Home/ Questions/Q 8540939
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-11T11:42:43+00:00

I’m trying to set up spring security, I have a controller which forwards to

  • 0

I’m trying to set up spring security, I have a controller which forwards to a login page after valdiation failure. But my interecept does not seem to pick it up…

Contoller fragment:

if (validation not successful) {
   return "login";
}

In my xml I have:

<security:intercept-url pattern="/login*" access="ROLE_USER" />

but this fails, I get the following error:

The requested resource (/myapp/WEB-INF/jsp/login.jsp) is not available.

How can I get it to interecept the login forward?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    If user is not logged yet, it means he doesn’t have ROLE_USER, so Spring Security won’t allow to access /login.

    Add use-expressions="true" to <http> element and change intercept line to this:

    <http use-expressions="true">
  <!-- ... -->
  <security:intercept-url pattern="/login*" access="permitAll" />

    Plus, make sure that login.jsp is under /WEB-INF/jsp/login.jsp.

    EDIT after comment:

    Seem that you have no Spring Security config at all, so begin with this:

    <http auto-config='true' use-expressions="true">
  <intercept-url pattern="/login*" access="permitAll"/>
  <intercept-url pattern="/**" access="ROLE_USER" />
  <!-- use login-page='/login' assuming you've got 
       Spring MVC configured to redirect to login.jsp -->
  <form-login login-page='/login'/>
</http>

    or, if you’re using Spring Security 3.1:

    <http pattern="/login" security="none" />
<http auto-config='true'>
  <intercept-url pattern="/**" access="ROLE_USER" />
  <!-- use login-page='/login' assuming you've got 
       Spring MVC configured to redirect to login.jsp -->
  <form-login login-page='/login'/>
</http>

    Create /WEB-INF/jsp/login.jsp file with example content:

    <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<html>
<head>
<title>Login Page</title>
</head>
<body>
    <h3>Login</h3>

    <c:if test="${not empty error}">
        <div class="errorblock">
            Your login attempt was not successful, try again.<br /> Caused :
            ${sessionScope["SPRING_SECURITY_LAST_EXCEPTION"].message}
        </div>
    </c:if>

    <form name='f' action="<c:url value='j_spring_security_check' />"
        method='POST'>

        <table>
            <tr>
                <td>User:</td>
                <td><input type='text' name='j_username' value=''>
                </td>
            </tr>
            <tr>
                <td>Password:</td>
                <td><input type='password' name='j_password' />
                </td>
            </tr>
            <tr>
                <td colspan='2'><input name="submit" type="submit"
                    value="submit" />
                </td>
            </tr>
        </table>

    </form>
</body>
</html>

    And what’s more, please read about Spring Security, because these are really basics of this framework.

    • 0