Results 1 to 4 of 4

Thread: form login configuration

  1. Jul 3rd, 2009, 07:48 AM #1
    jmbaker
    jmbaker is offline Member
    Join Date
    Oct 2008
    Posts
    78

    Default form login configuration

    Hello,

    If I have all my login resources under the path /login, and I want all access to the site to be redirected to a login page /login/login.do, what's wrong with this configuration:

    Code:
      <security:http>
    <security:intercept-url pattern="/login/*" filters="none" />
    <security:intercept-url pattern="/img/**" filters="none"  />
    <security:intercept-url pattern="/style/*" filters="none"  />
    <security:intercept-url pattern="/script/*" filters="none"  /> 
    <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> 

    <security:form-login login-page="/login/login.do" login-processing-url="/login/loginProcess.do" default-target-url="/" authentication-failure-url="/login/login.do?login_error=1" />
    <security:logout logout-url="/logout" logout-success-url="/login/login.do" />
  </security:http>
    At present, I'm getting:

    WARNING: No mapping found for HTTP request with URI [/WebFlowExample/login/loginProcess.do] in DispatcherServlet with name 'mycart'

    when the interceptors are in use - if I remove them, it works.

    My understanding is the interceptors are configured to protect everything but where filters="none" is defined. The loginProcess.do URL is for form submission, so why the error when they are in place?

    Thanks.
  2. Jul 3rd, 2009, 08:34 AM #2
    davymeers
    davymeers is offline Member
    Join Date
    Jan 2009
    Posts
    86

    Default

    i guess you have to change he order or your intercept-url's.

    try placing the
    Code:
    <security:intercept-url pattern="/login/*" filters="none" />
    at the end of your intercept-url's
  3. Jul 3rd, 2009, 08:40 AM #3
    Marten Deinum
    Marten Deinum is offline Senior Member
    Join Date
    Jun 2006
    Location
    The Netherlands
    Posts
    13,629

    Default

    Well placing it at the end is not going to work.. As soon as something matches /** in this case checking stops. However the security configuration has no security configured everything is either not filtered (filters="none") or enabled for anonymous access (the /**). So basically there is no security...
    Marten Deinum
    Java Consultant / Pragmatist / Open Source Enthousiast / Author

    Pro Spring MVC: With Web Flow
    Conspect

    Have you read the reference guide.
    Use the [ code ] tags, young padawan
  4. Jul 3rd, 2009, 10:44 AM #4
    jmbaker
    jmbaker is offline Member
    Join Date
    Oct 2008
    Posts
    78

    Default

    Hello,

    Thanks for the feeback. I assume that I need to allow URLs for the login page, so that's really what I'm asking. If I've got a directory /login with a jsp /login/login.jsp, and I want any authenticated request to go to /login/login.jsp, how do I configure the security?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules