sec:authorize access="hasRole('ROLE_USER')" doesn't work - spring

My menu.jspx doesn't work correctly. I can see both <sec:authorize access
<sec:authorize access="hasRole('ROLE_USER')">
<h3>${menuAddContact}</h3><!--будет отображатсья только если юзер зашел и нужной ролью-->
</sec:authorize>
<sec:authorize access="isAnonymous()"><!--Если не зашел то отбражается форма входа-->
<div id="login">
<form name="loginForm" action="${loginUrl}" method="post">
<table>
<caption align="left">Login:</caption>
<tr>
<td>User Name:</td>
<td><input type="text" name="j_username"/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit"
name="submit"
value="Login"/></td>
</tr>
</table>
</form>
</div>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<div id="menu" xmlns:jsp="http://java.sun.com/JSP/Page"
xmlns:c="http://java.sun.com/jsp/jstl/core"
xmlns:spring="http://www.springframework.org/tags"
xmlns:sec="http://www.springframework.org/security/tags"
version="2.0">
<jsp:directive.page contentType="text/html;charset=UTF-8" />
<jsp:output omit-xml-declaration="yes" />
<spring:message code="menu_header_text" var="menuHeaderText"/>
<spring:message code="menu_add_contact" var="menuAddContact"/>
<spring:url value="/contacts?form" var="addContactUrl"/>
<spring:message code="label_login" var="labelLogin"/>
<spring:url var="loginUrl" value="/j_spring_security_check"/>
<h3>${menuHeaderText}</h3>
<sec:authorize access="hasRole('ROLE_USER')">
<h3>${menuAddContact}</h3><!--будет отображатсья только если юзер зашел и нужной ролью-->
</sec:authorize>
<sec:authorize access="isAnonymous()"><!--Если не зашел то отбражается форма входа-->
<div id="login">
<form name="loginForm" action="${loginUrl}" method="post">
<table>
<caption align="left">Login:</caption>
<tr>
<td>User Name:</td>
<td><input type="text" name="j_username"/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="j_password"/></td>
</tr>
<tr>
<td colspan="2" align="center"><input type="submit"
name="submit"
value="Login"/></td>
</tr>
</table>
</form>
</div>
</sec:authorize>
</div>
And in my header
<sec:authorize access="isAuthenticated()">${labelWelcome}
<sec:authentication property="principal.username" />
username does not exist(
It seems that spring security does not exist(
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http use-expressions="true">
<intercept-url pattern='/WEB-INF' access='permitAll' />
<form-login login-page="/contacts" authentication-failure-url="/security/loginfail"
default-target-url="/contacts" />
<logout logout-success-url="/contacts"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
But, if i use F12 in my browser i can see that spring return form data correctly
j_username:user
j_password:user
submit:Login
help me please( where my mistake?
UPD:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>java-blog-aggregator</display-name>
<context-param>
<param-name>spring.profiles.default</param-name>
<param-value>jdbc,mysql</param-value>
<!--<param-value>hibernate,mysql</param-value>-->
<!--<param-value>datajpa,mysql</param-value>-->
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/root-context.xml</param-value>
</context-param>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
root-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd">
<import resource="classpath:spring/app-context.xml"/>
<import resource="classpath:spring/security-context.xml"/>
</beans>


I didn't add in pom.xml taglib dependency

Related

jsf commandButton managedBean action redirect to 404 page

I have my ManagedBean
TodoService.java
package com.medkhelifi.tutorials.todolist.services;
import com.medkhelifi.tutorials.todolist.models.dao.ITodoDao;
import com.medkhelifi.tutorials.todolist.models.entities.Todo;
import javax.faces.bean.ManagedBean;
import javax.faces.bean.ManagedProperty;
import javax.faces.bean.RequestScoped;
import javax.faces.bean.SessionScoped;
#ManagedBean
#RequestScoped
public class TodoService implements ITodoService {
#ManagedProperty(value = "ITodoDao")
private ITodoDao ITodoDao;
#Override
public void addTodo(Todo todo) {
ITodoDao.addTodo(todo);
}
public void setITodoDao(ITodoDao ITodoDao) {
this.ITodoDao = ITodoDao;
}
}
And I have my form to add new data
index.xhtml
<!-- extra code coes here -->
<b:column colMd="6">
<div class="todolist not-done">
<h1>Todos</h1>
<h:form>
<b:inputText type="text" class="form-control add-todo" placeholder="Todo Title"/>
<b:inputTextarea type="text" placeholder="Description" />
<b:dateTimePicker placeholder="todo Date" format="YYYY-MM-DD HH:mm:ss"/>
<h:commandButton action="#{todoService.addTodo(null)}" class="btn btn-success" value="Add"/>
</h:form>
<hr/>
<ul class="list-unstyled" >
<ui:repeat value="#{TodoDao.getCurrentUserTodos()}" var="todo" >
<h:panelGroup rendered="#{!todo.done}">
<li class="ui-state-default">
<div class="checkbox">
<label><input type="checkbox" value="" />#{todo.title}</label>
</div>
</li>
</h:panelGroup>
</ui:repeat>
</ul>
<div class="todo-footer">
<strong><span class="count-todos"/></strong> Items Left
</div>
</div>
</b:column>
<!-- extra code coes here -->
When I perform my add button I'm redirected to the same page with 404 status.
There is my web.xml
<?xml version="1.0" encoding="UTF-8" ?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- DEFINE APPLICATION ENVIRONMENT -->
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<!-- DEFINE JSF SERVLET MAPPING -->
<servlet>
<servlet-name>FACES SERVLET</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>FACES SERVLET</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<!-- DEFINE WELCOME PAGE -->
<welcome-file-list>
<welcome-file>index.xhtml</welcome-file>
</welcome-file-list>
<!-- SPRING SERVLETS -->
<servlet>
<servlet-name>dispatcher-servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:/conf/applicationContext.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher-servlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- SPRING CONTEXT -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:conf/applicationContext.xml</param-value>
</context-param>
<!-- SPRING SECURITY FILTER -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<!-- Add this dispatcher to handle /j_spring_security_check url -->
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
</web-app>
I use also Spring security:
applicationContext-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<http auto-config="true">
<intercept-url pattern="/login*" access="permitAll()"/>
<intercept-url pattern="/javax.faces.resource/**" access="permitAll()"/>
<intercept-url pattern="/**" access="isAuthenticated()" />
<!-- access denied page -->
<access-denied-handler error-page="/403" />
<form-login
login-page="/login.xhtml"
default-target-url="/index.xhtml"
authentication-failure-url="/login.xhtml?error"
login-processing-url="/j_spring_security_check"
username-parameter="input_username"
password-parameter="input_password" />
<logout
logout-success-url="/login.xhtml"
/>
<!-- enable csrf protection -->
<csrf />
</http>
<authentication-manager>
<authentication-provider user-service-ref="myUserDetailsService">
<password-encoder hash="bcrypt"/>
</authentication-provider>
</authentication-manager>
</beans:beans>
And when I debug, the method TodoService.addTodo is never called, I hope I explained my problem well.
There is my stack:
Spring 4.2.2-Final
JSF 2.2.17

After few hours of searching I found the issue:
I missed to add csrf security hidden input to my form since I use csrf protection in my Spring security.
index.xhtml
<!-- extra code coes here -->
<b:column colMd="6">
<div class="todolist not-done">
<h1>Todos</h1>
<h:form>
<b:inputText type="text" class="form-control add-todo" placeholder="Todo Title"/>
<b:inputTextarea type="text" placeholder="Description" />
<b:dateTimePicker placeholder="todo Date" format="YYYY-MM-DD HH:mm:ss"/>
<!-- I missed to add this line -->
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<h:commandButton action="#{todoService.addTodo(null)}" class="btn btn-success" value="Add"/>
</h:form>
<hr/>
<ul class="list-unstyled" >
<ui:repeat value="#{TodoDao.getCurrentUserTodos()}" var="todo" >
<h:panelGroup rendered="#{!todo.done}">
<li class="ui-state-default">
<div class="checkbox">
<label><input type="checkbox" value="" />#{todo.title}</label>
</div>
</li>
</h:panelGroup>
</ui:repeat>
</ul>
<div class="todo-footer">
<strong><span class="count-todos"/></strong> Items Left
</div>
</div>
</b:column>
<!-- extra code coes here -->

spring can not send css & js resources

I use spring mvc and spring security for web app and tomcat as web application. I use mvc:resources to handle resources requests. But chrome console display following error:
Failed to load resource: the server responded with a status of 404 ()
Refused to execute script from 'http://localhost:8080/web-resources/jquery.min.js' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.
:8080/favicon.ico Failed to load resource: the server responded with a status of 404 ()
This picture is my project structure:
My web.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<display-name>Archetype Created Web Application</display-name>
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
<!-- security config-->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>spring-mvc</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-mvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-mvc-servlet.xml
/WEB-INF/security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<page-encoding>UTF-8</page-encoding>
</jsp-property-group>
</jsp-config>
</web-app>
And my spring-mvc-servlet.xml is:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<context:annotation-config/>
<context:component-scan base-package="java"/>
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/"/>
<property name="suffix" value=".jsp"/>
</bean>
<mvc:annotation-driven/>
<mvc:resources mapping="/web-resources/**" location="/web-resources" cache-period="31556926"/>
<mvc:resources mapping="/favicon.ico" location="/web-resources" cache-period="31556926"/>
</beans>
And security.xml is:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true">
<intercept-url pattern="/user**" access="ROLE_USER"/>
<intercept-url pattern="/" access="permitAll"/>
<intercept-url pattern="/web-resources**" access="permitAll"/>
<form-login
login-page="/login"
default-target-url="/user/index"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"/>
<logout logout-success-url="/login?logout"/>
<!-- enable csrf protection -->
<csrf/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abcd" password="123456" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
The following is view jsp file:
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%# taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<html>
<body>
<h1 id="banner">Login to Security Demo</h1>
<form name="f" action="<c:url value='j_spring_security_check'/>"
method="POST">
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='j_username'/></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password'></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"> <input name="reset" type="reset"></td>
</tr>
</table>
</form>
<script type="text/javascript" src="web-resources/jquery.min.js"></script>
</body>
</html>

your mvc resource mapping seems not set correct.
Try to change
<mvc:resources mapping="/web-resources/**" location="/web-resources" cache-period="31556926"/>
to
<mvc:resources mapping="/web-resources/**" location="/web-resources/" cache-period="31556926"/>
and also add following code to your spring security xml:
<http pattern="/web-resources/**" security="none"/>

Success page redirection not happening after applying spring security configuration?

I am trying to apply spring security login config to my application but while applying the config I am not able to redirect to success page
abc_security_config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:lang="http://www.springframework.org/schema/lang"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:s="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/lang http://www.springframework.org/schema/lang/spring-lang.xsd
http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<s:global-method-security pre-post-annotations="enabled" secured-annotations="enabled" proxy-target-class="true"/>
<s:http auto-config="true" use-expressions="true">
<s:intercept-url pattern="/login" access="permitAll"></s:intercept-url>
<s:intercept-url pattern="/logout" access="permitAll"></s:intercept-url>
<s:intercept-url pattern="/accessdenied" access="permitAll"></s:intercept-url>
<s:intercept-url pattern="/**" access="hasRole('ROLE_USER')"></s:intercept-url>
<!-- <s:form-login login-page="/login" default-target-url="/list" authentication-failure-url="/accessdenied"></s:form-login> -->
<s:form-login login-page="/login" authentication-success-forward-url="/home" default-target-url="/home" authentication-failure-url="/login.html?error=true"></s:form-login>
<s:logout logout-success-url="/logout" delete-cookies="JSESSIONID"></s:logout>
<s:csrf/>
</s:http>
<s:authentication-manager alias="authenticationManager">
<!-- <s:authentication-provider user-service-ref="customPreAuthUserDetailsService" /> -->
<s:authentication-provider>
<s:user-service>
<s:user name="abc" password="test" authorities="ROLE_USER" />
</s:user-service>
</s:authentication-provider>
</s:authentication-manager>
</beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID" version="3.0">
<display-name>Archetype Created Web Application</display-name>
<servlet>
<servlet-name>recon</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/configuration/abc-servlet.xml
/WEB-INF/configuration/abc_security_config.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>recon</servlet-name>
<url-pattern>/</url-pattern>
<!-- <url-pattern>/recon/*</url-pattern> -->
</servlet-mapping>
<!-- Spring Servlet Configuration : END -->
<!-- Spring Security : Start -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Spring Security : End -->
<context-param>
<param-name>defaultHtmlEscape</param-name>
<param-value>true</param-value>
</context-param>
<welcome-file-list>
<welcome-file>/index.jsp</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>5</session-timeout>
</session-config>
</web-app>
UserController.java
#Controller
//#RequestMapping(value = "/user")
public class UserController {
private final Logger logger = LoggerFactory.getLogger(UserController.class);
#Resource(name = "userService")
private UserService usrService;
#RequestMapping(value = "/login", method = RequestMethod.GET)
public String login(ModelMap model) {
System.out.println("::::::::::Controller Login::::::::::");
return "login";
}
#RequestMapping(value = "/", method = RequestMethod.GET)
public String defaultPage(ModelMap map) {
return "redirect:/home";
}
#RequestMapping(value = "/home", method = RequestMethod.GET)
public String listEmployees(ModelMap map) {
return "home";
}
#RequestMapping(value = "/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
return "logout";
}
}
Login.jsp (It is configured in the tiles.xml as a tiles definition)
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%# taglib uri="http://www.springframework.org/tags/form" prefix="form" %>
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<html>
<body>
<h1 id="banner">Login to Security Demo test</h1>
<form name="f" action="<c:url value='j_spring_security_check'/>"
method="POST">
<table>
<tr>
<td>Username:</td>
<td><input type='text' name='j_username' /></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password'></td>
</tr>
<tr>
<td colspan="2"> </td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"> <input name="reset" type="reset"></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</body>
</html>
When I put correct username and pwd it redirects to same page.
One more thing that I observed is, on the Eclipse console I am getting Print statement ::::::::::Controller Login:::::::::: 6 times instead of 1.
Is there any config I am missing ?

Unable to access links that are mapped in admin Controller even after successful authentication and it is showing 404 error

I am working on a E commerce project in which I use spring security for authentication of users. Actually the project is working fine but when I login as an admin, it show me that I am successful authentication as admin and when I click on the links whose request mapping is in admin controller it show me 404 error ,page is unable to find.
WEB.XML
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
id="WebApp_ID">
<display-name>Archetype Created Web Application</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/dispatcher-servlet.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- SPRING SECURITY CONFUGRATION -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<context:component-scan base-package="com.**" />
<security:http auto-config="true" >
<security:intercept-url pattern="/webapp/resources/**" access="permitAll"/>
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/admin/**" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/user/**" access="permitAll"/>
<security:form-login
login-page="/login"
username-parameter="username"
password-parameter="password"
authentication-success-forward-url="/userLogged"/>
<security:access-denied-handler
error-page="/error"/>
<security:csrf disabled="true"/>
<security:logout
logout-url="/logout"
invalidate-session="true"
logout-success-url="/" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select email, password, 'TRUE' as enabled from user where email=?"
authorities-by-username-query="select email, role from user where email=?"
/>
</security:authentication-provider>
</security:authentication-manager>
Admin Controller
#RequestMapping("/admin")
#Controller
public class adminController {
#RequestMapping("/insert")
public ModelAndView insertPage(){
ModelAndView mav =new ModelAndView("insert");
return mav;
}
}
Login Page
<form id="form" action="${pageContext.request.contextPath}/login" method="post" class="modal-content animate">
<div class="imgcontainer">
<img src="<c:url value="/resources/img/profile.png"/>"
alt="Avatar" class="avatar">
</div>
<div class="formcontainer">
<label><b>Username</b></label> <input type="text"
placeholder="Enter Username" name="username" required> <label><b>Password</b></label>
<input type="password" placeholder="Enter Password"
name="password" required>
<button type="submit">Login</button>
<input type="checkbox" checked="checked"> Remember me
</div>
<div class="formcontainer" style="background-color: #f1f1f1">
<button type="button"
onclick="document.getElementById('id01').style.display='none'"
class="cancelbtn">Cancel</button>
<span class="psw">Forgot password?</span>
</div>
</form>
Error screenshot

j-spring-security The requested resource is not available

i had created login authentication using the spring security framework..
when i include the <!-- Spring Security --> below entries in the web.xml the index page is not shown, also if i don't include the tag (<!-- Spring Security -->), the index page is shown, when i enter the userid/password and click on the submit button, i get the error
error without adding <!-- spring security --> tag
----------------------------------------------------
http://sgv09946224.gbl.ad.hedani.net:8080/SpringMVCExample/j_spring_security_check
HTTP Status 404 - The requested resource is not available.
error while adding <!-- spring security --> tag
----------------------------------------------------
http://sgv09946224.gbl.ad.hedani.net:8080/SpringMVCExample/
HTTP Status 404 - /SpringMVCExample/
type Status report
message /SpringMVCExample/
description The requested resource is not available.
web.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SpringMVCExample</display-name>
<!--
- Location of the XML file that defines the root application context.
- Applied by ContextLoaderListener.
-->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:spring/application-config.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!--
- Servlet that dispatches request to registered handlers (Controller implementations).
-->
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml /WEB-INF/mvc-security.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<!--
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
-->
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
<dispatcher>FORWARD</dispatcher>
</filter-mapping>
</web-app>
mvc-config.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Uncomment and your base-package here:
<context:component-scan
base-package="org.springframework.samples.web"/> -->
<mvc:resources mapping="/SpringMVCExample/resources/**" location="SpringMVCExample/resources/" />
<mvc:resources mapping="/images/**" location="/WEB-INF/images/" />
<mvc:annotation-driven />
<context:component-scan base-package="com.controller" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<!-- Example: a logical view name of 'showMessage' is mapped to '/WEB-INF/jsp/showMessage.jsp' -->
<property name="prefix" value="/WEB-INF/view/"/>
<property name="suffix" value=".jsp"/>
</bean>
</beans>
mvc-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:p="http://www.springframework.org/schema/p"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true">
<security:intercept-url pattern="/index*" access="ROLE_USER" />
<security:form-login login-page="/index" default-target-url="/showMessage"
authentication-failure-url="/fail2login" />
<security:logout logout-success-url="/logout" />
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="l1" password="l1" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
index.jsp
<!DOCTYPE html>
<%# page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%# taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<html>
<head>
<meta charset="utf-8">
<title>Welcome</title>
</head>
<body>
<img src="/SpringMVCExample/images/SupportDashboard.jpg"/>
<c:if test="${not empty error}">
Your login attempt was not successful, try again
</c:if>
<form name='f' action="<c:url value='j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
<c:url value="/showMessage.html" var="messageUrl" />
Click to enter
</body>
</html>
showmessage.jsp
<!DOCTYPE html>
<%# page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>
<html>
<head>
<meta charset="utf-8">
<title>Welcome</title>
</head>
<body>
<h2>${message}</h2>
</body>
</html>
spring/application-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">
<!-- Uncomment and add your base-package here:
<context:component-scan
base-package="org.springframework.samples.service"/> -->
<!-- hibernate configuration and mappings
<import resource="mvc-security.xml"/> -->
</beans>
maincontroller.java
package com.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.validation.*;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.ui.ModelMap;
/*
* author: Crunchify.com
*
*/
#Controller
public class MainController {
#RequestMapping("/showMessage")
public ModelAndView helloWorld() {
System.out.println("inisde showmessage method");
String message = "<br><div style='text-align:center;'>" +
"<h3>********** Welcome to LDO Support Landing page **********<h3> </div><br><br>";
return new ModelAndView("showMessage", "message", message);
}
#RequestMapping("/index")
public ModelAndView index() {
System.out.println("inisde index method");
String message = "<br><div style='text-align:center;'>" +
"<h3>********** Welcome to LDO Support Landing page **********<h3> </div><br><br>";
return new ModelAndView("showMessage", "message", message);
}
#RequestMapping(value="/fail2login", method = RequestMethod.GET)
public String loginerror(ModelMap model) {
System.out.println("inisde fail2login method");
model.addAttribute("error", "true");
return "login";
}
#RequestMapping(value="/logout", method = RequestMethod.GET)
public String logout(ModelMap model) {
System.out.println("inisde logout method");
return "login";
}
}
modified web.xml which worked for me
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<servlet>
<servlet-name>dispatcherServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/mvc-config.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcherServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-*.xml,
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>

Resources