Develop Reference

Can't get Spring security "remember me" feature to work

I'm new to Spring and Java. Trying to set up security remember me feature.
Here is my security.xml and login.jsp files. What am I doing wrong?
security.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"/>
<security:password-encoder ref="passwordEncoder"/>
</security:authentication-provider>
</security:authentication-manager>
<security:http use-expressions="true">
<security:intercept-url pattern="/" access="permitAll"/>
<security:intercept-url pattern="/createplayer" access="isAuthenticated()"/>
<security:intercept-url pattern="/players" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/createaccount" access="permitAll"/>
<security:intercept-url pattern="/login" access="permitAll"/>
<security:intercept-url pattern="/logout" access="permitAll"/>
<security:intercept-url pattern="/welcome" access="hasRole('ROLE_ADMIN')"/>
<security:intercept-url pattern="/**" access="denyAll"/>
<security:form-login login-page="/login" authentication-failure-url="/login?error=true"/>
<security:remember-me key="MyAppKey" remember-me-parameter="remember-me"
remember-me-cookie="remember-me"
token-validity-seconds="604800"
data-source-ref="dataSource"/>
</security:http>
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder">
</bean>
</beans>
login.jsp
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<body>
<h1>Login</h1>
<c:if test="${param.error != null}">
Login failed. Check if username or password are correct!
</c:if>
<form action = "/login", method="post">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
Name <br>
<input name="username"/> <br>
Password<br>
<input type="password" name="password"/> <br>
Remember me <br>
<input type="checkbox" name="remember-me">
<br><br>
<input type="submit"> <br><br>
</form>
<h2>${msg}</h2>
<br>
Create account <br>
</body>
</html>
P.S. I tried adding
<session-config>
<session-timeout>1</session-timeout>
</session-config>
to web.xml to check if "remember me" works, but instead it "remembering me" it always logs out in one minute.

Add id to your jdbc-user-service
<security:jdbc-user-service data-source-ref="dataSource" id="jdbcUserService/>
and refer to your service from remember-me by it's id like this:
<security:remember-me key="MyAppKey"
user-service-ref="jdbcUserService"/>

Spring custom login form issue with Spring Security 4.0.2

I am using Spring MVC 4.2, Hibernate 4.2.20, Apache Tiles 3.0.5 & Spring Security 4.0.2.
Well, my project was running well until I tried to use CUSTOM login page and it fails.
Please look at below page when it works with in-built login.
Now when I tried to use CUSTOM login page I get below error and nothing specific error in the console.
I am NOT sure what could be wrong. Please look at further info below.
Project Structure
My Jars under /lib folder
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>SpringMVCHibernateProject</display-name>
<!-- global variables -->
<context-param>
<param-name>appRootPath</param-name>
<param-value>SpringMVCHibernateProject</param-value>
</context-param>
<!-- front controller -->
<servlet>
<servlet-name>spring-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/dispatcher-servlet.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
dispatcher-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:aop="http://www.springframework.org/schema/aop"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-4.2.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-4.2.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc-4.2.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-4.2.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx-4.2.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-4.0.xsd">
<!-- default page to show when app starts -->
<!-- <mvc:view-controller path="/" view-name="Home"/> --> <!-- this is one way; another way defined in the HomeController.java (preferred) -->
<!-- essentially sets you your Spring context to allow for dispatching requests to Controllers -->
<mvc:annotation-driven />
<!-- used to load static resources like css, js etc... -->
<mvc:default-servlet-handler/>
<!-- automatically wire values into properties, methods, and constructors. -->
<context:annotation-config/>
<!-- scan for components like #Controller, #Repository, #Service, #Component etc...-->
<context:component-scan base-package="au.com.snh.*" />
<!-- spring view resolver bean....commented out in favour of Apache Tiles -->
<!--
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
</bean>
-->
<!-- apache tiles...template framework -->
<!-- Resolves views selected for rendering by #Controllers to .jsp resources in the /WEB-INF/views directory -->
<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles3.TilesConfigurer">
<property name="definitions">
<list>
<value>/WEB-INF/tiles.xml</value>
</list>
</property>
</bean>
<bean id="tilesViewResolver" class="org.springframework.web.servlet.view.tiles3.TilesViewResolver">
<property name="viewClass">
<value>
org.springframework.web.servlet.view.tiles3.TilesView
</value>
</property>
<property name="order" value="0" />
</bean>
<!-- load database properties file -->
<context:property-placeholder location="classpath:database.properties"/>
<!-- declare beans -->
<bean id="regionDao" class="au.com.snh.dao.RegionDaoImpl" />
<bean id="regionService" class="au.com.snh.service.RegionServiceImpl" />
<!-- declare datasource bean -->
<bean id="dataSource" class="org.springframework.jdbc.datasource.DriverManagerDataSource">
<property name="driverClassName" value="${db.driver}" />
<property name="url" value="${db.url}" />
<property name="username" value="${db.user}" />
<property name="password" value="${db.pwd}" />
</bean>
<!-- hibernate -->
<bean id="sessionFactory" class="org.springframework.orm.hibernate4.LocalSessionFactoryBean">
<property name="dataSource" ref="dataSource" />
<property name="packagesToScan" value="au.com.snh.model" />
<property name="hibernateProperties">
<props>
<prop key="hibernate.dialect">${hibernate.dialect}</prop>
<prop key="hibernate.show_sql">${hibernate.show_sql}</prop>
<prop key="hibernate.format_sql">${hibernate.format_sql}</prop>
<prop key="hibernate.hbm2ddl.auto">${hibernate.hbm2ddl.auto}</prop>
</props>
</property>
</bean>
<bean id="transactionManager" class="org.springframework.orm.hibernate4.HibernateTransactionManager">
<property name="sessionFactory" ref="sessionFactory" />
</bean>
<tx:annotation-driven transaction-manager="transactionManager"/>
<!-- resource bundles -->
<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="/WEB-INF/propertybundle/common"/>
</bean>
<!-- spring secruity -->
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_USER" />
<security:form-login
login-page="/login"
login-processing-url="/j_spring_security_check"
authentication-failure-url="/login?error"
username-parameter="username"
password-parameter="password"
/>
<security:logout logout-success-url="/login?logout"/>
<security:csrf/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:user-service>
<security:user name="hitesh" password="hitesh123" authorities="ROLE_USER" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
</beans>
tiles.xml (Apache tiles)
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE tiles-definitions PUBLIC
"-//Apache Software Foundation//DTD Tiles Configuration 3.0//EN"
"http://tiles.apache.org/dtds/tiles-config_3_0.dtd">
<tiles-definitions>
<definition name="base" template="/WEB-INF/views/tiles/Template.jsp">
<put-attribute name="title" value="" />
<put-attribute name="header" value="/WEB-INF/views/tiles/Header.jsp" />
<put-attribute name="body" value="" />
<put-attribute name="footer" value="/WEB-INF/views/tiles/Footer.jsp" />
</definition>
<definition name="login" extends="base">
<put-attribute name="title" value="Welcome to Spring MVC and Hibernate World!" />
<put-attribute name="body" value="/WEB-INF/views/login.jsp" />
</definition>
<definition name="Home" extends="base">
<put-attribute name="title" value="Welcome to Spring MVC and Hibernate World!" />
<put-attribute name="body" value="/WEB-INF/views/Home.jsp" />
</definition>
<!-- Location Views -->
<definition name="LocationList" extends="base">
<put-attribute name="title" value="Location List" />
<put-attribute name="body" value="/WEB-INF/views/LocationList.jsp" />
</definition>
<definition name="LocationAddEdit" extends="base">
<put-attribute name="title" value="Add/Edit Location" />
<put-attribute name="body" value="/WEB-INF/views/LocationAddEdit.jsp" />
</definition>
<!-- Region Views -->
<definition name="RegionList" extends="base">
<put-attribute name="title" value="Regions" />
<put-attribute name="body" value="/WEB-INF/views/RegionList.jsp" />
</definition>
<definition name="RegionAdd" extends="base">
<put-attribute name="title" value="Add Region" />
<put-attribute name="body" value="/WEB-INF/views/RegionAdd.jsp" />
</definition>
<definition name="RegionEdit" extends="base">
<put-attribute name="title" value="Edit Region" />
<put-attribute name="body" value="/WEB-INF/views/RegionEdit.jsp" />
</definition>
<!-- Student Admission Views -->
<definition name="AdmissionForm" extends="base">
<put-attribute name="title" value="Edit Region" />
<put-attribute name="body" value="/WEB-INF/views/AdmissionForm.jsp" />
</definition>
<definition name="AdmissionFormSuccess" extends="base">
<put-attribute name="title" value="Edit Region" />
<put-attribute name="body" value="/WEB-INF/views/AdmissionFormSuccess.jsp" />
</definition>
</tiles-definitions>
SecurityController.java
package au.com.snh.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
#Controller
public class SecurityController {
#RequestMapping(value = "/login", method = RequestMethod.GET)
public ModelAndView login(#RequestParam(value = "error", required = false) String error, #RequestParam(value = "logout", required = false) String logout) {
System.out.println("login() start =>");
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username and password!");
}
if (logout != null) {
model.addObject("msg", "You've been logged out successfully.");
}
model.setViewName("login");
System.out.println("login() start <=");
return model;
}
}
My Custom Login Form
<%# page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<%# taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%# taglib uri="http://java.sun.com/jsp/jstl/functions" prefix="fn"%>
<div id="pageHeading">Login with Username and Password</div>
<div id="bodyContent">
<c:if test="${not empty error}">
<div class="error">${error}</div>
</c:if>
<c:if test="${not empty msg}">
<div class="msg">${msg}</div>
</c:if>
<form name='loginForm' action="<c:url value='j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>Username:</td>
<td><input type='text' id="username" name='username' value=''></td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' id="password" name='password' /></td>
</tr>
<tr>
<td colspan='2'>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}"/>
<input name="submit" type="submit" value="Login" />
</td>
</tr>
</table>
</form>
</div>
<script language="javascript">
document.getElementById("username").focus();
</script>
Can someone please tell me what could be wrong?
Looking forward to getting some help.
Thanks - Hitesh

