Exception starting filter springSecurityFilterChain - org.springframework.beans.factory.NoSuchBeanDefinitionException - spring

I am new with spring. I am trying to use Spring Security to have authentication using MySQL, I get this error:
org.springframework.beans.factory.NoSuchBeanDefinitionException: No bean named 'springSecurityFilterChain' is defined
By judging from similar questions I think the security config file is not loaded.
my config file is in src/main/resources/spring-security.xml and I include it in awt.project.init.WebAppConfig:
#Configuration
#EnableWebMvc
#EnableTransactionManagement
#ComponentScan("awt.project")
#ImportResource("classpath:spring-security.xml")
public class WebAppConfig {
....
}
Here is the web.xml:
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee" xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
version="3.0">
<!-- Serves static resource content from .jar files such as spring-faces.jar -->
<servlet>
<servlet-name>Resource Servlet</servlet-name>
<servlet-class>org.springframework.js.resource.ResourceServlet</servlet-class>
<load-on-startup>0</load-on-startup>
</servlet>
<!-- Map all /resources requests to the Resource Servlet for handling -->
<servlet-mapping>
<servlet-name>Resource Servlet</servlet-name>
<url-pattern>/resources/*</url-pattern>
</servlet-mapping>
<!-- Java-based Spring container definition -->
<context-param>
<param-name>contextClass</param-name>
<param-value>org.springframework.web.context.support.AnnotationConfigWebApplicationContext</param-value>
</context-param>
<!-- Location of Java #Configuration classes that configure the components that makeup this application -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
awt.project.init
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- Processes application requests -->
<servlet>
<servlet-name>appServlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value></param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>appServlet</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<!-- Secures the application -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
I tried to also include the spring-security.xml in contexConfiguration as classpath:spring-security.xml but still I get the same problem.
Here is the spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<http auto-config="true">
<intercept-url pattern="/sec/moderation.html" access="ROLE_MODERATOR" />
<intercept-url pattern="/admin/*" access="ROLE_ADMIN" />
<form-login login-page="/user-login.html"
default-target-url="/success-login.html" authentication-failure-url="/error-login.html" />
<logout logout-success-url="/index.html" />
</http>
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder hash="plaintext" />
</authentication-provider>
</authentication-manager>


I might be wrong, but if you use AnnotationConfigWebApplicationContext and specify only a package name in contextConfigLocation, Spring will scan that package only for classes with a stereotype annotation (#Component, #Controller, #Service, etc), so your WebAppConfig is basically ignored. Try giving the fully qualified name of WebAppConfig as contextConfigLocation.

Related

Spring security blocking access to GWT services

I am a Spring security newbie am am having an issue when I am pairing it up with GWT. Namely, my calls to the services in GWT are marked as 403 forbidden.
POST http://127.0.0.1:8888/grapl/adminService 403 (Forbidden)
Here is my spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<b:beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:b="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd">
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true">
<security:intercept-url pattern="/login" access="permitAll" />
<security:intercept-url pattern="/**" access="isAuthenticated()" />
<security:intercept-url pattern="/grapl/auth/**" access="isAuthenticated()"/>
<security:intercept-url pattern="/grapl/adminService/**" access="isAuthenticated()"/>
</security:http>
<b:bean id="graplAuthentication" class="com.lilly.rim.security.GraplAuthentication"/>
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="graplAuthentication" />
</security:authentication-manager>
</b:beans>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee
http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
version="2.5"
xmlns="http://java.sun.com/xml/ns/javaee">
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/spring-security.xml, /WEB-INF/applicationContext.xml</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Servlets -->
<servlet>
<servlet-name>AdminServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.AdminServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>LoaderServiceServlet</servlet-name>
<servlet-class>com.foo.rim.server.LoaderServiceImpl</servlet-class>
</servlet>
<servlet>
<servlet-name>authServlet</servlet-name>
<servlet-class>com.foo.rim.server.AuthServiceImpl</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>authServlet</servlet-name>
<url-pattern>/grapl/auth</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>AdminServiceServlet</servlet-name>
<url-pattern>/grapl/adminService</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>LoaderServiceServlet</servlet-name>
<url-pattern>/grapl/loaderService</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<welcome-file-list>
<welcome-file>grapl.html</welcome-file>
</welcome-file-list>
</web-app>
Login and authentication is fine. I am redirected to my gwt frontend. My backend for the Spring authentication is a custom provider. All the configuration is done in the spring-security.xml.
Do the GWT servlets need a Spring annotation? Any example I have seen seems like it should all work via the configuration.

