spring security ALWAYS ALWAYS redirects to the INDEX PAGE

[marcKun]

Im having this problem in my website. Everytime I FIRST visit my WEBSITE, whenever I'm trying to visit a NON-SECURED page, I will always get redirected to the index page.

Im not sure if I have misconfigured something but whenever I clear the cache on my browser, and then access a NON-SECURED page, I am ALWAYS redirected to my index page.

The console log will follow, for more information.

Can somebody help me?

Scenario:
INDEX PAGE: Guest.do
NONSECURE PAGE: LocalAction.do

Clear cache
Visit LocalAction.do
you will be redirected to Guest.do
Now visit LocalAction.do AGAIN
and everything is fine

Please advise. This is an urgent bug.

-marckun

[marcKun]

Code:

2010-06-03 16:46:08,707 DEBUG [org.springframework.security.util.FilterChainProxy] - Candidate is: '/customer/localaction.do'; pattern is /_notes/**; matched=false
......
2010-06-03 16:46:08,713 DEBUG [org.springframework.security.util.FilterChainProxy] - Candidate is: '/customer/localaction.do'; pattern is /customer/localaction.do; matched=true
2010-06-03 16:46:08,738 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 1 of 7 in additional filter chain; firing Filter: 'org.springframework.security.context.HttpSessionContextIntegrationFilter[ order=200; ]'
2010-06-03 16:46:08,738 DEBUG [org.springframework.security.context.HttpSessionContextIntegrationFilter] - No HttpSession currently exists
2010-06-03 16:46:08,738 DEBUG [org.springframework.security.context.HttpSessionContextIntegrationFilter] - New SecurityContext instance will be associated with SecurityContextHolder
2010-06-03 16:46:08,751 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 2 of 7 in additional filter chain; firing Filter: 'org.springframework.security.ui.logout.LogoutFilter[ order=300; ]'
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 3 of 7 in additional filter chain; firing Filter: 'crown.security.CustomerAuthenticationProcessingFilter[ order=700; ]'
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 4 of 7 in additional filter chain; firing Filter: 'org.springframework.security.wrapper.SecurityContextHolderAwareRequestFilter[ order=1100; ]'
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.wrapper.SavedRequestAwareWrapper] - Wrapper not replaced; no session available for SavedRequest extraction
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 5 of 7 in additional filter chain; firing Filter: 'org.springframework.security.ui.ExceptionTranslationFilter[ order=1400; ]'
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 6 of 7 in additional filter chain; firing Filter: 'org.springframework.security.ui.SessionFixationProtectionFilter[ order=1600; ]'
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.util.FilterChainProxy] - /customer/LocalAction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456 at position 7 of 7 in additional filter chain; firing Filter: 'org.springframework.security.intercept.web.FilterSecurityInterceptor@d54304'
2010-06-03 16:46:08,752 DEBUG [org.springframework.security.intercept.web.DefaultFilterInvocationDefinitionSource] - Converted URL to lowercase, from: '/customer/localaction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456'; to: '/customer/localaction.do?username=hmac01&lang=en&action=lo&key=12346a7d27b076fcb3231f4884a8904bf3b9123456'
....
2010-06-03 16:46:08,885 DEBUG [org.springframework.beans.CachedIntrospectionResults] - Getting BeanInfo for class [crown.action.LocalAction]
...
2010-06-03 16:46:09,050 DEBUG [org.springframework.security.ui.ExceptionTranslationFilter] - Chain processed normally
....
2010-06-03 16:46:09,050 DEBUG [org.springframework.security.context.HttpSessionContextIntegrationFilter] - SecurityContextHolder now cleared, as request processing completed
...
2010-06-03 16:46:09,065 DEBUG [org.springframework.security.util.FilterChainProxy] - Converted URL to lowercase, from: '/jsp/guest.do'; to: '/jsp/guest.do'
...
2010-06-03 16:46:09,065 DEBUG [org.springframework.security.util.FilterChainProxy] - Candidate is: '/jsp/guest.do'; pattern is /css/**; matched=false
.....

[pavan.naris]

Hi Marckun,

It may happen when you are accessing the images and css files as well i guess.
Please change your configuration of AuthenticationProcessFilter to access this contents by ROLE_ANONYMOUS also

Thanks
Pavan

[mmuzamil]

Would you mind sharing your configurations?