Geek Answers Handbook

J_spring_security_check 404 issue

I am trying to get my spring + hibernate + spring -security and tiles2 - "HelloWorld" application to work by following this guide (unfortunately, in it).

My problem is that I get the error "404" when I log into my application. Redirecting to the login page works as intended, but I cannot reach " http: // localhost: 8080 / App / j_spring_security_check " when I press the login button.

My web.xml is as follows:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        /WEB-INF/defs/applicationContext.xml
        /WEB-INF/defs/applicationContext-security.xml
    </param-value>
</context-param>

<filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name> 
  <url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
    <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>

and the applicationContext-security.xml file looks like this ...

<http use-expressions="true">
    <intercept-url pattern="/index.html" access="permitAll" />
    <intercept-url pattern="/timeout.html" access="permitAll" />
    <intercept-url pattern="/redirect.html" access="permitAll" />
    <intercept-url pattern="/media/**" access="permitAll" />
    <intercept-url pattern="/includes/**" access="permitAll" />
    <intercept-url pattern="/office/**" access="hasRole('ROLE_USER')" />
    <intercept-url pattern="/office/admin/**" access="hasRole('ROLE_ADMIN')" />

    <form-login login-page="/index.html" 
            authentication-failure-url="/index.html?login_error=1"
            default-target-url='/office/kunden.html'
            always-use-default-target='true'
            />
    <logout logout-success-url="/index.html" />
    <remember-me />
    <session-management invalid-session-url="/index.html">
        <concurrency-control max-sessions="2" error-if-maximum-exceeded="true" />
    </session-management>
</http>

<authentication-manager>
    <authentication-provider>
        <jdbc-user-service data-source-ref="mysqldataSource" 
                    authorities-by-username-query="select username, authority from benutzer where username = ?"
                    users-by-username-query="select username, password, enabled from benutzer where username = ?"/>
    </authentication-provider>
</authentication-manager>

Database connection is like OK

I would be very happy if someone could give me a hint of this, because I already have a lot of googlers, but have not yet found a solution.

spring 3.1 tomcat 7.0.23

+5
3

:

  • Spring -security config

, , . , http://localhost:8080/App/j_spring_security_check. URL-? http://localhost:8080/App (HTTP 200)? , . , , :

  <!--  Spring Hauptteil -->

  <servlet>
      <servlet-name>spring</servlet-name>
      <servlet-class>
          org.springframework.web.servlet.DispatcherServlet
      </servlet-class>
      <load-on-startup>1</load-on-startup>
  </servlet>
  <servlet-mapping>
      <servlet-name>spring</servlet-name>
      <url-pattern>*.html</url-pattern>
  </servlet-mapping>

web.xml, , spring -security.

, .

, , . , (, typeo), , spring -security . . .

- , .

, DelegatingFilterProxy ( web.xml), , Spring IoC. applicationContext-security . - , , http 404 , .

Uffff, ;)

+2

. , 404, - default-target-url='/office/kunden.html' , .

, url /office/kunden.html, ( <security:intercept-url pattern="/**" access="permitAll" />) .

, , , spring 3.0, spring 3.0. , , .

0

, , , , , SSL, . , , , spring URL-, default-target-url ( http https)

<security:form-login login-page="/login.jsp" default-target-url="/index.jsp" authentication-failure-url="/login.jsp?error=true" />

http, loadbalancer ( https-) 404 NOT FOUND

We solved this problem by adding the following directive mod_headerfor all incoming requests to port 443 (https) in the load balancer:

RequestHeader set X-Forwarded-Proto "https"

An additional title will be added. If you start an application server, such as Jetty, it will recognize this header and translate the incoming request. (see http://www.gossamer-threads.com/lists/apache/users/407272 )

0
source

More articles:


All Articles