Spring-security login not working 404 Error

[kibyegon]

Hello, Im using
Spring-security 3.0.5
Hibernate 3.5.0
jdk 1.6
tomcat 6.0.29
GWT 2.1.1

I have tried to deploy my app to apache tomcat and it loads successfully. But when I try to login, I get an error message

Code:

The requested resource (/j_spring_security_check) is not available.

Apparently when I run the app in development mode on eclipse using jetty, im able to log in successfully.

When I take a look at the logs, nothing useful is logged which I can be able to know where my app breaks. Here is an output from my catalina.log log file

Code:

2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - SessionListener: contextDestroyed()
2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - ContextListener: contextDestroyed()
2011-03-03 12:45:47,454 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Shutting down log4j
2011-03-03 12:45:47,461 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Closing Spring root WebApplicationContext
2011-03-03 12:45:47,493 [Thread-2] ERROR org.apache.catalina.loader.WebappClassLoader - The web application [/precisionweb] registered the JBDC driver [org.postgresql.Driver] but failed to unregister it when the web application was stopped. To prevent a memory leak, the JDBC Driver has been forcibly unregistered.
2011-03-03 12:45:47,718 [Thread-2] WARN  org.apache.catalina.connector.MapperListener - Error unregistering MBeanServerDelegate
java.lang.NullPointerException
        at org.apache.catalina.connector.MapperListener.destroy(MapperListener.java:176)
        at org.apache.catalina.connector.Connector.stop(Connector.java:1135)
        at org.apache.catalina.core.StandardService.stop(StandardService.java:596)
        at org.apache.catalina.core.StandardServer.stop(StandardServer.java:744)
        at org.apache.catalina.startup.Catalina.stop(Catalina.java:648)
        at org.apache.catalina.startup.Catalina$CatalinaShutdownHook.run(Catalina.java:692)
2011-03-03 12:45:47,719 [Thread-2] INFO  org.apache.coyote.http11.Http11Protocol - Stopping Coyote HTTP/1.1 on http-8080
2011-03-03 12:45:47,719 [Thread-2] ERROR org.apache.catalina.connector.Connector - Coyote connector has not been started

and this is an excerpt from my localhost.log

Code:

2011-03-03 12:45:43,746 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Initializing Spring root WebApplicationContext
2011-03-03 12:45:46,220 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Set web app root system property: 'webapp.root' = [/usr/local/tomcat/webapps/precisionweb/]
2011-03-03 12:45:46,220 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Initializing log4j from [/usr/local/tomcat/webapps/precisionweb/WEB-INF/classes/log4j.properties]
2011-03-03 12:45:46,369 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - ContextListener: contextInitialized()
2011-03-03 12:45:46,370 [main] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - SessionListener: contextInitialized()
2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - SessionListener: contextDestroyed()
2011-03-03 12:45:47,441 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/examples] - ContextListener: contextDestroyed()
2011-03-03 12:45:47,454 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Shutting down log4j
2011-03-03 12:45:47,461 [Thread-2] INFO  org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/precisionweb] - Closing Spring root WebApplicationContext

and from my catalina.out log file

Code:

