Hi ,


ApplicationContext.xml
----------------------
<security:http auto-config="true" access-denied-page="/AccessDenied">
<security:intercept-url pattern="/LoginPage" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<security:intercept-url pattern="/**" access="ROLE_ADMIN"/>
<security:concurrent-session-control max-sessions="1" exception-if-maximum-exceeded="true" />


<security:form-login login-page="/LoginPage" authentication-failure-url="/LoginPage"/>
</security:http>


<!-- Security Authentication Provider -->
<security:authentication-provider>
<security:user-service>
<security:user password="admin" name="admin"
authorities="ROLE_ADMIN" />
<security:user password="suresh" name="suresh"
authorities="ROLE_USER" />
<security:user password="venkat" name="venkat"
authorities="ROLE_USER" />

</security:user-service>

</security:authentication-provider>

<bean id="filterChainProxy" class="org.springframework.security.util.FilterCha inProxy">
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=concurrentSessionFilter,httpSessionContextInteg rationFilter,logoutFilter
</value>
</property>
</bean>
<bean id="concurrentSessionFilter"
class="org.springframework.security.concurrent.Con currentSessionFilter">
<property name="sessionRegistry" ref="sessionRegistry" />
<property name="expiredUrl" value="/MyLoginPage" />
</bean>


<bean id="httpSessionContextIntegrationFilter"
class="org.springframework.security.context.HttpSe ssionContextIntegrationFilter">
<property name="allowSessionCreation" value="true"/>
<property name="forceEagerSessionCreation" value="true"/>
</bean>
<bean id="logoutFilter"
class="org.springframework.security.ui.logout.Logo utFilter">
<constructor-arg value="/" />
<constructor-arg>
<list>
<bean
class="org.springframework.security.ui.logout.Secu rityContextLogoutHandler"/>
</list>
</constructor-arg>
</bean>
<bean id="sessionRegistry"
class="org.springframework.security.concurrent.Ses sionRegistryImpl" />

Web.xml
--------

<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFil terProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>

<listener>
<listener-class>
org.springframework.web.context.ContextLoaderListe ner
</listener-class>
</listener>
<listener><listener-class>
org.springframework.security.ui.session.HttpSessio nEventPublisher
</listener-class>
</listener>

Login.Java
----------
public class LoginPage extends WebPage {


EofficeUser eofficeUser;
public LoginPage() {
//super(LoginPage.class);
eofficeUser= new EofficeUser();
add(new LoginPageForm("loginForm"));

add(new FeedbackPanel("errorMessages") {

private static final long serialVersionUID = 1L;

public boolean isVisible() {
return anyMessage(FeedbackMessage.ERROR);
}
});
}

public class LoginPageForm extends Form<LoginPageForm> {

private static final long serialVersionUID = 1L;

public LoginPageForm(String id) {
super(id);

add(new RequiredTextField<String>("loginId", new PropertyModel<String>(eofficeUser, "loginId")));
add(new PasswordTextField("password", new PropertyModel<String>(eofficeUser, "password")));
}

@Override
public final void onSubmit() {

AuthenticatedWebSession session = AuthenticatedWebSession.get();
if(session.authenticate(eofficeUser.getLoginId(), eofficeUser.getPassword())){
System.out.println("Authenticated Successfully"+session.getRoles());}
if(session.signIn(eofficeUser.getLoginId(), eofficeUser.getPassword())) {
setDefaultResponsePageIfNecessary();
} else {
setResponsePage(LoginPage.class);
}

}

private void setDefaultResponsePageIfNecessary() {
if(!continueToOriginalDestination()) {
setResponsePage(((MyAuthenticatedWebApplication) getApplication()).getSignInPageClass());
}
}




}

}

AuthenticatedWebSession.java
-----------------------------

@SpringBean
private transient AuthenticationManager authenticationManager;

@Override
public boolean authenticate(String username, String password) {
System.out.println(username+password);
boolean authenticated = false;
try {
Authentication authentication = authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(username, password));


SecurityContextHolder.getContext().setAuthenticati on(authentication);

authenticated = authentication.isAuthenticated();
System.out.println("Authenticated Details"+authentication.getDetails());
} catch (AuthenticationException e) {

authenticated = false;
}
return authenticated;
}

I am getting Null Pointer Exception when i call session.authenticate(usrerid,password)(userid and password or not null)


pleas let me know Whether i am missing something before authenticating the user and password or i have done some thing wrong with spring security configuration.
Please help me to sort out this problem.

Thanks in advance.

Regards,
Suresh