Your login page is now a normal page displayed through DispatcherServlet instead of being generated by a Spring Security filter. So it must be accessible to non authenticated user. Currently, your security configuration requires a ROLE_USER for all pages... including /login. So here is what happens:
you make a request for any page before being authenticated
spring security detects that and redirect to /login page
browser sends a request for /login page without being authenticated
spring security detects that and redirect to /login page !
You must allow all accesses to /login page in dispatcher-servlet.xml:
<!-- spring secruity -->
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/login"
access="IS_AUTHENTICATED_FULLY,IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="ROLE_USER" />
...
alternatively, you can create a dedicated security zone for /login fully by-passing security:
<!-- spring secruity -->
<security:http pattern = "/login*" security="none">
<security:http auto-config="true" use-expressions="false">
<security:intercept-url pattern="/**" access="ROLE_USER" />
...

It is not redirecting properly
Try to add the default-target-url
<security:form-login login-page="/login" default-target-url="/" authentication-failure-url="/login?error=true" />

Spring MVC portlet in Liferay 6.2, Model properties are null upon form post

I've tried to clone a Spring MVC Portlet project but upon posting the form todo properties are all null.
Repo is available on Github.
Here is the Controller code
#Controller
#RequestMapping("VIEW")
public class ToDoListController {
#RenderMapping
public String view() {
return "list";
}
#ActionMapping
public void save(#Valid ToDo toDo, BindingResult result, #CookieValue("JSESSIONID") String jsessionid,
PortletSession session, ModelMap modelMap) {
if (!result.hasErrors()) {
// could use entityManager to persist; put in session for this example
List<ToDo> toDos = (List<ToDo>) session.getAttribute("toDos");
if (toDos == null) {
toDos = new ArrayList<ToDo>();
}
toDos.add(toDo);
session.setAttribute("toDos", toDos);
modelMap.put("msg", String.format("You added a TODO: %s", toDo.getTitle()));
}
}
#ModelAttribute
private ToDo loadModel() {
return new ToDo();
}
}
Here is the View:
<%# page contentType="text/html" %>
<%# taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
<%# taglib prefix="portlet" uri="http://java.sun.com/portlet_2_0" %>
<%# taglib prefix="form" uri="http://www.springframework.org/tags/form" %>
<c:if test="${msg ne null}">
<div class="portlet-msg-success"><c:out value="${msg}" /></div>
</c:if>
<portlet:actionURL var="save" />
<form:form modelAttribute="toDo" action="${save}" method="POST">
<fieldset>
<legend>Add a TODO</legend>
<div>
<form:label path="title" cssStyle="display:block">Title:</form:label>
<form:input path="title" />
<form:errors path="title" cssClass="portlet-msg-error" />
</div>
<div>
<form:label path="due" cssStyle="display:block">Due (MM/DD/YYYY):</form:label>
<form:input path="due" />
<form:errors path="due" cssClass="portlet-msg-error" />
</div>
<div>
<form:label path="description" cssStyle="display:block">Description:</form:label>
<form:textarea path="description" />
<form:errors path="description" cssClass="portlet-msg-error" />
</div>
<div>
<input type="submit" value="Save" />
</div>
</fieldset>
</form:form>
And here is the Context:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context-2.5.xsd">
<mvc:annotation-driven validator="validator" />
<bean id="viewResolver"
class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="cache" value="true" />
<property name="viewClass"
value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/view/" />
<property name="suffix" value=".jsp" />
</bean>
<bean id="validator"
class="org.springframework.validation.beanvalidation.LocalValidatorFactoryBean" />
<bean id="annotationMethodHandlerAdapter"
class="org.springframework.web.portlet.mvc.annotation.AnnotationMethodHandlerAdapter">
<property name="webBindingInitializer">
<bean id="configurableWebBindingInitializer"
class="org.springframework.web.bind.support.ConfigurableWebBindingInitializer">
<property name="validator">
<ref bean="validator" />
</property>
</bean>
</property>
</bean>
</beans>
=====================================================================
Update:
Here is the working version: https://github.com/jzinedine/FirstPortlet

