I can use a custom login page with Spring Security 3.2.4, but after migrating using the code below using 4.0.0, I see a general login form instead of my custom one:
<beans:bean id="authSuccessHandler" class="com.company.web.RoleBasedAuthenticationSuccessHandler" /> <http disable-url-rewriting="false" use-expressions="true"> <form-login login-page="/login" username-parameter="j_username" password-parameter="j_password" login-processing-url="/j_spring_security_check" authentication-failure-url="/login?login_error=true" authentication-success-handler-ref="authSuccessHandler"/> <intercept-url pattern="/login" access="permitAll"/> <remember-me remember-me-parameter="_spring_security_remember_me" remember-me-cookie="SPRING_SECURITY_REMEMBER_ME_COOKIE"/> <logout logout-url="/j_spring_security_logout" logout-success-url="/index" /> </http>
I also tried to enable debug logging in various Spring classes. I installed it on my own authSuccessHandler, but I do not see any output from it. No luck with a search on SO or Google.
Is there something incompatible in this configuration?
Update:
I also use Apache Tiles:
<definition name="login" extends="scrollableLayout"> <put-attribute name="header" value="/WEB-INF/jsp/heading_blue.jsp"/> <put-attribute name="body" value="/WEB-INF/jsp/login.jsp"/> </definition>
And using the following:
<mvc:view-controller path="/login" />
java spring-security
bphilipnyc
source share