I needed to disable the csrf check.
<security:http ...
<security:csrf disabled="true" />
</security:http>

Accessing OSGI service from Spring

I would like to access OSGI service from Spring bean without DM. Currently I have 2 bundles bundle A is just exposing service, and bundle B is a web application with JSF and Spring Security. The following is the project structure:
-webapp
|
-OSGI-INF/blueprint/blueprint.xml
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0">
<bean id="sampleBean" class="com.test.bundleb.bean.SampleBean" init-method="create" activation="eager">
<property name="bundleAService" ref="bundleAService"></property>
</bean>
<reference id="bundleAService" interface="com.test.bundlea.service.BundleAService"/>
</blueprint>
|
-WEB-INF/faces-config.xml
<faces-config
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-facesconfig_2_1.xsd"
version="2.1">
<application>
<message-bundle>messages</message-bundle>=
<el-resolver>com.test.bundleb.listener.OsgiELResolver</el-resolver>
<el-resolver>org.springframework.web.jsf.el.SpringBeanFacesELResolver</el-resolver>
</application>
</faces-config>
Note that for accessing osgi beans from jsf bean, the following solution taken as-is and it is working.
Injecting blueprint OSGi service into JSF/PrimeFaces bean
|
-WEB-INF/web.xml
<web-app xmlns="http://java.sun.com/xml/ns/javaee" version="3.0">
<description>Test Web Application</description>
<context-param>
<param-name>facelets.VIEW_MAPPINGS</param-name>
<param-value>*.xhtml</param-value>
</context-param>
<context-param>
<param-name>javax.faces.STATE_SAVING_METHOD</param-name>
<param-value>client</param-value>
</context-param>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/spring-security.xml
</param-value>
</context-param>
<context-param>
<param-name>javax.faces.PROJECT_STAGE</param-name>
<param-value>Development</param-value>
</context-param>
<servlet>
<servlet-name>Faces Servlet</servlet-name>
<servlet-class>javax.faces.webapp.FacesServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>Faces Servlet</servlet-name>
<url-pattern>*.xhtml</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>index.html</welcome-file>
</welcome-file-list>
<!-- FIXME This should not be required, but Jetty does not pick up the
listener from a TLD at the moment. -->
<listener>
<listener-class>org.apache.myfaces.webapp.StartupServletContextListener
</listener-class>
</listener>
<!-- For Spring Security. -->
<listener>
<listener-class>com.bundleb.listener.ServiceLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
</web-app>
|
-WEB-INF/spring-security.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/secured" access="ROLE_USER"/>
<intercept-url pattern="/scripts" access="isAuthenticated()"/>
<form-login login-page="/login.xhtml" default-target-url="/secured/welcome.xhtml"
authentication-failure-url="/login.xhtml?status=error"/>
<logout logout-success-url="/login.xhtml?status=logout"/>
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="abc" password="ABC" authorities="ROLE_USER"/>
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
I can access OSGI service from JSF bean, the spring context can also be initialized and the security works fine. However, I couldn't access OSGI service from Spring bean. Is there a way to access it from spring bean without using Spring DM?

Spring's load-time weaving of spring managed beans, is there a conflict?

My project already had some aspects working using <aop:aspectj-autoproxy/> and using the aspectj style #Aspect annotations. But because we needed to advise some classes outside our control we wanted to introduce the Spring-style load time weaving for Tomcat as described in http://docs.spring.io/spring/docs/3....tml#aop-aj-ltw
My LTW configuration seems to be correct insofar as I have turned on the verbose and debug weaver options and I am seeing lines like this in my catalina.out
2013-11-28 13:17:57,167+0000 [INFO ] org.springframework.context.weaving.DefaultContext LoadTimeWeaver [main] - Using a reflective load-time weaver for class loader: org.springframework.instrument.classloading.tomcat .TomcatInstrumentableClassLoader
[TomcatInstrumentableClassLoader#53ea0105] info register aspect com.anon.profiling.aspect.MyAspect
...
[TomcatInstrumentableClassLoader#273d1402] debug not weaving 'org.quartz.SimpleTrigger'
[TomcatInstrumentableClassLoader#273d1402] debug not weaving 'org.apache.http.conn.scheme.SocketFactory'
...
The class I want to instrument is in a package with several others and I can see other classes in that package being debugged in the same way as not being woven. But about half of the classes (including the one I'm interested in...) aren't mentioned at all - either as being not woven or ignored or otherwise. Digging into it a little I think I spot a pattern that the classes being ignored are managed by Spring: either by being declared in an applicationContext.xml or being injected into another class with an #Inject.
Is it the case that a spring managed bean will not be loaded by the TomcatInstrumentableClassLoader for weaving? Is there something I need to add to my config to enable it?
-- Rachel
Edit: In response to #gadget
aop.xml
<aspectj>
<!-- "includes" required in order to use both Spring AOP as well as AspectJ Load Time Weaving where Proxied classes are not possible eg. MarkLogicClient -->
<weaver options="-verbose -showWeaveInfo -Xset:weaveJavaxPackages=true">
<!-- only weave classes in the following packages -->
<include within="mycompany..*"/>
<include within="javax.*"/>
</weaver>
</aspectj>
applicationContext.xml
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:aop="http://www.springframework.org/schema/aop" xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/aop
http://www.springframework.org/schema/aop/spring-aop-2.0.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd">
<context:component-scan base-package="mycompany.appname"/>
<context:annotation-config/>
<aop:aspectj-autoproxy proxy-target-class="true"/>
<context:load-time-weaver/>
<!-- bean declarations normally here, removed for brevity -->
</beans>
web.xml (apologies, it's a bit long but i didnt want to remove anything in case it was significant)
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>appname</display-name>
<context-param>
<param-name>log4jConfigLocation</param-name>
<param-value>classpath:log4j.properties</param-value>
</context-param>
<servlet>
<servlet-name>servicestatus</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>4</load-on-startup>
</servlet>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath:spring/*.xml</param-value>
</context-param>
<servlet>
<servlet-name>jersey-servlet</servlet-name>
<servlet-class>com.sun.jersey.spi.spring.container.servlet.SpringServlet</servlet-class>
<init-param>
<param-name>com.sun.jersey.api.json.POJOMappingFeature</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.spi.container.ResourceFilters</param-name>
<param-value>mycompany.appname.security.ResourceFilterFactory</param-value>
</init-param>
<init-param>
<param-name>com.sun.jersey.config.property.WadlGeneratorConfig</param-name>
<param-value>mycompany.appname.jersey.Isite2WadlGeneratorConfig</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>jersey-servlet</servlet-name>
<url-pattern>/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>servicestatus</servlet-name>
<url-pattern>/servicestatus</url-pattern>
</servlet-mapping>
<context-param>
<param-name>webAppRootKey</param-name>
<param-value>logging</param-value>
</context-param>
<context-param>
<param-name>propertiesConfigLocation</param-name>
<param-value>classpath:spring/propertiesConfigContext.xml</param-value>
</context-param>
<filter>
<filter-name>utf8ValidatingFilter</filter-name>
<filter-class>mycompany.appname.filter.Utf8ValidatingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>utf8ValidatingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>timingFilter</filter-name>
<filter-class>mycompany.appname.filter.TimingFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>timingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>mycompany.appname.log.EnvironmentalPropertiesLog4jContextListener</listener-class>
</listener>
</web-app>

