struts and spring security-unable to login with correct username and password

[sumitjain303]

I am developing a struts2 + spring + tiles + hibernate + spring security application

When I go to url /register I am correctly redirected to the login page,
but on logging in with username and password specified in the bean configuration file,
I am redirected back to the login page with url "login?error=true" which means that the login was unsuccessful as I have mentioned "authentication-failure-url="/login?error=true""

I have configured form based login with the following configuration


//web.xml

Code:

<listener>
  	  <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param> 
        <param-name>contextConfigLocation</param-name> 
        <param-value>
        /WEB-INF/applicationContext.xml
        /WEB-INF/medic-security.xml 
        </param-value> 
    </context-param> 
    
    <filter> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <filter-class> 
            org.springframework.web.filter.DelegatingFilterProxy 
        </filter-class> 
    </filter> 
 
    <filter-mapping> 
        <filter-name>springSecurityFilterChain</filter-name> 
        <url-pattern>/*</url-pattern> 
    </filter-mapping>
  
    <filter>
    <filter-name>struts2</filter-name>
    <filter-class>org.apache.struts2.dispatcher.FilterDispatcher</filter-class>
    </filter>
  
    <filter-mapping>
    <filter-name>struts2</filter-name>
    <url-pattern>/*</url-pattern>
    </filter-mapping>

//medics-security.xml

Code:

    <http auto-config="true" access-denied-page="/error">
	<intercept-url pattern="/" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
	<intercept-url pattern="/register*" access="ROLE_USER" />
    <intercept-url pattern="/messagePost*" access="ROLE_USER" /> 
    <intercept-url pattern="/messageDelete*" access="ROLE_ADMIN" /> 
    <form-login login-page="/login" authentication-failure-url="/login?error=true"/> 
    <remember-me/>
    <logout/>
    
    </http> 

    <authentication-manager> 
       <authentication-provider> 
          <user-service>
          <user name="admin" password="secret" authorities="ROLE_USER"/>
          </user-service>	
       </authentication-provider> 
    </authentication-manager>

//login.jsp

Code:

    <form action="j_spring_security_check">	
        <label for="j_username">Username</label>
	<input type="text" name="j_username" id="j_username"/><br/>	
        <label for="j_password">Password</label>
	<input type="password" name="j_password" id="j_password"/><br/>	
        <input type='checkbox' name='_spring_security_remember_me'/> Remember me<br/>	
        <input type="submit" value="Login"/>
	<input type="reset" value="Reset"/>
    </form>

//struts.xml

Code:

    <package name="default" namespace="/" extends="struts-default">
        <action name="login" class="com.medics.action.LoginAction">
        <result name="SUCCESS" type="tiles">login</result>
        </action>
        
        <action name="register" class="com.medics.action.RegisterAction">
        <result name="SUCCESS">/Register.jsp</result>
        </action>
    </package>

Action classes are doing nothing except returning "SUCCESS"
Please help me

[Luke Taylor]

Enable debug logging and check the output in the log to see what happens. The fact that you end up at the login error page isn't much to go on.

[sumitjain303]

How do I enable debug logging

[sumitjain303]

Hey I found the solution, You have to use

<form method="post" action="j_spring_security_check"> in login.jsp

Its strange that the latest Apress book from which I read, doesn't mention this

[jklanka]

Hi,

I am struggling for more than a week to integrate spring 3 security and Struts 2 and please send one of you me a sample source code and I could able to run and learn.

my email jklanka@yahoo.com

Thanks
jklanka
newbee