I am new to Spring Security and have configured Spring Security in my Spring MVC application.
After submission of login page, I am getting the following error
The requested resource (/j_spring_security_check) is not available.
I am not able to understand this behaviour.
Please help.
spring-security.xml
<security:http auto-config="true" use-expressions="true" access-denied-page="/appln/denied">
<security:intercept-url pattern="/appln/login" access="permitAll" />
<security:intercept-url pattern="/appln/index" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/appln/run" access="hasRole('ROLE_ADMIN')" />
<security:intercept-url pattern="/appln/common" access="hasRole('ROLE_USER')" />
<security:form-login login-page="/appln/login"
authentication-failure-url="/appln/login?error=true"
default-target-url="/appln/run"
authentication-success-handler-ref="AuthHandlr" />
<security:logout invalidate-session="true"
logout-success-url="/appln/login"
delete-cookies="JSESSIONID" />
</security:http>
Web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<servlet>
<servlet-name>servlet</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
Solved the issue.
In my loginpage.jsp , the action attribute was defined as
action=../../j_spring_security_check
I was playing with the above and changed it to
action = /j_spring_security_check
and it worked without any issues.
Although the issue is solved , can anybody please elaborate on why did the change in the path work.
The form action can be 'j_spring_security_check' or '/j_spring_security_check'.
This is a default in Spring-Security can not be changed.
Similarly the form fields have to be 'j_username' and 'j_password'