Spring security: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored.

I am trying to configure spring security on my simple app, but I keep getting this error.
Caused by: java.lang.IllegalArgumentException: A universal match pattern ('/**') is defined before other patterns in the filter chain, causing them to be ignored. Please check the ordering in your <security:http> namespace or FilterChainProxy bean configuration
I have seen other similar posts, but could not figure out why I am getting this error. I don't seems to have duplicate security:http namespace configured.
Here goes my web.xml
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>sampler</display-name>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
classpath:**/sampler-context.xml
classpath:**/sampler-security.xml
</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>sampler</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
</servlet>
<servlet-mapping>
<servlet-name>sampler</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring security config:
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
<!-- Add Authentication Manager -->
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" authorities="ROLE_USER" password="test"/>
</user-service>
</authentication-provider>
</authentication-manager>
<!-- This would add login screen -->
<http auto-config="true">
<intercept-url pattern="/admin/*" access="ROLE_USER"/>
</http>
Its just a simple login functionality that I wanted to provide as of now. Any help around this issue would be really appreciated.

The problem was in the regex of classpath in the context-param.
<param-value>
classpath:**/sampler-context.xml
classpath:**/sampler-security.xml
</param-value>
Changing it to
<param-value>
classpath*:sampler-context.xml
classpath*:sampler-security.xml
</param-value>
solves this problem.

Spring Security Configuration and web.xml mapping

I am new to Spring Security and trying to figure out the exact flow of Spring-Security module,
Please suggest the right flow.
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
id="WebApp_ID" version="2.5">
<display-name>OnlineTestProject</display-name>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/security/applicationContext-security.xml
/WEB-INF/db/applicationContext.xml
</param-value>
</context-param>
<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListener
</listener-class>
</listener>
<servlet>
<servlet-name>dispatcher</servlet-name>
<servlet-class>
org.springframework.web.servlet.DispatcherServlet
</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<welcome-file-list>
<welcome-file>jsp/index.jsp</welcome-file>
</welcome-file-list>
</web-app>
applicationContext-security.xml
<http use-expressions="true">
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
<intercept-url pattern="/jsp/login.jsp" access="permitAll" />
<logout logout-url="/j_spring_security_logout"
invalidate-session="true" />
<remember-me />
<session-management invalid-session-url="/jsp/login.jsp?loggedout=true">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<anonymous enabled='false'/>
</http>
What I know is, when the request comes for the application it will go in welcome-file-list for opening the jsp/login.jsp in my case, so it will directly open jsp/login.jsp page, but as we keep security, so it will go inside applicationContext-security.xml and check whether jsp/login.jsp needs to be filter or not and so on....then where does
<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
authentication-failure-url="/jsp/login.jsp?login_error=1"
always-use-default-target="true" />
will come in picture, also as per I know is it should go to "/jsp/login.jsp" page for login and if the credentials succes then it should go to /jsp/index.jsp, but it is opening /jsp/index.jsp page first....
can some one please guide me the correct flow.
thanks

Resources