You need to set <requires-namespaced-parameters>false</requires-namespaced-parameters> in your liferay-portlet.xml when using Spring MVC with Liferay 6.2. It is explained on Liferay 6.2 documentation at the end of this page.

using a login page for spring security

i am a beginner with spring security. i wanted to try using a login.jsp to authenticate. the login page is showed, but when i authenticate, it doesn't go to the default-target-url. here is my code:
spring-security-context.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login.jsp*" access="permitAll"/>
<security:intercept-url pattern="/Home.jsp*" access="hasRole('ROLE_FORMATEUR')" />
<security:intercept-url pattern="/**" access="hasRole('ROLE_FORMATEUR')"/>
<security:form-login login-page='/login.jsp'
default-target-url='/Home.jsp'/>
</security:http>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider>
<security:user-service>
<security:user name="xxx" password="123" authorities="ROLE_FORMATEUR,ROLE_ADMIN" />
<security:user name="yyy" password="456" authorities="ROLE_FORMATEUR" />
</security:user-service>
</security:authentication-provider>
</security:authentication-manager>
login.jsp
<body>
<form method="post" action="j_spring_security_check">
<table>
<tr>
<td> Login: </td>
<td> <input type="text" name="j_username"> </td>
</tr>
<tr>
<td> Mot de passe: </td>
<td> <input type="password" name="j_passxord"> </td>
</tr>
<tr>
<td colspan="2"> <input type="submit" value="Valider">
<input type="reset" value="Annuler"> </td>
</tr>
</table>
</form>
</body>

<input type="password" name="j_passxord"> chance this to <input type="password" name="j_password">

Spring Security: jdbc-user-query, PreparedStatementCallback

I got a problem with my query but I don't know what has caused it so I need your help =)
I got the following exception:
PreparedStatementCallback; bad SQL grammar [select USERNAME as username, PASSWORD as password, from ams.user where USERNAME=?]; nested exception is com.mysql.jdbc.exceptions.MySQLSyntaxErrorException: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from ams.user where USERNAME='admin'' at line 1
Here's my login.jsp:
<div class="box">
<h1><spring:message code="login.description" /></h1>
<br/>
<form name='f' action="<c:url value='j_spring_security_check' />" method='POST'>
<ol>
<li>
<label><spring:message code="user.user" />:</label>
<em><img src="images/star_red.png" alt="required"></img></em>
<input type='text' name='j_username'>
</li>
<li>
<label><spring:message code="user.password" />:</label>
<em><img src="images/star_red.png" alt="required"></img></em>
<input type='password' name='j_password' />
</li>
<li>
<label> </label>
<input type='hidden' name='remember_me' id="remember_hidden" value="false"/>
<input type='checkbox' id='remember_checkbox' onchange="toggleRememberMe()" class="checkbox"/>
<spring:message code="login.remember" />
</li>
<li>
<label> </label>
<input type="submit" value="<spring:message code="login"/>"/>
</li>
</ol>
<br />
<br />
</form>
<c:if test="${not empty param.login_error}">
<div class="error">
<br />
<spring:message code="login.error" />
<br />
<spring:message code="login.errorReason" />:
<c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
</div>
</c:if>
</div>
Here's my Security-Context code:
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:tx="http://www.springframework.org/schema/tx"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- <security:http auto-config="true" access-decision-manager-ref="accessDecisionManager"> -->
<security:http auto-config="true">
<security:intercept-url pattern="/login/login.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/login/doLogin.do" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/lib/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/css/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_REMEMBERED" />
<security:form-login login-page="/login/login.do" authentication-failure-url="/login/login.do?login_error=true" default-target-url="/test/showTest.do"/>
<security:logout logout-success-url="/login/login.do" invalidate-session="true" />
<security:remember-me key="rememberMe"/>
</security:http>
<security:authentication-manager>
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select USERNAME as username, PASSWORD as password, from ams.user where USERNAME=?"
authorities-by-username-query="
select distinct user.USERNAME as username, permission.NAME as authority
from ams.user, ams.user_role, ams.role, ams.role_permission, ams.permission
where user.ID=user_role.USER_ID AND user_role.ROLE_ID=role_permission.ROLE_ID AND role_permission.PERMISSION_ID=permission.ID AND user.EMAIL=?"/>
<security:password-encoder ref="passwordEncoder" />
</security:authentication-provider>
</security:authentication-manager>
<bean id="passwordEncoder"
class="org.springframework.security.authentication.encoding.ShaPasswordEncoder">
<constructor-arg value="256" />
</bean>
</beans>
Does anyone have an idea what might have caused this error?
Would really appreciate your help on this one =)

There is a comma in the sql after password, remove that
change sql from
select USERNAME as username, PASSWORD as password, from ams.user where USERNAME=?
to
select USERNAME as username, PASSWORD as password from ams.user where USERNAME=?