spring can not send css & js resources - spring

I use spring mvc and spring security for web app and tomcat as web application. I use mvc:resources to handle resources requests. But chrome console display following error:
Failed to load resource: the server responded with a status of 404 ()
Refused to execute script from 'http://localhost:8080/web-resources/jquery.min.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
:8080/favicon.ico Failed to load resource: the server responded with a status of 404 ()
This picture is my project structure:
My web.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- security config-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-mvc-servlet.xml
/WEB-INF/security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<page-encoding>UTF-8</page-encoding>
</jsp-property-group>
</jsp-config>
</web-app>
And my spring-mvc-servlet.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:annotation-config/>
<context:component-scan base-package="java"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/"/>
<property name="suffix" value=".jsp"/>
</bean>
<mvc:annotation-driven/>
<mvc:resources mapping="/web-resources/**" location="/web-resources" cache-period="31556926"/>
<mvc:resources mapping="/favicon.ico" location="/web-resources" cache-period="31556926"/>
</beans>
And security.xml is:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/user**" access="ROLE_USER"/>
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/web-resources**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/user/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abcd" password="123456" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
The following is view jsp file:
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%# taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<html>
<body>
<h1 id="banner">Login to Security Demo</h1>
<form name="f" action="<c:url value='j_spring_security_check'/>"
method="POST">
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='j_username'/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password'></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"> <input name="reset" type="reset"></td>
</tr>
</table>
</form>
<script type="text/javascript" src="web-resources/jquery.min.js"></script>
</body>
</html>

your mvc resource mapping seems not set correct.
Try to change
<mvc:resources mapping="/web-resources/**" location="/web-resources" cache-period="31556926"/>
to
<mvc:resources mapping="/web-resources/**" location="/web-resources/" cache-period="31556926"/>
and also add following code to your spring security xml:
<http pattern="/web-resources/**" security="none"/>

Related

Success page redirection not happening after applying spring security configuration?

I am trying to apply spring security login config to my application but while applying the config I am not able to redirect to success page
abc_security_config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:s="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<s:global-method-security pre-post-annotations="enabled" secured-annotations="enabled" proxy-target-class="true"/>
<s:http auto-config="true" use-expressions="true">
<s:intercept-url pattern="/login" access="permitAll"></s:intercept-url>
<s:intercept-url pattern="/logout" access="permitAll"></s:intercept-url>
<s:intercept-url pattern="/accessdenied" access="permitAll"></s:intercept-url>
<s:intercept-url pattern="/**" access="hasRole('ROLE_USER')"></s:intercept-url>
<!-- <s:form-login login-page="/login" default-target-url="/list" authentication-failure-url="/accessdenied"></s:form-login> -->
<s:form-login login-page="/login" authentication-success-forward-url="/home" default-target-url="/home" authentication-failure-url="/login.html?error=true"></s:form-login>
<s:logout logout-success-url="/logout" delete-cookies="JSESSIONID"></s:logout>
<s:csrf/>
</s:http>
<s:authentication-manager alias="authenticationManager">
<!-- <s:authentication-provider user-service-ref="customPreAuthUserDetailsService" /> -->
<s:authentication-provider>
<s:user-service>
<s:user name="abc" password="test" authorities="ROLE_USER" />
</s:user-service>
</s:authentication-provider>
</s:authentication-manager>
</beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>recon</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/configuration/abc-servlet.xml
/WEB-INF/configuration/abc_security_config.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>recon</servlet-name>
<url-pattern>/</url-pattern>
<!-- <url-pattern>/recon/*</url-pattern> -->
</servlet-mapping>
<!-- Spring Servlet Configuration : END -->
<!-- Spring Security : Start -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security : End -->
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>5</session-timeout>
</session-config>
</web-app>
UserController.java
#Controller
//#RequestMapping(value = "/user")
public class UserController {
private final Logger logger = LoggerFactory.getLogger(UserController.class);
#Resource(name = "userService")
private UserService usrService;
#RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
System.out.println("::::::::::Controller Login::::::::::");
return "login";
}
#RequestMapping(value = "/", method = RequestMethod.GET)
public String defaultPage(ModelMap map) {
return "redirect:/home";
}
#RequestMapping(value = "/home", method = RequestMethod.GET)
public String listEmployees(ModelMap map) {
return "home";
}
#RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "logout";
}
}
Login.jsp (It is configured in the tiles.xml as a tiles definition)
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%# taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<html>
<body>
<h1 id="banner">Login to Security Demo test</h1>
<form name="f" action="<c:url value='j_spring_security_check'/>"
method="POST">
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='j_username' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password'></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"> <input name="reset" type="reset"></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</body>
</html>
When I put correct username and pwd it redirects to same page.
One more thing that I observed is, on the Eclipse console I am getting Print statement ::::::::::Controller Login:::::::::: 6 times instead of 1.
Is there any config I am missing ?

