Geek Answers Handbook

Spring Security / j _spring_security_check Not found 404

Here is my WebAppInitializer:

@Configuration public class WebAppInitializer extends AbstractAnnotationConfigDispatcherServletInitializer { @Override protected Class<?>[] getRootConfigClasses() { return new Class<?>[] { AppConfig.class, WebSecurityConfig.class }; } @Override protected Class<?>[] getServletConfigClasses() { return new Class<?>[] { WebConfig.class }; } @Override protected String[] getServletMappings() { return new String[] { "/" }; } }

Here is my security configuration:

 @Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.userDetailsService(userDetailsService); } @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/resources/**"); } @Override protected void configure(HttpSecurity http) throws Exception { // @formatter:off http.authorizeRequests() .antMatchers("/signup", "/about").permitAll() .antMatchers("/admin/**").hasRole("ADMIN") .anyRequest().authenticated() .and().formLogin().loginPage("/login").defaultSuccessUrl("/home").failureUrl("/error").permitAll() .and().httpBasic(); // @formatter:on } }

And this is my login.html (example html from the timemeaf):

 <form th:action="@{/j_spring_security_check}" method="post"> <label for="j_username">Username</label>: <input type="text" id="j_username" name="j_username" /> <br /> <label for="j_password">Password</label>: <input type="password" id="j_password" name="j_password" /> <br /> <input type="submit" value="Log in" /> </form>

When I click on the login, this error appears:

 HTTP ERROR 404 Problem accessing /j_spring_security_check. Reason: Not Found

How can I get rid of this error? I googled a lot, but so far have not achieved anything. (Yes, I do not use xml.)

+7
spring spring-mvc spring-security thymeleaf
source share
3 answers

I created this and now it works:

 import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer; public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer { }

This activates SpringSecurityFilterChain.

I also had to switch from @EnableWebSecurity to @EnableWebMvcSecurity due to a CSRF error. As in the spring doc document it says:

... The reason is that spring Security protects against CSRF attakcks, and there is no CSRF token in our request. Update our configuration to use the @EnableWebMvcSecurity annotation, which will do the same as @EnableWebMvcSecurity and provide integration with spring MVC. Among other things, this ensures that the CSRF token will be automatically included in our forms when using Thymleaf 2.1+ or SpringMVC taglibs ...

Thanks also to M. Deinum for his comment. spring recently switched / j _spring_security_check / j_password / j_username to / login / password / username.

+9
source share

There may be a version issue if you are using spring 4.X, then

a.) login url = / login b.) logout url = / logout

where, as in the case of spring 3.X

a.) login url = / j_spring_security_check b.) logout url = / j_spring_security_logout

+18
source share

I also encountered this problem when disabling csrf. I tried explicitly specifying loginProcessingUrl and it works great!

 @Override protected void configure(HttpSecurity httpSecurity) throws Exception { httpSecurity.csrf().disable(); httpSecurity.formLogin().loginProcessingUrl("/login-url"); }

Note that:

  • This url only allows the HTTP POST method.
  • Other important default URLs in Spring Security are: 1. /login : return the default login form 2. /logout

My version of Spring Security is 4.0.3.RELEASE

P/S : my answer may not be directly related to the question, but I think it can help someone who is not familiar with Spring Security like me

+3
source share

More articles:


All Articles