Home/ Questions/Q 7764217
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T14:51:16+00:00

I just setup Spring Security and it’s working great. I can log in and

  • 0

I just setup Spring Security and it’s working great. I can log in and out using my custom form. I have logged-in then out multiple times successively with no problem. Oddly, if I try to login with the wrong password, I can no longer log in again – it takes me to the “loginFailed” page every time I try to login after that. Does anyone know how to fix this?

Here is my security-config.xml:

<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security-3.0.3.xsd">


<http use-expressions="true">
    <intercept-url pattern="/secureA.htm" access="isAuthenticated()" /> 
    <intercept-url pattern="/secureB.htm" access="isAuthenticated()" /> 
    <form-login login-page="/login.htm" default-target-url="/secureA.htm" 
        authentication-failure-url="/loginFailed.htm"/>
    <logout logout-success-url="/login" />
</http>

<authentication-manager>
  <authentication-provider>
    <password-encoder hash="sha">
    </password-encoder>
    <user-service>
      <user name="user" password="pass" 
            authorities="ROLE_USER, ROLE_ADMIN" />
    </user-service>
  </authentication-provider>
</authentication-manager>

</beans:beans>

My login form:

<form action="<c:url value='j_spring_security_check' />" method="post">
Username:&nbsp;<input type="text" name="j_username" /><br/>
    Password:&nbsp;<input type="password" name="j_password" /><br/>
    <input type="submit" value="Login" /><br/>
</form>

My login controller:

@Controller
public class LoginController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String welcome(ModelMap m) {
        return "login";
    }

    @RequestMapping(value = "/loginFailed", method = RequestMethod.GET)
    public String failed(ModelMap m) {
        m.addAttribute("error", "Invalid username or password");
        return "login";
    }

    @RequestMapping("logout.htm")
    public String logout(ModelMap m) {
        return "redirect:login.htm";
    }
}
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Well, I don’t know what the problem was, but I was able to resolve it. I just found an older SO post: Spring security blocks user after failed login. Timh’s answer of switching to Spring 3.0.7.RELEASE (from 3.0.6) worked for me. Sorry for double-posting.

    If anyone know why this was happening in 3.0.6, I’d be interested to know.

    • 0