Search:

Here are a few I've looked at depending what you need:
- JavaMelody (open source - http://code.google.com/p/javamelody/)
- PSI Probe (open source - http://code.google.com/p/psi-probe/)
- App...

You probably want to implement your own AuthenticationSuccessHandler.

Try adding this:



<intercept-url pattern="/loginProcess*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>

Are you using 'intercept-url' in your Spring Security config file for https? If so you might want to make sure you have the following:



<sec:intercept-url pattern="/loginProcess*"...

I have accomplished this by creating my custom AuthenticationProcessingFilter, AuthenticationSuccessHandler, and AuthenticationFailureHandler (which you probably don't need).

Issue resolved! Once I noticed the logic had been moved to set the exception on session, I noticed a method I needed to call in my custom AuthenticationFailureHandler.



...

After further investigation, it appears the following code was removed from the AbstractAuthenticationProcessingFilter between 3.0.2 and 3.0.3. Where was it moved to? I have discovered that a...

Just seems a bit odd that this doesn't happen with Spring Security 3.0.2 but it does with 3.0.3.

I do have a custom FailureHandler that extends SimpleUrlAuthenticationFailureHandler to go to custom failure urls. This does not work in Spring Security 3.0.3 but it does work in 3.0.2.




...

What version of Spring Security are you using?

Any ideas on how to debug why the SPRING_SECURITY_LAST_EXCEPTION isn't making it back to the page?

Yes, I have the following configuration.



<sec:intercept-url pattern="/loginProcess*" access="IS_AUTHENTICATED_ANONYMOUSLY" requires-channel="https"/>

.
.
.

I am getting a Tomcat error page during a failed login attempt for uri /loginProcess. Any ideas what would cause this? It started happening on the upgrade to Spring Security 3.0.2.

Tomcat Error...

Sure, here is my security config.



<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:p="http://www.springframework.org/schema/p"...

Nothing else changed other than updating the following jars with 3.0.3. When I put the 3.0.2 jars back it worked fine. I debugged into the code and saw the exception but it was never set on...

Can anyone understand why this would work in Spring Security 3.0.2 but not 3.0.3? Thanks.

I just upgraded from Spring Security 3.0.2 to 3.0.3. Everything seemed to work fine except when a login exception occurred (e.g. BadCredentials). Reverting back to 3.0.2 fixed the problem.

Here...

Where is an example of using a LoginController to serve muliple login pages? I agree that I seem to fight with Spring Security more than I should.

Were you able to get this working? It seems like something the framework should allow - determining which login form applies to which page, possibly within the intercept-url mappings.

Any help for this problem? Seems simple but how is it done with Spring Security?

So does this require the DAO to use the @Repository annotation for the @PersistenceContext injection to work?

When my DAO was annotated @Repository, everything worked fine. I do not want to annotate my DAO, so I define it in XML configuration. Now my EntityManager is no longer being injected, and is null....

What are you saying? What would the class/config look like? I'm currently trying to still use
@PersistenceContext
private EntityManager em;

The problem is the EntityManager is null. ...

I want to be able to modify my DAO classes using xml configuration, but i loose the injection of the EntityManager. Is there a way around this? Thanks.

I am trying to implement a SaltSource based on a property of my User entity (not the SpringFramework User). In order to accomplish this I need to map my User to an implementation of UserDetails so...