Is there a way to disable the default "/ login" in Spring Security 4.x?

Question

Is there a way to disable the default "/ login" in Spring Security 4.x?

When Spring Security evolved from version 3.2.x to 4.0.0, several modifications were required when using the XML-based configuration, as indicated in the Migration Link . After I went through, I'm still scared with some problems regarding the new attribute form-login@login-processing-url. Despite the fact that I indicated that it continues to be used /j_spring_security_checkas a path, it keeps the new /loginpath active.

I am using Spring Security with SpringMVC and starting development with version 3.2.7. I have a controller that maps the path /loginto the page on which the login form is displayed, and depending on the possible parameters received, a specific error message is displayed. Below is my controller

@Controller
public class LoginController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login(@RequestParam(value = "error", required = false) String error,
                        @RequestParam(value = "logout", required = false) String logout,
                        Model model) {

        if (error != null) {
            model.addAttribute("error", "Usuário e senha inválidos.");
        }

        if (logout != null) {
            model.addAttribute("msg", "Logout bem sucedido.");
        }

        return "login";
    }
}

In version 3.2, my file spring-security.xmlpointed the parameter form-login@login-pageto /login, so it showed my personalized login form (the same path was used for <logout>).

, form-login@login-processing-url, /login - Spring. , logout@logout-url, Spring - " ", , .

/login?, , /login?logout /login?error, , , , Spring .

: /login?

, - , /signin , , Spring Security 4.x. , , , URL- , Spring .

, spring-security.xml, 4.x.

<http auto-config="true" use-expressions="true" disable-url-rewriting="true">
    <access-denied-handler error-page="/403" />
    <intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')" />
    <intercept-url pattern="/power/**" access="hasRole('ROLE_POWER_USER')" />
    <form-login 
        login-page="/login"  <!-- my controller -->
        default-target-url="/" 
        login-processing-url="/j_spring_security_check" <!-- to reproduce 3.2 behaviour -->
        authentication-failure-url="/login?error" 
        username-parameter="username"
        password-parameter="password" />
    <logout logout-success-url="/login?logout" 
            logout-url="/j_spring_security_logout"/>
    <headers disabled="true"/>
    <csrf disabled="false"/> <!-- I know it could be ommited -->
</http>

(04/16/2015): 4.0.0. .

+4

spring spring-mvc spring-security

Felipe Leão 15 . '15 21:47

2

, AuthenticationEntryPoint, ( ).

:

http://docs.spring.io/spring-security/site/docs/4.0.0.RELEASE/reference/htmlsingle/#auth-entry-point

, :

http://krams915.blogspot.com.au/2010/12/spring-security-mvc-integration-using_26.html

0

Aeseir 15 . '15 23:52

Felipe Leão · Accepted Answer · 2015-04-16T13:25:13+0000

/access. ( ), - Spring /login.

( 404). , , /login . .

"", , , .

Is there a way to disable the default "/ login" in Spring Security 4.x?

More articles: