Home/ Questions/Q 6560439
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-25T13:27:34+00:00

I have a Spring Security 3 application that I login and logout works well.

  • 0

I have a Spring Security 3 application that I login and logout works well. I wanted to implenment my own UsernamePasswordAuthenticationFilter for my application. I followed that tutorial:

http://mrather.blogspot.com/2010/02/extending-usernamepasswordauthenticatio.html

My Filter class is:

package security;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

public class CustomUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    @Override
    protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, Authentication authResult) throws IOException, ServletException {
        super.successfulAuthentication(request, response, authResult);
        System.out.println("==successful login==");
    }

    @Override
    protected void unsuccessfulAuthentication(HttpServletRequest request, HttpServletResponse response, AuthenticationException failed) throws IOException, ServletException {
        super.unsuccessfulAuthentication(request, response, failed);
        System.out.println("==failed login==");
    }
}

My security xml configuration file:

<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
             xmlns:beans="http://www.springframework.org/schema/beans"
             xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
             xsi:schemaLocation="http://www.springframework.org/schema/beans
                    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                    http://www.springframework.org/schema/security
                    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <global-method-security/>

    <http entry-point-ref="loginUrlAuthenticationEntryPoint"/>
    <beans:bean id="loginUrlAuthenticationEntryPoint"
                class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
        <beans:property name="loginFormUrl" value="/login.html"/>
    </beans:bean>
    <beans:bean id="customUsernamePasswordAuthenticationFilter"
                class="security.CustomUsernamePasswordAuthenticationFilter">
        <beans:property name="authenticationManager" ref="authenticationManager"/>
        <beans:property name="authenticationFailureHandler" ref="failureHandler"/>
        <beans:property name="authenticationSuccessHandler" ref="successHandler"/>
    </beans:bean>
    <beans:bean id="successHandler"
                class="org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler">
        <beans:property name="defaultTargetUrl" value="/login.html"/>
    </beans:bean>
    <beans:bean id="failureHandler"
                class="org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler">
        <beans:property name="defaultFailureUrl" value="/login.html?login_error=true"/>
    </beans:bean>
    <http auto-config="false" disable-url-rewriting="true">
        <custom-filter position="FORM_LOGIN_FILTER" ref="customUsernamePasswordAuthenticationFilter"/>
        <intercept-url pattern="/login.html" filters="none"/>
        <intercept-url pattern="/css/*" filters="none"/>
        <intercept-url pattern="/**" access="ROLE_USER"/>
    </http>
    <authentication-manager alias="authenticationManager">
        <authentication-provider>
            <password-encoder hash="sha-256"/>
            <user-service>
                <user name="sdf" password="6b86d273ff34fce19d6dddf5747ada4eaa22f1d49c01e52ddb7875b4b"
                      authorities="ROLE_USER"/>
            </user-service>
        </authentication-provider>
    </authentication-manager>

</beans:beans>

However when I run my application it doesn’t redirect to login page, it goes to index page by default and gives

404 Not found error

for all my web pages. Any ideas? Did I configure my application well?

PS: That writes at tutorial:

Note: Since we are replacing the default FORM_LOGIN_FILTER, we should
not use

so I removed that:

    <form-login
            login-page="/login3.html"
            login-processing-url="/j_spring_security_check"
            default-target-url="/index.html"
            always-use-default-target="true"/>
    <logout logout-url="/j_spring_security_logout"
            logout-success-url="/login.html"/>

from my XML file.

Also is there need to define successHandler and failureHandler because I didn’t overwrite them. If I do it because I am replacing the filter(or because of –http auto-config="false"

I don’t know the real purpose of that line, if you explain you are welcome) should I define anything else for security?

I am new to Spring Security 3 and Spring.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I solved tyhe problem: entry-point-ref=”loginUrlAuthenticationEntryPoint” shouldn’t be at different http tag.

    • 0