I have implmented a server backend for a mobile client using Spring MVC,Restful webservices. I want to secure the app with spring security. I have put a custom login.jsp to handle the login as follows.
<body onload='document.f.j_username.focus();'>
<h3>Login with Username and Password (Custom Page)</h3>
<c:if test="${not empty error}">
<div class="errorblock">
Your login attempt was not successful, try again.<br /> Caused :
${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
</div>
</c:if>
<form name='f' action="<c:url value='j_spring_security_check' />"
method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
</form>
my web.xml is as follows.
<display-name>Spring MVC Application</display-name>
<!-- Spring MVC -->
<servlet>
<servlet-name>mvc-dispatcher</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>mvc-dispatcher</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/mvc-dispatcher-servlet.xml,
/WEB-INF/spring-security-context.xml
</param-value>
</context-param>
<!-- Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security-context.xml is as follws.
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true">
<intercept-url pattern="/getHierarchy" access="ROLE_USER" />
<form-login login-page="/login" default-target-url="/getHierarchy"
authentication-failure-url="/loginfailed" />
<logout logout-success-url="/logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
But I get a warning on eclipse
The tag handler class for “c:if” (org.apache.taglibs.standard.tag.rt.core.IfTag) was not found on the Java Build Path
And get a not found error on j_spring_security_check when I submit the form. I have included jstl1.2 in the classpath. Why do I get a tag handler not found warning even if I have included the taglib?
Why do I get a tag handler not found warning even if I have included the taglib?
The jars in an Eclipse Dynamic Web Project that should be deployed to the server must be located in the
\myProject\WebContent\WEB-INF\libs(not in \myProject\webapp\WEB-INF\lib)In a Eclipse Dynamic Web Project the jars in this folder will be automaticly attached to your build path, you must not add them manually.
And get a not found error on j_spring_security_check when I submit the form:
Check that you have the login page mapped to the url
/loginyou can test it simply by enter the url in your broswerAdditional hint
One other thing that is may not so optimal is this statement
Try to write it in this way:
This avoid this nasty weaving of the two tags. Maybe the problem is just that the eclipse editor is a bit confused.