I want to use http post to post data from jsp page to my controller .the problem is that when I enable csrf the request wasn't sent but I want to enable csrf can any one help me ?
home.jsp
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.0/jquery.min.js"></script>
<title>Insert title here</title>
</head>
<body>
hello there !!!<br>
<button type="button" onclick="location.href='${pageContext.request.contextPath}/create';"> start workflow</button> <br>
<button type="button" onclick="location.href='${pageContext.request.contextPath}/workflows';"> View Workflows</button> <br>
<button type="button" onclick="sendDataWithJson();"> View data</button> <br>
login
<p>Parameter from home ${pageContext.request.userPrincipal.name}</p>
</body>
<script type="text/javascript">
function success(data){
alert("success");
}
function error(data){
alert("error");
}
function sendDataWithJson(){
$.ajax({
type: 'POST',
url: '<c:url value="/sendmessage" />',
data: JSON.stringify({"text":"bla bla bla","name":"MED"}),
success:success,
error:error,
contentType: "application/json",
dataType: "json"
});
}
</script>
</html>
springsecurity.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd">
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(uid={0})" user-search-base="ou=users"
group-search-filter="(uniqueMember={0})" group-search-base="ou=groups"
group-role-attribute="cn" role-prefix="ROLE_" />
</security:authentication-manager>
<security:ldap-server url="ldap://localhost:8389/o=mojo"
manager-dn="uid=admin,ou=system" manager-password="secret" />
<security:http use-expressions="true">
<security:intercept-url pattern="/" access="permitAll"/>
<security:intercept-url pattern="/next" access="permitAll" />
<security:intercept-url pattern="/workflows" access="isAuthenticated()"/>
<security:intercept-url pattern="/getmessages" access="isAuthenticated()"/>
<security:intercept-url pattern="/sendmessage" access="permitAll"/>
<security:form-login login-page="/login"
login-processing-url="/login"
authentication-failure-url="/login.html?error=true"
username-parameter="username"
password-parameter="password"
/>
<security:csrf/>
</security:http>
</beans>
controller
#RequestMapping( value = "/sendmessage" , method=RequestMethod.POST , produces="application/json")
#ResponseBody
public Map<String, Object> getData(#RequestBody Map<String, Object> data){
String text=(String) data.get("text");
String name=(String) data.get("name");
System.out.println(text+","+name);
Map<String, Object>rval = new HashMap<String, Object>();
rval.put("success",true);
return rval;
}
You can add the csrf value to html when you are using jsp:
<meta name="_csrf_param" content="${_csrf.parameterName}"/>
<meta name="_csrf" content="${_csrf.token}"/>
<!-- default header name is X-CSRF-TOKEN -->
<meta name="_csrf_header" content="${_csrf.headerName}"/>
this will render the crsf value from session.
and now you are using ajax, you should add the csrf token in header, you can extend the jquery:
$(function () {
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
$(document).ajaxSend(function(e, xhr, options) {
xhr.setRequestHeader(header, token);
});
});
Related
In my Spring application in spring security configuration file when csrf is enable
(<security:csrf/>)
and try to submit login form then Access denied page 403 appear (or)
(Invalid CSRF Token 'null' was found on the request parameter '_csrf' or header 'X-CSRF-TOKEN'.) exception (when access-denied-handler not present)
"But if I don't enable CSRF in spring security configuration file then everything work perfectly."
Here my codes when CSRF enable
pom.xml (all the versions)
<properties>
<spring.version>3.2.8.RELEASE</spring.version>
<spring.security.version>3.2.3.RELEASE</spring.security.version>
<jstl.version>1.2</jstl.version>
<mysql.connector.version>5.1.30</mysql.connector.version>
</properties>
spring-security.xml
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/**" access="isAuthenticated()"/>
<!-- access denied page -->
<security:access-denied-handler error-page="/403"/>
<security:form-login
login-page="/login" default-target-url="/loginSuccess" authentication-failure-url="/loginError?error"/>
<!-- enable csrf protection-->
<security:csrf/>
</security:http>
<!-- Select users and user_roles from database -->
<security:authentication-manager>
<security:authentication-provider>
<!--<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from registration where username=?"
authorities-by-username-query="select username, role from registration where username=?"/> -->
<security:user-service>
<security:user name="test" password="test" authorities="ROLE_USER" />
<security:user name="test1" password="test1" authorities="ROLE_ADMIN" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
Controller
#Controller
public class MainController {
#RequestMapping(value={"/login"})
public ModelAndView loginPage(){
ModelAndView model = new ModelAndView("login");
return model;
}
#RequestMapping(value={"/loginSuccess"},method=RequestMethod.POST)
public ModelAndView loginSuccess(Principal principal,HttpServletRequest request,HttpSession session){
ModelAndView model = new ModelAndView("success");
//Testing.......
String name = principal.getName();
model.addObject("username", name);
session = request.getSession();
session.setAttribute("USER", "system");
return model;
}
login.jsp
<%#taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%# page language="java" import="java.util.*" pageEncoding="ISO-8859-1"%>
<%#page session="true"%>
<%
String path = request.getContextPath();
String basePath = request.getScheme()+"://"+request.getServerName()+":"+request.getServerPort()+path+"/";
%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<base href="<%=basePath%>">
<title>login Page</title>
<!-- <meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
<meta http-equiv="expires" content="0">
<meta http-equiv="keywords" content="keyword1,keyword2,keyword3">
<meta http-equiv="description" content="This is my page">
<link rel="stylesheet" type="text/css" href="styles.css">
-->
</head>
<body onload='document.loginForm.username.focus();'>
<h1>Spring Security Login Form (Database Authentication)</h1>
<div>
<h3>Login with Username and Password</h3>
<c:if test="${not empty error}">
<div>${error}</div>
</c:if>
<form name="loginForm" action="j_spring_security_check" method="post">
<table>
<tr>
<td>Username</td>
<td><input type="text" name=j_username></td>
</tr>
<tr>
<td>Password</td>
<td><input type="password" name=j_password></td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" /></td>
</tr>
</table>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
</form>
</div>
</body>
</html>
403.jsp
<%#taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h1>HTTP Status 403 - Access is denied</h1>
<c:choose>
<c:when test="${empty username}">
<h2>You do not have permission to access this page!</h2>
</c:when>
<c:otherwise>
<h2>Username : ${username} <br/>You do not have permission to access this page!</h2>
</c:otherwise>
</c:choose>
</body>
</html>
Output:
HTTP Status 403 - Access is denied
Username : ${username}
You do not have permission to access this page!
Please help.
Solution
Controller:
#RequestMapping(value={"/","/loginSuccess"},method=RequestMethod.GET)
public ModelAndView loginSuccess()
web.xml
<welcome-file-list>
<welcome-file>login.jsp</welcome-file>
</welcome-file-list>
Due to of default page
I think you are doing an ajax request once you submit the form. In that case, you have to pass csrf token in the header.
something like,
var token = $("meta[name='_csrf']").attr("content");
var header = $("meta[name='_csrf_header']").attr("content");
var headers ={};
headers[header]=token;
var headerObj = {};
headerObj['headers']=headers;
$http.post("http://xyz",request,headerObj);
In order to enable csrf only for a particular url, You can do something like this
#EnableWebSecurity
#Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().requireCsrfProtectionMatcher(new RequestMatcher() {
#Override
public boolean matches(HttpServletRequest request) {
return request.getServletPath().contains("/xyz");
}
});
}
}
I am trying to make a simple AJAX call to dispatcher servlet from JSP and get string as response.But,I am able to call dispatcher servlet using form tag in jsp and success page is getting called.If I use ajax call is not even reaching dispatcher servlet.Please find the code for reference.I just want to know whether am I doing it in a right way.My goal is to get AJAX response
test.jsp
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>jQuery UI Tabs - Default functionality</title>
<script src="js/jquery-1.10.2.js"></script>
<script src="js/jquery-ui.js"></script>
<script src="js/jquery.jqGrid.min.js"></script>
<script>
$(document).ready(function() {
$("#btn1").click(function(){
$.ajax({
type: "Post",
url: "hello",
success: function(resp){
alert(resp)
}
});
});
});
</script>
</head>
<body>
<input type ="button" id="btn1" />
</body>
</html>
HelloController.java
package test;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.ui.ModelMap;
#Controller
#RequestMapping("/hello")
public class HelloController{
#RequestMapping(method = RequestMethod.POST)
#ResponseBody
public String printHello(ModelMap model) {
return "success";
}
}
HelloWeb-servlet.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd">
<context:component-scan base-package="test" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
It doesn't matter if you're using Ajax call or not, the request should reach to the desired controller.
With that being said, and the fact you wrote that the request doesn't even reach to its destination, then your problem is within your URL.
I would recommend using the Spring Url tag which is a part of Spring tag library. It will help you build your URL within your JSP files.
In your URL example, you obviously missing the complete URL, I believe it should be: http://localhost:8080/your_project_name/hello
So just do this:
add the next directive to your JSP file:
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
use the spring url tag within you Ajax call:
$.ajax
({
type: "Post",
url: '<spring:url value="/hello"/>',
success: function(resp){
alert(resp)
}
});
So the final result of your JSP should be:
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%# taglib uri="http://www.springframework.org/tags" prefix="spring" %>
<!doctype html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>jQuery UI Tabs - Default functionality</title>
<script src="js/jquery-1.10.2.js"></script>
<script src="js/jquery-ui.js"></script>
<script src="js/jquery.jqGrid.min.js"></script>
<script>
$(document).ready(function() {
$("#btn1").click(function(){
$.ajax
({
type: "Post",
url: '<spring:url value="/hello"/>',
success: function(resp){
alert(resp)
}
});
});
});
</script>
</head>
<body>
<input type ="button" id="btn1" />
</body>
</html>
I m using primefaces and spring security
the method below inside my backing bean works well.It invokes user details service and authenticates or rejects login attempts.
My problem is with redirection. What is the proper way of redirecting a user to the desired page after auth? Currently I can see that the user is authenticated but still the login form is displayed.
public String login(){
try{
Authentication request = new UsernamePasswordAuthenticationToken(this.getUsername(), this.getPassword());
Authentication result = authenticationManager.authenticate(request);
SecurityContextHolder.getContext().setAuthentication(result);
}
catch(Exception e){
e.printStackTrace();
return "incorrect";
}
return "correct";
}
<http auto-config="true">
<intercept-url pattern="/web/*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page="/web/login.xhtml"
default-target-url="/main.xhtml"
always-use-default-target="true" />
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider user-service-ref="kullaniciDetayServisi" />
</authentication-manager>
</beans:beans>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:f="http://java.sun.com/jsf/core"
xmlns:ui="http://java.sun.com/jsf/facelets">
<h:head>
</h:head>
<h:body>
<div align="center" style="">
<h:form id="loginFormId" prependId="false">
<div id="loginFieldsPnlId">
<div id="loginFieldUsrContId">
<h:outputText id="outTxtUserNameId" value="Username: " name="outTxtUserNameNm"></h:outputText>
<h:inputText id="userName" required="true" value="#{loginBean.username}" requiredMessage="Please enter username"></h:inputText>
<h:outputLabel id="outLblUserNameId" for="userName" name="outLblUserNameNm"></h:outputLabel>
</div>
<div id="loginFieldPassContId">
<h:outputText id="outTxtPasswordId" value="Password: " name="outTxtPasswordNm"></h:outputText>
<h:inputSecret id="password" required="true" value="#{loginBean.password}" requiredMessage="Please enter password" name="inTxtPasswordNm"></h:inputSecret>
<h:outputLabel id="outLblPasswordId" for="password" name="outLblPasswordNm"></h:outputLabel>
</div>
</div>
<div id="loginBtnPanelId">
<h:commandButton id="btnLoginId" value="Login" action="#{loginBean.login}" ajax="false"></h:commandButton>
<h:commandButton id="btnCancelId" value="Cancel" action="#{loginBean.cancel}" immediate="true" update="loginFormId" ajax="false"></h:commandButton>
</div>
</h:form>
</div>
<div>
<h:messages></h:messages>
</div>
</h:body>
</html>
Looks like you forgot to map the correct and incorrect path inside controller methods.
