Results 1 to 2 of 2

Thread: spring security defaults not changed?!

  1. Jan 2nd, 2011, 12:24 AM #1
    tango
    tango is offline Member
    Join Date
    Nov 2010
    Posts
    45

    Default spring security defaults not changed?!

    gretting all
    im using spring security and defining my entry-point-ref like as this:

    Code:
        <http entry-point-ref="authenticationEntryPoint" use-expressions="true" >
        <custom-filter position="FORM_LOGIN_FILTER" ref="myLoginFilter"/>
        <intercept-url pattern="/login.jsp" access="permitAll"/>
        <intercept-url pattern="/login/failure.html" access="isAnonymous()"/>
        <intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
    </http>

    <beans:bean id="authenticationEntryPoint"
                class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.jsp"/>
    i compile my project and create a war file without any problem and put it in my webapps folder of
    tomcat and start it.
    so i expect that when i run my project and sent http://localhost:8080/ i get login.jsp

    however at least i see my login.jsp in browser but in my console log something logged like as below :


    Code:
    22297 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - Converted URL to lowercase, from: '/index.html'; to: '/index.html'
22297 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy - Candidate is: '/index.html'; pattern is /**; matched=true
22297 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 1 of 8 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No HttpSession currently exists
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: null. A new one will be created.
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 2 of 8 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 3 of 8 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 4 of 8 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 5 of 8 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 6 of 8 in additional filter chain; firing Filter: 'SessionManagementFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.session.SessionManagementFilter - Requested session IDB32454FA413C0E2DD873BD2C8B0629B9 is invalid.
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 7 of 8 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.FilterChainProxy$VirtualFilterChain - /index.html at position 8 of 8 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Converted URL to lowercase, from: '/index.html'; to: '/index.html'
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Candidate is: '/index.html'; pattern is /login.jsp; matched=false
22313 [http-8080-exec-1] DEBUG org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Candidate is: '/index.html'; pattern is /login/failure.html; matched=false
22328 [http-8080-exec-1] DEBUG org.springframework.security.web.access.intercept.DefaultFilterInvocationSecurityMetadataSource - Candidate is: '/index.html'; pattern is /**; matched=true
22328 [http-8080-exec-1] DEBUG org.springframework.security.access.intercept.AbstractSecurityInterceptor - Secure object: FilterInvocation: URL: /index.html; Attributes: [hasRole('ROLE_USER')]
22328 [http-8080-exec-1] DEBUG org.springframework.security.access.intercept.AbstractSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055e4a6: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@957e: RemoteIpAddress: 127.0.0.1; SessionId: null; Granted Authorities: ROLE_ANONYMOUS
22438 [http-8080-exec-1] DEBUG org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@1cab4a5, returned: -1
22453 [http-8080-exec-1] DEBUG org.springframework.beans.factory.support.AbstractBeanFactory - Returning cached instance of singleton bean 'sessionRegistry'
22469 [http-8080-exec-1] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
	at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71) ~[spring-security-core-3.0.5.RELEASE.jar:3.0.5.RELEASE]
    it seems that index.html is spring securities default page.but when i changed it, so why it must be represented?
    Reply With Quote Reply With Quote
  2. Jan 2nd, 2011, 05:30 AM #2
    pmularien
    pmularien is offline Senior Member
    Join Date
    Sep 2004
    Location
    Manchester, NH
    Posts
    1,236

    Default

    That's normal behavior based on your configuration - when the user hits "http://localhost:8080/", the container is trying to serve up "index.html". Since they are not authorized to see that page (due to your hasRole('ROLE_USER') check), they are instead redirected to the login page. This is what you're seeing in the logs.
    Peter Mularien | Blog
    Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
    SCJP 5, Oracle DBA
    Any postings are my own opinion, and should not be attributed to my employer or clients.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules