0

I get a 404 error when I try to access a Spring Security protected URL after I have successfully logged in, but do not get the error when I do not protect the URL with Spring Security.

I am using Spring-MVC, Spring Security and Hibernate. I have tried to get what the problem might be, but have totally failed. I need your help guys.

My spring-security.xml file is as:

<http auto-config="true">
    <intercept-url pattern="/sec/*" access="ROLE_USER" />
    <form-login login-page="/login"  
                authentication-success-handler-ref="successHandler" authentication-failure-handler-ref="failureHandler" 
                authentication-failure-url="/login/error" />
    <remember-me/>
    <logout logout-success-url="/login" />
    <access-denied-handler error-page="/403"/>
</http>

The dispatcher-servlet.xml is as:

<mvc:annotation-driven/>

<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer" p:definitions="/WEB-INF/tiles.xml" />

<bean id="viewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
    <property name="viewClass" value="org.springframework.web.servlet.view.tiles2.TilesView"/>
</bean>

<bean id="messageSource" class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
<property name="basename" value="/WEB-INF/application"/>
<property name="cacheSeconds" value="1"/>

and web.xml is as:

<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/dispatcher-servlet.xml,                      
            /WEB-INF/spring-security.xml,                     
            /WEB-INF/applicationContext.xml,
            /WEB-INF/spring-db.xml
        </param-value>
    </context-param>
    <filter>
        <filter-name>hibernateSessionInViewFilter</filter-name>
        <filter-class>org.springframework.orm.hibernate3.support.OpenSessionInViewFilter</filter-class>
        <init-param>
            <param-name>sessionFactoryBeanName</param-name>
            <param-value>sessionFactory</param-value>
        </init-param>
        <init-param>
            <param-name>flushMode</param-name>
            <param-value>ALWAYS</param-value>
        </init-param>
        <init-param>
            <param-name>singleSession</param-name>
            <param-value>true</param-value>
        </init-param>
    </filter>
    <filter-mapping>
        <filter-name>hibernateSessionInViewFilter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <listener>
        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
    </listener>
    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>
    <listener>
        <listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
    </listener>
    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>
    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>
    <welcome-file-list>
        <welcome-file>redirect.jsp</welcome-file>
    </welcome-file-list>

Note that the Spring Security Authentication works just fine. Its the urls it protects that kind of are no longer being mapped by the dispatcher. Someone please help me solve this. Thank you in advance.

AllanM
  • 36
  • 3
  • did your session enabled? what app server u used? – Daniel Robertus Jun 20 '13 at 09:00
  • i am using tomcat server. I also tried glassfish and it yielded the same results. – AllanM Jun 20 '13 at 09:09
  • `authentication-failure-url="/login/error"` did your `/login/error` works properly? try it with spring security and without it. – Daniel Robertus Jun 20 '13 at 09:15
  • Thanx Daniel for your time. The failure url works since its access is anonymous – AllanM Jun 20 '13 at 10:23
  • You are loading `dispatcher-servlet.xml` twice! Once in your root config and once for your servlet (`DispatcherServlet` loads its own configuration by default from `/WEB-INF/{servletName}-servlet.xml`). Just remove it from the `contextConfigLocation` parameter and it might solve some of the strange behavior. – Pavel Horal Jun 20 '13 at 15:10
  • Hey Pavel, even with the suggested change, the url still throws a 404 error – AllanM Jun 21 '13 at 05:11

1 Answers1

0

I have got the problem. I had set the wrong role in the database for the user I was trying to log in as. So essentially its a 403 error of which I hadn't mapped the 403 handling page hence throwing the 404 error. Thanx to all those who tried to help.

AllanM
  • 36
  • 3