I have developed a spring web application and am in the process of adding login and spring security. Ive added the filter definition to web.xml and in my security.xml have configured a <http> element as follows
Normally all my links map to a htm which are handled by the controllers, except for the login.jsp page which is accessed directly as the form-login page
<intercept-url pattern="/login.jsp*" filters="none"/>
<intercept-url pattern="/mobile/**" filters="none" />
<intercept-url pattern="/**" access="ROLE_USER" />
<form-login login-page='/login.jsp' />
<jdbc-user-service data-source-ref="dataSource" />
Important note, without the security configuration, the login.jsp shows up correctly with the right css and everything. The css basically has a background image for the header section. and the css is linked as follows. My prob may have something to do with the css paths but i am not sure
When i add the spring security configuration it goes to the login page as expected but all my css is missing, (i can see there is a problem just by looking at the css in mozilla firebug). Also when i click on the login button, whose action is defined as j_spring_security_check, half the time it tries to go to my css instead of my index page. i know i can define it to go to my index page every time i logon by using 'always-use-default-target' attribute but i want the ability to bookmark links and go to them after logging in.
<link rel="stylesheet" href="CSS/Common.css" type="text/css"/>
<link rel="stylesheet" href="CSS/Header.css" type="text/css"/>
my directory structure is
Now i am not a front end developer by any stretch so idk if the prob is somehow with the css path in the jsp, but after i am able to login and then go back to the login.jsp page, then its happy displaiyn my css. I can post my jsp code if anyone requires
On a side note, instead of havin a login.jsp in the main path, i tried to configure my form-login page to a login.htm and let the controller handle it by havin my login.jsp in my web-inf/jsp folder like the rest of them. while runnin in debug, i noticed that on failed login, it called my controller 3 times for some reason. I am not sure why? When i call a url eg test.htm which in turn returns a view of meta-inf/jsp/test.jsp does it apply the filters again for the jsp pages, Do i need to exclude my WEB-INF folder from filters explicitly ?
Also for the <form-login> element, the attribute 'login-processing-url', hows that different from 'login-page' attribute.
please please!! any help would be greatly appreciated.