If I want to redirect than I might use
return "redirect:/correct/" + user.getUserName();
And handle this new request in a new controller method that map this new request.
or
return "redirect:/incorrect"
Return something like that from the controller method that handle login request.
or
Using proper navigation rules in /web/WEB-INF/faces-config.xml for JSF like this:
<?xml version='1.0' encoding='UTF-8'?>
<faces-config version="2.2"
xmlns="http://xmlns.jcp.org/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/javaee http://xmlns.jcp.org/xml/ns/javaee/web-facesconfig_2_2.xsd">
<navigation-rule>
<from-view-id>/index.xhtml</from-view-id>
<navigation-case>
<from-outcome>incorrect</from-outcome>
<to-view-id>/failure.xhtml</to-view-id>
</navigation-case>
<navigation-case>
<from-outcome>correct</from-outcome>
<to-view-id>/sucess.xhtml</to-view-id>
</navigation-case>
</navigation-rule>
</faces-config>
I am trying to get an example of custom j_spring_security_check working on tomcat 7.0.47. Spring MVC goes to login page ok but gives error after clicking submit - what I am expecting is spring to fill in the user roles and then go to main.jsp.
spring main config:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-3.0.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
<!-- ############################################# -->
<context:component-scan base-package="frostbyte.igloo" />
<!-- ############################################# -->
<mvc:resources mapping="/resources/**" location="/resources/"/>
<!-- ############################################# -->
<mvc:annotation-driven/>
<!-- ############################################# -->
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView"></property>
<property name="prefix" value="WEB-INF/jsp/"></property>
<property name="suffix" value=".jsp"></property>
</bean>
<!-- ############################################# -->
<bean id="messageSource"
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="classpath:messages"></property>
<property name="defaultEncoding" value="UTF-8"></property>
</bean>
<!-- ############################################# -->
</beans>
spring security config:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.2.xsd">
<!-- ############################################# -->
<beans:bean id="FrostByteAuthenticationProvider" class="frostbyte.igloo.jsp.custom.FrostByteAuthenticationProvider"></beans:bean>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="FrostByteAuthenticationProvider"></authentication-provider>
</authentication-manager>
<!-- ############################################# -->
<http auto-config="true" use-expressions="true">
<form-login login-processing-url="/login"
login-page="/login"
default-target-url="/main"
username-parameter="j_username"
password-parameter="j_password"
authentication-failure-url="/login?auth=fail"/>
<intercept-url pattern="/login" access="permitAll"></intercept-url>
<intercept-url pattern="/logout" access="permitAll"></intercept-url>
<intercept-url pattern="/**" access="hasRole('ADMIN')"/>
<logout logout-url="/logout" logout-success-url="/logout_success"></logout>
</http>
<!-- ############################################# -->
</beans:beans>
the AuthenticationProvider (non of these log messages ever get printed) :
package frostbyte.igloo.jsp.custom;
import java.util.ArrayList;
import java.util.List;
import org.apache.log4j.Logger;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import frostbyte.common.FrostbyteRole;
import frostbyte.common.FrostbyteUser;
public class FrostByteAuthenticationProvider implements AuthenticationProvider
{
private static final Logger LOG = Logger.getLogger(FrostByteAuthenticationProvider.class);
#Override
public boolean supports(Class<?> authentication)
{
LOG.error("FrostByteAuthenticationProvider : supports : Marker 1");
System.out.println("FrostByteAuthenticationProvider : supports : Marker 1");
return true;
}
#Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException
{
LOG.error("FrostByteAuthenticationProvider : authenticate : Marker 1");
System.out.println("FrostByteAuthenticationProvider : authenticate : Marker 1");
Authentication rtn = null;
String username = authentication.getName();
String password = authentication.getCredentials().toString();
LOG.error("FrostByteAuthenticationProvider : authenticate : Marker 10 : username = "+username);
LOG.error("FrostByteAuthenticationProvider : authenticate : Marker 20 : password = "+password);
