Spring security not working for me

Question

I have implemented Spring Security, but for some reason security part is not getting activated and its freely open the secured page. Please help. My complete code is here as

web.xml

    <filter>
     <filter-name>springSecurityFilterChain</filter-name>
     <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>
    <filter-mapping>
     <filter-name>springSecurityFilterChain</filter-name>
     <url-pattern>/</url-pattern>
    </filter-mapping>

    <servlet>
      <servlet-name>dispatcherServlet</servlet-name>
      <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>

      <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
      <servlet-name>dispatcherServlet</servlet-name>
      <url-pattern>/</url-pattern>
    </servlet-mapping>

    <listener>
      <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <context-param>
      <param-name>contextConfigLocation</param-name>
      <param-value>/WEB-INF/spring-security.xml</param-value>
    </context-param>

dispatchServlet-servlet.xml

     <context:component-scan base-package="com.component"/>

         <bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">    
             <property name="prefix">
             <value>/WEB-INF/web-pages/</value>
             </property>
           <property name="suffix">
             <value>.jsp</value>
               </property>
         </bean>

     </beans>

spring-security.xml

    <http    use-expressions="true">
      <intercept-url pattern="/login" access="permitAll" />
      <intercept-url pattern="/logout" access="permitAll" />
      <intercept-url pattern="/admin" access="hasRole('ROLE_ADMIN')"/>
      <form-login login-page="/login" default-target-url="/list" authentication-failure-url="/accessdenied" />
    </http>

    <authentication-manager>
        <authentication-provider>
            <user-service> 
                <user name="abhi" password="12345" authorities="ROLE_ADMIN"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

LoginController.java

    @Controller
    public class LoginController {    
        @RequestMapping(value = {"/","/welcome"}, method = RequestMethod.GET)
        public ModelAndView welcome(){        
            ModelAndView mv = new ModelAndView();
            mv.addObject("name","abhi");
            mv.addObject("title","welcome page");
            mv.setViewName("/welcome");        
            return mv;
        }    
        @RequestMapping(value={"/admin**"}, method=RequestMethod.GET)
        public ModelAndView admin(){        
            ModelAndView mv = new ModelAndView();
            mv.addObject("title", "welcome admin");
            mv.addObject("name", "Abhinav as admin");
            mv.setViewName("/admin");        
            return mv;
        }    
        @RequestMapping(value = "/login", method = RequestMethod.GET)
        public String login(ModelMap model) {
            return "login";
        } 
    }

when I try to access '/admin' it never land on security part (means login.jsp) its directly opens admin.jsp. why so?

score 1 · Accepted Answer · answered Sep 04 '14 at 07:54

1

Change url pattern from "/" to "/*" for springSecurityFilterChain

answered Sep 04 '14 at 07:54

jaroslawj

462
2
12

its works!!! thanks. could you please let me know what "/" and "/*" really means in springSecurityFilterChain ? – Abhi Sep 04 '14 at 08:07
Here is something nicely explained :) http://stackoverflow.com/questions/4140448/difference-between-and-in-servlet-mapping-url-pattern – jaroslawj Sep 04 '14 at 08:12

Spring security not working for me

1 Answers1