove the spring security configuration from my web.xml , the query matching process works fine.

• 2nd: I get a "notorious" HTTP 500 Failed to evaluate the expression "ROLE_ADMIN"

Now, how do I get problem 2 if I get 404 in the first place? I have no idea about this. Yesterday everything worked fine for problem 1, so I was getting HTTP 500. Today I can’t get HTTP 404. At least I have identified the culprit in my configuration.

Please help me solve the problem 1 <- this is the main character of this question (and if you are also a good question 2) ... Below are my xml configuration files.

web.xml

 <web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"> <!-- For front controller ie dispatcher servlet --> <servlet> <servlet-name>DispatcherServlet</servlet-name> <servlet-class> org.springframework.web.servlet.DispatcherServlet</servlet-class> <init-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/webcontext/DispatcherServlet-context.xml </param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>DispatcherServlet</servlet-name> <url-pattern>/</url-pattern> </servlet-mapping> <!-- For Spring security --> <!-- When I remove all items below, my app works fine --> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring/webcontext/security-context.xml </param-value> </context-param> <listener> <listener-class> org.springframework.web.context.ContextLoaderListener </listener-class> </listener> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class> org.springframework.web.filter.DelegatingFilterProxy </filter-class> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app> 

DispatcherServlet-context.xml

 <?xml version="1.0" encoding="UTF-8" ?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.0.xsd"> <!-- To enable spring annotations @RequestMapping, @Controller, @Repository, etc... --> <mvc:annotation-driven /> <!-- To enable @MatrixVariable --> <mvc:annotation-driven enable-matrix-variables="true"/> <!-- To set the package where dispatcher servlet looks for controllers Some other scanning for other purpose may also occur in that package For instance for @Autowired to look for interfaces--> <context:component-scan base-package="com.packt.webstore" /> <!-- Sets where ViewResolver looks for views --> <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver"> <property name="prefix" value="/WEB-INF/views/" /> <property name="suffix" value=".jsp" /> </bean> <!-- For static resources. Example : CSS, JS, etc... --> <mvc:resources mapping="/resources/**" location="/ressources/theme1/" /> <!-- For externalizing messages --> <bean id= "messageSource" class="org.springframework.context.support.ResourceBundleMessageSource"> <property name="basename" value="messages"/> </bean> </beans> 

security context.xml

 <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.1.xsd http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.2.xsd"> <security:http auto-config="true"> <security:intercept-url pattern="/products/add" access="hasRole('ROLE_ADMIN')" /> <security:form-login login-page="/login" default-target-url="/products/add" authentication-failure-url="/loginfailed"/> <security:logout logout-success-url="/logout" /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:user-service> <security:user name="Admin" password="Admin123" authorities="ROLE_ADMIN" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans> 

As you can see in the security-cntext.xml , I tried to solve problem 2 by adding hasRole('ROLE_ADMIN') , as suggested here