FrostbyteUser user = new FrostbyteUser(); //for test everything validates
user.setUsername(username);
user.getRoles().add(new FrostbyteRole("ADMIN"));
LOG.debug("Authenticate : Marker 100");
//if (user.getUsername().equalsIgnoreCase("username"))
if (true)
{
LOG.debug("Authenticate : Marker 200");
if (true)
//if (password.equalsIgnoreCase(user.getPassword()))
{
LOG.debug("Authenticate : Marker 300");
List<GrantedAuthority> grants = new ArrayList<GrantedAuthority>();
for (FrostbyteRole _role:user.getRoles())
{
if (_role.equals("ADMIN"))
{
for ( String __role : _role.getRoles() )
{
grants.add(new SimpleGrantedAuthority(__role.toUpperCase()));
}
}
}
rtn = new UsernamePasswordAuthenticationToken(username, password, grants);
LOG.debug("Authenticate : Marker 898,000 : rtn = "+ rtn);
}
LOG.debug("Authenticate : Marker 899,000 : rtn = "+ rtn);
}
LOG.debug("Authenticate : Marker 900,000 : rtn = "+ rtn);
return rtn;
}
}
the login jsp:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<%# include file="/WEB-INF/jsp/include.jsp" %>
<meta http-equiv="pragma" content="no-cache">
<html>
<head>
<title></title>
<link rel="stylesheet" href="resources/styles.css" type="text/css" media="screen" />
<style type="text/css"></style>
</head>
<body>
request.getAttribute("message") = <%= request.getAttribute("message") %>
<br />
request.getParameter("message") = <%= request.getParameter("message") %>
<form action="<c:url value = "/j_spring_security_check" />" method="post">
<br /><br /><br />
<br /><br /><br />
<br />
<div class="containerCenterAlign">
<div class="container">
<div class="titleClass">Igloo<br /><div class="errorMessage"><%= message %></div></div>
<ul class="loginUL">
<li class="loginLeft">
<label class="loginLabel" for="j_username">Username</label>
<input id="username" name="j_username" class="loginText" type="text" value="" maxlength="150" />
<label class="loginLabel" for="j_password">Password</label>
<input id="password" name="j_password" class="loginText" type="password" value="" maxlength="150" />
</li>
<li class="loginRight">
<input type="submit" name="submit" id="submit" value="Login" class="loginSubmit" />
</li>
</ul>
<div style="clear: both; height: 2px;"></div>
</div>
</div>
</form>
</body>
</html>
include.jsp:
<%# page language="java" contentType="text/html;charset=UTF-8"%>
<%# page session="false"%>
<%# page import="java.io.*" %>
<%# page import="java.util.*" %>
<%# page import="frostbyte.*" %>
<%# page import="org.apache.log4j.*" %>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%# taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt" %>
<%# taglib prefix="s" uri="http://www.springframework.org/tags"%>
<%# taglib prefix="sform" uri="http://www.springframework.org/tags/form"%>
<%# taglib prefix="frostbyte" uri="http://frostbyte/tags" %>
I managed to stumble across the fix by removing
login-processing-url="/login"
I am posting these results here since its almost impossible to find good spring tutorials, even in the 4 spring books I have. Note I also had to add filter for the resources
My flow.xml is
<?xml version="1.0" encoding="UTF-8"?>
<flow xmlns="http://www.springframework.org/schema/webflow"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:webflow="http://www.springframework.org/schema/webflow-config"
xsi:schemaLocation="http://www.springframework.org/schema/webflow
http://www.springframework.org/schema/webflow/spring-webflow-2.0.xsd">
<view-state id="index" view="/WEB-INF/jsp/index.jsp">
<transition on="phoneEntered" to="s1"/>
</view-state>
<view-state id="s1" view="/WEB-INF/jsp/ac.jsp">
<transition on="buttonPressed" to="next"/>
</view-state>
<end-state id="next" view="/WEB-INF/jsp/next.jsp"/>
</flow>
my index.jsp code is
<%#page contentType="text/html" pageEncoding="UTF-8"%>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Welcome to Spring Web MVC project</title>
</head>
<body>
<form:form>
<input type="hidden" name="_flowExecutionKey" value="${flowExecutionKey}"/>
<input type="submit" name="_eventId_phoneEntered" value="HIT ME"/>
</form:form>
</body>
</html>
my spring webflow starts well.1st view state renders well but when i click submit button on index.jsp .. nothings happens
when index.jsp renders in web browser the url looks like /orderFlow.htm?execution=e2s1
please help
You need the Spring form tag library defined in your JSP:
<%# taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
You also do not need or want the hidden _flowExecutionKey parameter.