Search:

What method and in which class should I override to direct user into correct page after login?

For logout I use link to /j_spring_security_logout.


Is there any samples how to do that?

How to after login enter the page which was visited last before logout?

Here is security config:


<security:http auto-config="true">
<security:intercept-url pattern="/login.action"...

Our application based on Spring Security & Struts 2 runs under tomcat 6.

Here is security http config:

<security:http auto-config="true">
.....
<security:form-login...

Is there possibility to set default security expression such as @PreAuthorize("hasRole('ROLE_USER')") for all methods in class or whole project?

Thanks, it resolved the problem.

I'm using Spring Security 3.0.5. Context root is /. Namespace for administration role is /admin.

Exact steps are:
1) I type http://localhost:8080/ and http://localhost:8080/login.action appears....

Without Spring Security Filter Chain URLs work. Application based on Struts2.
There are no errors on startup.

I'm logined when I enter it.

Even if I change config to error-page="/login.action", I receive the same:
HTTP Status 404 - /login.action
The requested resource (/login.action) is not available.

Here are my configurations:

<security:http auto-config="true">
<security:intercept-url pattern="/login.action" filters="none"/>
<security:intercept-url pattern="/js/**"...

Thanks to all. The debugging resolved the problem. It was my stupid inattention mistake.

Also I have small question. To mark authentification error I use...

I receive ProviderNotFoundException: No AuthenticationProvider found for org.springframework.security.authentication.UsernamePasswordAuthenticationToken:


17:50:15,937 DEBUG FilterChainProxy:195...

As I mentioned earlier, I want only simple mechanism for seruring URLs and methods.


I handle login, logout myself.

I guess AuthenticationManager is used only for login? Or I mistake?

Here are all my recent configurations:

web.xml:

<?xml version="1.0" encoding="UTF-8"?>
<web-app id="WebApp_9" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee"
...

I only need to secure URLs and methods.

My application has own difficult authentification method, and I can simply set the SecurityContext in this method:

...

Yes, but also I use <global-method-security pre-post-annotations="enabled" />


That doesn't help.

I use your code, that you posted earlier with blank methods. I just added debug breakpoints there:


public class MyAuthenticationProvider extends
...

Yes, it works. But I when I use custom AuthenticationProvider, can't hit neither AuthenticationProvider.retrieveUser nor AuthenticationProvider.authenticate.

Maybe I understand something wrong...
I guess I must hit method AuthenticationProvider.retrieveUser (or AuthenticationProvider.authenticate) after posting request to to "/j_spring_security_check"...

MyAuthenticationProvider.supports??? What is it? Can't find it in reference.

Can you post links to samples with such implementations?

I mean, is there possibility to catch all AccessDeniedException's of all secured methods in one place?

There is a typical configuration example in reference:

<bean id="filterSecurityInterceptor"
class="org.springframework.security.web.access.intercept.FilterSecurityInterceptor">
<property...

Yes. I can't access secured urls, this means - this filter works.
But why I don't hit MyAuthenticationProvider?

I created custom AuthenticationProvider and post the request to "/j_spring_security_check" with parameters "j_username" and "j_password".
But I don't hit this provider class. Why?

Here is...

Thanks,

and one more question: how to handle all that AccessDeniedException's in one place of code?