Spring Security redirects to forbidden page(403) -



Spring Security redirects to forbidden page(403) -

i using spring-security on top of spring-mvc application. few points application working on.

home page login page i.e /users(). login menu served html dropdown menu. implementing userdetailsservice() , userdetails() instead of authenticationmanager/provider required person view home page without roles.

current situation :

redirects 403 page mentioned in entrypoint-ref. no thought how redirect user.jsp or /users all examples can find on net somehow show same stuff implementing `authenticationmanager. code :

security-context.xml

<import resource="servlet-context.xml" /> <!-- global security settings --> <security:global-method-security pre-post-annotations="enabled" /> <!-- spring security framework settings --> <security:http pattern="/users" use-expressions="true" auto-config="true" disable-url-rewriting="true" entry-point-ref="formauthenticationentrypoint"> <security:session-management> <security:concurrency-control max-sessions="5" error-if-maximum-exceeded="false"/> </security:session-management> <security:intercept-url pattern="/*" requires-channel="any" access="permitall" /> <security:intercept-url pattern="/**" requires-channel="any" access="permitall" /> </security:http> <!-- queries run on info --> <beans:bean id="formauthenticationentrypoint" class="org.springframework.security.web.authentication.http403forbiddenentrypoint"/> <bean id="loginserviceimplementation" class="com.wirtauschen.service.loginserviceimpl"></bean> <security:authentication-manager alias="authenticationmanager"> <security:authentication-provider user-service-ref="userdetailsservice" /> </security:authentication-manager> </beans>

loginserviceimpl :

@service("userdetailsservice") public class loginserviceimpl implements userdetailsservice{ @autowired private userdao userdao; @autowired private assembler assembler; @override @transactional public userdetails loaduserbyusername(string username) throws usernamenotfoundexception { userdetails userdetails = null; user user = userdao.findbyname(username); if(user == null) { throw new usernamenotfoundexception("wrong username or password");} //never specify 1 homecoming assembler.builduserfromuserentity(user); } }

login-form(part of hompage html code enveloped in user.jsp)

<nav class="col-lg-5 col-md-5 col-sm-5"> <ul class="pull-right"> <li class="purple"><a href="#"><i class="icons icon-user-3"></i> login</a> <ul id="login-dropdown" class="box-dropdown"> <li> <form id="form" action="<c:url value='/login'/>" method="post"> <div class="box-wrapper"> <h4>login</h4> <div class="iconic-input"> <input type="text" placeholder="username" name="username" id="username" value=""> <i class="icons icon-user-3"></i> </div> <div class="iconic-input"> <input type="password" placeholder="password" name="password" id="password" value=""> <i class="icons icon-lock"></i> </div> <input type="checkbox" id="loginremember"> <label for="loginremember">remember me</label> <br> <br> <div class="pull-left"> <input name="submit" type="submit" class="orange" value="login"> </div> <div class="pull-right"> <a href="#">forgot password?</a> <br> <a href="#">forgot username?</a> <br> </div> <br class="clearfix"> </div> <div class="footer"> <h4 class="pull-left">new customer?</h4> <a class="button pull-right" href="create_an_account.html">create account</a> </div> </form> </li> </ul> </li> <li><a href="#"><i class="icons icon-lock"></i> create account</a></li> </ul> </nav>

form-login security-applicationcontext.xml

<security:form-login login-page="/users" default-target-url="/users"/>

any help nice. never knew spring-security nil torture.

update

you have understand how spring works: client tries protected resource (users page, example); if did not login yet, beingness redirected (spring redirects him) login page.

in spring beans.xml declare login page. if set there "/login.html", have create sure have kind of page, login form. after user logs in, spring redirect him /users.

makes sense?

update ii

you can create (like amazon...) landing page (e.g. index.html) public, meaning users can see without logging in. then, there links there 'protected resources', , if user seek click on , protected resource, spring redirect him login page. if wanna that, set 'protected resources' under specific directory (e.g. /secured) , place there protected resources html/jsp/etc. configure in beans.xml: (note here 'welcome' page non-secured, able see without login)

<sec:http pattern="/welcome" security="none" /> <sec:http authentication-manager-ref="authenticationmanager"> <sec:intercept-url pattern="/secure/**" access="role_user" />

spring-mvc spring-security

-

Comments

Post a Comment

Popular posts from this blog

formatting - SAS SQL Datepart function returning odd values -

formatting - SAS SQL Datepart function returning odd values - i'm having massive problem project can't seem right. i'm trying modify info variable in datetime format. first info 30mar12:00:00:00. i've been advised utilize code below returns value 30mar60:5:30:00. want date component , have no thought how info got exported in format wasn't in microsoft access. i've tried several mods code 1 time again comes blank or sends error message. proc sql; update dataset set date = datepart(date); quit; any advice appreciated. i'm guessing variable date numeric , formatted datetime. 1 time you've carried out conversion, alter format date9. sas datetime value number of seconds since 01 jan 1960, whereas dates number of days since 01 jan 1960. both stored numbers, using right format display value key. illustration below. data _null_; a='30mar12:00:00:00'dt; b=datepart(a); c=b; format b datetime. c date9.; set b c; run; ...
Read more

c++ - Apple Mach-O Linker Error(Duplicate Symbols For Architecture armv7) -

c++ - Apple Mach-O Linker Error(Duplicate Symbols For Architecture armv7) - here error: duplicate symbol _objc_metaclass_$_bfapplinkreturntorefererview in: /users/user/documents/facebooksdk/facebooksdk.framework/facebooksdk(bfapplinkreturntorefererview.o) /users/user/desktop/project/project/project/assets/facebook/editor/ios/facebooksdk/facebooksdk.a(bfapplinkreturntorefererview.o) ld: 889 duplicate symbols architecture armv7 clang: error: linker command failed exit code 1 (use -v see invocation) i have searched find solution of error couldn't. there tons of similar error this, 1 hasn't been asked yet. problem shows when add together "-objc" "other linker flags". need add together utilize admob service. problem? how can solve this? i faced same issue while integrating facebook-ios-sdk. because using 3rd party library had bolts.framework linked against it. solution found incorporate facebook-ios-sdk source code hosted on github. ...
Read more

php - Yii 2: Unable to find a class into the extension 'yii2-admin' -

php - Yii 2: Unable to find a class into the extension 'yii2-admin' - extension's github project: https://github.com/mdmsoft/yii2-admin i'm using advanced template of yii2, i've backend , frontend , common folders advanced folder. the advanced folder on same level of vendor folder. i've others extensions , working then installed yii2-admin composer php composer.phar require mdmsoft/yii2-admin "*" installation worked well. into vendor folder i've mdmsoft folder yii2-admin subfolder it. this actual content of v endor/yiisoft/extensions.php (modified composer installation, haven't manually touched it) <?php $vendordir = dirname(__dir__); homecoming array ( 'yiisoft/yii2-jui' => array ( 'name' => 'yiisoft/yii2-jui', 'version' => '2.0.0.0', 'alias' => array ( '@yii/jui' => $vendordir . '/yiisoft/yii2-jui', ...
Read more