j_spring_security_check 404 issue

[zhangxin]

Hi ,

I aming integrate spring security 2.04 with my existing web project.
but I don't want to let every applications under spring security framework. so I am trying to change security filter and only handle certain URL in the web.xml, then I encountered 404 error that show cannot found j_spring_security_check when I try to login. The changes I pasted as below:

<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/report/*</url-pattern>
</filter-mapping>

If I using <url-pattern>/*</url-pattern>, then everything is working fine.

login.jsp shows as below:
<form method="POST" action="<c:url value="/j_spring_security_check" />">
<table>
<tr>
<td align="right">Username</td>
<td><input type="text" name="j_username" /></td>
</tr>
<tr>
<td align="right">Password</td>
<td><input type="password" name="j_password" /></td>
</tr>
<tr>
<td align="right">Remember me</td>
<td><input type="checkbox" name="_spring_security_remember_me" /></td>
</tr>
<tr>
<td colspan="2" align="right"><input type="submit" value="Login" />
<input type="reset" value="Reset" /></td>
</tr>
</table>
</form>

Would I know how to resovle it? or any recommandations are welcome.
PS: Spring security whether have any performance impact? for those who expert .
Thanks

[aek]

with <url-pattern>/*</url-pattern> all works fine because it fit /j_spring_security_check, in your case it will be /report/j_spring_security_check in the html form action because that are the url that AuthenticationProcecingFilter it will lookup since the all urls that it will proccess have the "/report/" prefix. simply change the form action or configure it properly Spring Security filters in your configs files.

[zhangxin]

hi Aek, thank for you reply. I try to change login.jsp
<form method="POST" action="<c:url value="/report/j_spring_security_check" />">
But I still encounter the same 404 error
HTTP Status 404 - /mt/report/j_spring_security_check. Same result when I try use /report/j_spring_security_check in the browser directly. As you explained, I think you are right which authenticationProcecingFilter should be handle all of requests with url /report/, but I don't know what's wrong with it. Where is mapping for /j_spring_security_check , I suppose it should be configed in somewhere.

BTW, you mentioned or can change in the configuration file. Would I know how to do it or do you any example. many thanks

[Luke Taylor]

If you are using the namespace, it is the login-processing-url property of the <form-login> login:

http://static.springframework.org/sp...e.html#d4e3203

This also explains how it maps to a bean property.

[zhangxin]

Hi Luke Taylor,

Thanks for you prompt reply. It works after I change login-processing-url from default value to /report/j_spring_security_check and change login.jsp action url as well.
Many thanks for your help.

[aek]

Luke I think that would be interesting that url-pattern prefix became propagated from org.springframework.security.util.FilterToBeanProx y to any filter that ask for this, and in the method requiresAuthentication of org.springframework.security.ui.AbstractProcessing Filter the line:
return uri.endsWith(request.getContextPath() + filterProcessesUrl);
could be
return uri.endsWith(request.getContextPath() + url-pattern-prefix +filterProcessesUrl);
to avoid this kind of problems