j-spring-security The requested resource is not available

i had created login authentication using the spring security framework..
when i include the <!-- Spring Security --> below entries in the web.xml the index page is not shown, also if i don't include the tag (<!-- Spring Security -->), the index page is shown, when i enter the userid/password and click on the submit button, i get the error
error without adding <!-- spring security --> tag
----------------------------------------------------
http://sgv09946224.gbl.ad.hedani.net:8080/SpringMVCExample/j_spring_security_check
HTTP Status 404 - The requested resource is not available.
error while adding <!-- spring security --> tag
----------------------------------------------------
http://sgv09946224.gbl.ad.hedani.net:8080/SpringMVCExample/
HTTP Status 404 - /SpringMVCExample/
type Status report
message /SpringMVCExample/
description The requested resource is not available.
web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SpringMVCExample</display-name>
<!--
- Location of the XML file that defines the root application context.
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring/application-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Servlet that dispatches request to registered handlers (Controller implementations).
-->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml /WEB-INF/mvc-security.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<!--
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
-->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
</web-app>
mvc-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Uncomment and your base-package here:
<context:component-scan
base-package="org.springframework.samples.web"/> -->
<mvc:resources mapping="/SpringMVCExample/resources/**" location="SpringMVCExample/resources/" />
<mvc:resources mapping="/images/**" location="/WEB-INF/images/" />
<mvc:annotation-driven />
<context:component-scan base-package="com.controller" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- Example: a logical view name of 'showMessage' is mapped to '/WEB-INF/jsp/showMessage.jsp' -->
<property name="prefix" value="/WEB-INF/view/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>
mvc-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/index*" access="ROLE_USER" />
<security:form-login login-page="/index" default-target-url="/showMessage"
authentication-failure-url="/fail2login" />
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="l1" password="l1" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
index.jsp
<!DOCTYPE html>
<%# page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%# taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<html>
<head>
<meta charset="utf-8">
<title>Welcome</title>
</head>
<body>
<img src="/SpringMVCExample/images/SupportDashboard.jpg"/>
<c:if test="${not empty error}">
Your login attempt was not successful, try again
</c:if>
<form name='f' action="<c:url value='j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
<c:url value="/showMessage.html" var="messageUrl" />
Click to enter
</body>
</html>
showmessage.jsp
<!DOCTYPE html>
<%# page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<html>
<head>
<meta charset="utf-8">
<title>Welcome</title>
</head>
<body>
<h2>${message}</h2>
</body>
</html>
spring/application-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Uncomment and add your base-package here:
<context:component-scan
base-package="org.springframework.samples.service"/> -->
<!-- hibernate configuration and mappings
<import resource="mvc-security.xml"/> -->
</beans>
maincontroller.java
package com.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.validation.*;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.ui.ModelMap;
/*
* author: Crunchify.com
*
*/
#Controller
public class MainController {
#RequestMapping("/showMessage")
public ModelAndView helloWorld() {
System.out.println("inisde showmessage method");
String message = "<br><div style='text-align:center;'>" +
"<h3>********** Welcome to LDO Support Landing page **********<h3> </div><br><br>";
return new ModelAndView("showMessage", "message", message);
}
#RequestMapping("/index")
public ModelAndView index() {
System.out.println("inisde index method");
String message = "<br><div style='text-align:center;'>" +
"<h3>********** Welcome to LDO Support Landing page **********<h3> </div><br><br>";
return new ModelAndView("showMessage", "message", message);
}
#RequestMapping(value="/fail2login", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
System.out.println("inisde fail2login method");
model.addAttribute("error", "true");
return "login";
}
#RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
System.out.println("inisde logout method");
return "login";
}
}
modified web.xml which worked for me
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-*.xml,
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

spring security. forward after login page

It is snippet from spring security config:
<form-login login-page="/home.jsp"
authentication-failure-url="/loginFailed" default-target-url="/index" />
<logout logout-success-url="/logOut" />
But if I enter successfull I was forward to /logOut
if click log out - go to home.jsp .
if failed login - home.jsp
What is the strange behaviour?
update
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/appServlet/servlet-context.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>home.jsp</welcome-file>
</welcome-file-list>
</web-app>
root-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee" xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p" xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<!-- Root Context: defines shared resources visible to all other web components -->
<!-- Настраивает управление транзакциями с помощью аннотации #Transactional -->
<!-- -->
<import resource="classpath:spring/BeanConfig.xml" />
<!-- Файл с настройками Security -->
<import resource="security_config.xml" />
<!-- <bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource‌​"> -->
<!-- <property name="basename" value="/WEB-INF/messages/messages" /> -->
<!-- </bean> -->
</beans>
securuty_config.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http use-expressions="true" >
<intercept-url pattern="/home.jsp" access="permitAll" />
<intercept-url pattern="/*" access="isAuthenticated()"/>
<form-login login-page="/home.jsp"
authentication-failure-url="/loginFailed" default-target-url="/index" />
<logout logout-success-url="/logOut" />
</http>
<authentication-manager>
<authentication-provider ref="provider" />
<!-- <authentication-provider> -->
<!-- <user-service> -->
<!-- <user name="name" authorities="ROLE_USER"/> -->
<!-- </user-service> -->
<!-- </authentication-provider> -->
</authentication-manager>
</beans:beans>
form authenthification fragment:
<form method="POST" action="<c:url value="/j_spring_security_check" />"
Hi #user2740224 can you try in security_config.xml something like this:
<global-method-security secured-annotations="enabled" pre-post-annotations="enabled" />
<http use-expressions="true" >
<intercept-url pattern="/index*" access="isAuthenticated()" />
<form-login login-page="/home" default-target-url="/index" always-use-default-target="true" authentication-failure-url="/loginFailed" />
<logout logout-success-url="/home" delete-cookies="JSESSIONID" invalidate-session="true" />
...
</http>
I hope help you :)

Login page with Spring Security not working URL(http://localhost:8080/site/j_spring_security_check) goes to PAGE NOT FOUND

I am new to hippo and working on hippo cms site.
I am working on creating a login page with spring security. For this I created the following files and did the configuration for spring and spring security.
Here is my Login.jsp.
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
<style>
.errorblock {
color: #ff0000;
background-color: #ffEEEE;
border: 3px solid #ff0000;
padding: 8px;
margin: 16px;
}
</style>
</head>
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>
<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<form name='f' action="/j_spring_security_check"
method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
</body>
</html>
The configuration files.
1) Web.xml configuration
<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_ID" version="2.4"
xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee
http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>Spring MVC Application</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-database.xml,
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
2) mvc-dispatcher-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="com.example.common.controller" />
<bean
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix">
<value>/WEB-INF/pages/</value>
</property>
<property name="suffix">
<value>.jsp</value>
</property>
</bean>
<bean id="messageSource"
class="org.springframework.context.support.ResourceBundleMessageSource">
<property name="basenames">
<list>
<value>mymessages</value>
</list>
</property>
</bean>
</beans>
3) spring-database.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
<bean id="dataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="com.mysql.jdbc.Driver" />
<property name="url" value="jdbc:mysql://localhost:3306/vnp_db" />
<property name="username" value="root" />
<property name="password" value="admin" />
</bean>
</beans>
4) spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/welcome*" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/welcome"
authentication-failure-url="/loginfailed" login-processing-url="/j_spring_security_check"/>
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="
select email,password, enabled
from users where email=?"
authorities-by-username-query="
select u.email, ur.authority from users u, authorities ur
where u.email = ur.email and u.email =? "
/>
</authentication-provider>
</authentication-manager>
</beans:beans>
And the controller file
This module also contains registration part using spring thar part is working fine . On the login page I fill the correct username and password and clicks "Login" button. The url goes to "http://testcebs.com:8080/site/j_spring_security_check" and redirects to PAGE NOT FOUND instead of success and fail.No authentication process initatied after clicking on "Login" button. I am not able to understand why it is not working. However the same code and configuration is working fine in eclipse as a spring application.
You've been answered here and here, please don't cross-post
The answers:
if the j_spring_security_check URL is not part of the HST driven then make sure you add it to you hst:hosts exclusions, because otherwise the HST thinks it needs to handle the URL.
and
You need to insert the​ SpringSecurityValve into your existing pipelines​ as well​.
​you can use the hippo-spring-sec​ plugin for a cleaner spring security integration; http://hst-springsec.forge.onehippo.org/

i want to handle database connection exception using spring security

I am getting the following error:- Login error. Reason : Could not get JDBC Connection; nested exception is com.mysql.jdbc.exceptions.jdbc4.MySQLSyntaxErrorException: Unknown database 'dbname' when i try to connect with wrong database. But i want to handle that exception and want to show some customize message.
Here is my configuration file:-
Spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!--<http pattern="/abc/**" security="none" /> -->
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/admin*" access="hasRole('SYS_ADMIN')" />
<intercept-url pattern="/cab-stop-admin*" access="hasAnyRole('SYS_ADMIN','CABSTOP_ADMIN')" />
<intercept-url pattern="/driver*" access="hasAnyRole('DRIVER','SYS_ADMIN','CABSTOP_ADMIN')" />
<intercept-url pattern="/customer*" access="hasAnyRole('CUSTOMER','SYS_ADMIN','CABSTOP_ADMIN')" />
<form-login login-page="/login" default-target-url="/role-check"
authentication-failure-url="/login?error=true" />
<remember-me key="_spring_security_remember_me"/>
<logout logout-success-url="/login" />
</http>
<authentication-manager>
<authentication-provider>
<password-encoder hash="md5" />
<jdbc-user-service data-source-ref="fmsDataSource"
users-by-username-query="select Username,Password, 'true' as enabled from login_details where Username=?"
authorities-by-username-query="select u.Username, ur.Role_Name from login_details u, role_master ur where u.Role_Master_Id = ur.Role_Master_Id and u.Username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
login.jsp
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%# page contentType="text/html;charset=UTF-8"%>
<%# taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%# taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<jsp:include page="header.jsp" />
<html>
<head>
<title><spring:message code="message.home" /></title>
</head>
<body>
<c:if test="${not empty param.error}">
<font color="red"><br /> Login error.
Reason : ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message} </font>
</c:if>
<form name="loginForm" onsubmit="return validateForm();">
<h1><spring:message code="message.login" /></h1>
<table>
<tr>
<td align="right"><spring:message code="message.username"
text="default text" /></td>
<td><input type="text" name="j_username" id="j_username" autofocus="autofocus"/></td>
</tr>
<tr>
<td align="right"><spring:message code="message.password"
text="default text" /></td>
<td><input type="password" name="j_password" /></td>
</tr>
<tr>
<label for='_spring_security_remember_me'>
Remember me:
<input type='checkbox' name='_spring_security_remember_me' value="on"/>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit"
value="<spring:message code="message.login" />" /></td>
<td colspan="2" align="right"><a href="<%=request.getContextPath()%>/customer/register"><spring:message
code="message.register" text="default text" /></a></td>
</tr>
<tr>
<td colspan="2" align="right"><a href="<%=request.getContextPath()%>/forgot-password"><spring:message
code="message.forgotpassword" text="default text" /></a></td>
</tr>
</table>
</form>
</body>
<jsp:include page="footer.jsp" />
</html>
hibernate-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-3.1.xsd">
<context:component-scan base-package="com.cabfms.dao"/>
<!-- enable the configuration of transactional behavior based on annotations -->
<tx:annotation-driven transaction-manager="transactionManager"/>
<bean id="fmsDataSource"
class="org.springframework.jdbc.datasource.DriverManagerDataSource"
p:driverClassName="${db.driverClassName}" p:url="${db.url}"
p:username="${db.username}" p:password="${db.password}" />
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="fmsDataSource" />
<property name="packagesToScan" value="com.cabfms.entities" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.format_sql">true</prop>
<prop key="hibernate.show_sql">true</prop>
<prop key="hibernate.dialect">org.hibernate.dialect.MySQLDialect</prop>
<prop key="javax.persistence.validation.mode">none</prop>
</props>
<!--<props>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.show_sql">${hibernate.show_sql}</prop>
<prop key="javax.persistence.validation.mode">none</prop>
<prop key="hibernate.current_session_context_class">${hibernate.current_session_context_class}</prop>
<prop key="hibernate.connection.pool_size">${hibernate.connection.pool_size}</prop>
<prop key="hibernate.c3p0.min_size">${hibernate.c3p0.min_size}</prop>
<prop key="hibernate.c3p0.max_size">${hibernate.c3p0.max_size}</prop>
<prop key="hibernate.c3p0.timeout">${hibernate.c3p0.timeout}</prop>
<prop key="hibernate.c3p0.max_statements">${hibernate.c3p0.max_statements}</prop>
<prop key="hibernate.c3p0.idle_test_period">${hibernate.c3p0.idle_test_period}</prop>
</props>
--></property>
</bean>
<!--Transaction Manager Added -->
<bean id = "transactionManager" class = "org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name = "sessionFactory" ref = "sessionFactory" />
</bean>
</beans>
web.xml
<web-app>
<display-name>Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml,
/WEB-INF/hibernate-config.xml,
/WEB-INF/spring-security.xml,
/WEB-INF/application-context.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<!-- Spring MVC -->
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<!--<url-pattern>/services/*</url-pattern> -->
<!--<url-pattern>/views/*</url-pattern> -->
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping><!--
<welcome-file-list>
<welcome-file>index.jsp</welcome-file>
</welcome-file-list>
-->
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/error-page</location>
</error-page>
</web-app>
You can make your application container handle such exceptions.
Uncaught exceptions within an application can be forwarded to an error page as defined in the deployment descriptor (web.xml).
<error-page>
<exception-type>java.lang.Exception</exception-type>
<location>/error</location>
</error-page>
You just need to put exception type you want to handle and location where user will be forwarded in case of application error.
Remember to make this error page visible to anonymous users in case error happens before successful authentication.
<sec:intercept-url pattern="/error" access="permitAll"/>

Resources