[DEBUG] [http-8080-2 12:45:49] (AbstractSecurityInterceptor.java:authenticateIfRequired:292) Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@905571d8: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@0: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: 73ED62DBA4A7190169F657233DF21C81; Granted Authorities: ROLE_ANONYMOUS
[DEBUG] [http-8080-2 12:45:49] (AffirmativeBased.java:decide:53) Voter: org.springframework.security.access.vote.RoleVoter@12f9924, returned: 0
[DEBUG] [http-8080-1 12:45:49] (ExceptionTranslationFilter.java:doFilter:100) Chain processed normally
[DEBUG] [http-8080-2 12:45:49] (AffirmativeBased.java:decide:53) Voter: org.springframework.security.access.vote.AuthenticatedVoter@1ef3212, returned: 1
[DEBUG] [http-8080-1 12:45:49] (HttpSessionSecurityContextRepository.java:saveContext:338) SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
[DEBUG] [http-8080-2 12:45:49] (AbstractSecurityInterceptor.java:beforeInvocation:213) Authorization successful
[DEBUG] [http-8080-1 12:45:49] (SecurityContextPersistenceFilter.java:doFilter:89) SecurityContextHolder now cleared, as request processing completed
[DEBUG] [http-8080-2 12:45:49] (AbstractSecurityInterceptor.java:beforeInvocation:223) RunAsManager did not change Authentication object
[DEBUG] [http-8080-2 12:45:49] (FilterChainProxy.java:doFilter:362) /resources/Scarab-Precision-Green.gif reached end of additional filter chain; proceeding with original chain
[DEBUG] [http-8080-2 12:45:49] (ExceptionTranslationFilter.java:doFilter:100) Chain processed normally
[DEBUG] [http-8080-2 12:45:49] (HttpSessionSecurityContextRepository.java:saveContext:338) SecurityContext is empty or anonymous - context will not be stored in HttpSession. 
[DEBUG] [http-8080-2 12:45:49] (SecurityContextPersistenceFilter.java:doFilter:89) SecurityContextHolder now cleared, as request processing completed

Here is my filter chain in my web.xml file

Code:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE web-app
    PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

<web-app>
  <!-- Location for Log4j logging properties -->
  <context-param>
      <param-name>log4jConfigLocation</param-name>
      <param-value>/WEB-INF/classes/log4j.properties</param-value>
   </context-param>
   
  <!-- Spring security filters -->
  <filter>
  <filter-name>springSecurityFilterChain</filter-name>
  <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
  </filter>
	 
  <filter-mapping>
  <filter-name>springSecurityFilterChain</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
    .....

from my application-context.xml

Code:

<http auto-config="true" access-denied-page="/">
        <intercept-url pattern="/precisionweb/**" access="ROLE_USER"/>
        <intercept-url pattern="/gwt/**" access="ROLE_USER"/>
        <intercept-url pattern="/**/*.html" access="ROLE_USER"/>
        <intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <intercept-url pattern="/login.jsp*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
        <form-login login-page="/login.jsp"/>
    </http>

and my login.jsp

Code:

<div id="login_dialog" class="login_dialog">
   <form name="f" action="/j_spring_security_check" method="POST">
    <div id="user_name_login">
      <h2>Username</h2>
      <input autocapitalize="off" autocorrect="off" id="username" name="j_username" type="text"><br>

      <h2>Password</h2>
      <input id="password" name="j_password" type="password"><br>

        <label><input class="auto" id="remember_me" name="remember_me" value="1" type="checkbox"> Remember me on this computer</label><br>

      <input class="button" name="commit" value="Sign in" type="submit">

My guess is that the security context filter isn't forwarding the login request properly. Help on this is highly appreciated.

[pmularien]

Thanks for providing log file excerpts, but unfortunately they don't show the actual login attempt.

What is the actual URL that is displayed in your browser when you get the 404? Does it have a webapp context path in front of it (e.g. /precisionweb/j_spring_security_check) or not? When you were running in Jetty, was this application at the root of the web server (e.g. no "/precisionweb" prefix)?

You are using a relative URL in your form ("/j_spring_security_check"), so unless you are doing something that you aren't sharing with us, this will resolve to the URL http://localhost:8080/j_spring_security_check (for example). Your web application is deployed to a context path, so the URL should be http://localhost:8080/precisionweb/j...security_check (for example). I'd suggest using the JSTL "url" tag to create a context-relative path, or use an analogous type of link building command in whatever UI framework you are using.

[kibyegon]

thanks pmularien for your prompt answer.

And you are right by stating that the context path i had in the form in my login page was resolving to the url http://localhost:8080/j_spring_security_check. I changed it to this action="/precisionweb/j_spring_security_check" method="POST"> and now it works. I ran the app on jetty and looked at the response using firebug and it actually gave the same error message
Failed to load source for: http://127.0.0.1:8888/j_spring_security_check. Wonder why it logged me in anyway. Thanks for that, you really saved me alot of agony.

Regarding your suggestions, I am using spring-security to provide security to my gwt app. I'm using jsps for the login, after that its all gwt. In this scenario, would using the JSTL "url" tag be a good option?