Login/Register
Spring security throws javax.servlet.ServletException: Could not resolve view with name 'j_spring_security_check'
Asked Answered
Solved javaspringspring-mvcspring-securitytiles-3
D

2

6

I am trying to add Spring security with customized login page and access to database to my Spring MVC application. It seems like my mapping is wrong as it can not map j_spring_security_check.

To solve the issue I had a look at following pages 1,2,3 but could not solve the issue yet.

If you do not have much time, please read PART 2 below, that is where edited section of the question begins. Otherwise, please read both PART 1 and PART 2.

PART 1

I also added following lines to my web.xml file but the application returns following exceptions.

     <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

Caused by: java.lang.IllegalStateException: Duplicate Filter registration for 'springSecurityFilterChain'. Check to ensure the Filter is only configured once.
    at org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer.registerFilter(AbstractSecurityWebApplicationInitializer.java:215)
    at org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer.insertSpringSecurityFilterChain(AbstractSecurityWebApplicationInitializer.java:147)
    at org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer.onStartup(AbstractSecurityWebApplicationInitializer.java:121)
    at org.springframework.web.SpringServletContainerInitializer.onStartup(SpringServletContainerInitializer.java:175)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5423)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 6 more

Jun 13, 2015 2:44:54 PM org.apache.catalina.core.ContainerBase startInternal
SEVERE: A child container failed during start
java.util.concurrent.ExecutionException: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
    at java.util.concurrent.FutureTask.report(FutureTask.java:122)
    at java.util.concurrent.FutureTask.get(FutureTask.java:188)
    at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1123)
    at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:302)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:732)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:691)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina].StandardHost[localhost]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1559)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1549)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:744)
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
    at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1131)
    at org.apache.catalina.core.StandardHost.startInternal(StandardHost.java:800)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 6 more

Jun 13, 2015 2:44:54 PM org.apache.catalina.startup.Catalina start
SEVERE: The required Server component failed to start so Tomcat is unable to start.
org.apache.catalina.LifecycleException: Failed to start component [StandardServer[8005]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at org.apache.catalina.startup.Catalina.start(Catalina.java:691)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:322)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:456)
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardService[Catalina]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at org.apache.catalina.core.StandardServer.startInternal(StandardServer.java:732)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 7 more
Caused by: org.apache.catalina.LifecycleException: Failed to start component [StandardEngine[Catalina]]
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:154)
    at org.apache.catalina.core.StandardService.startInternal(StandardService.java:443)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 9 more
Caused by: org.apache.catalina.LifecycleException: A child container failed during start
    at org.apache.catalina.core.ContainerBase.startInternal(ContainerBase.java:1131)
    at org.apache.catalina.core.StandardEngine.startInternal(StandardEngine.java:302)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
    ... 11 more

Without adding that filter once the form is submitted the request will be catch by following controller.

@Controller
public class MainController {

    @RequestMapping("/{viewName}")
    public String index(@PathVariable String viewName) {
        ...
    }

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <listener>
        <listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
    </listener>


    <servlet>
        <servlet-name>my</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

<!--    <listener> -->
<!--        <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> -->
<!--    </listener> -->
<!--    <filter> -->
<!--        <filter-name>springSecurityFilterChain</filter-name> -->
<!--        <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> -->
<!--    </filter> -->

<!--    <filter-mapping> -->
<!--        <filter-name>springSecurityFilterChain</filter-name> -->
<!--        <url-pattern>/*</url-pattern> -->
<!--    </filter-mapping> -->


    <servlet-mapping>
      <servlet-name>my</servlet-name>
      <url-pattern>/</url-pattern>
    </servlet-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/config/my-security.xml
        </param-value>
    </context-param>

</web-app>

my-security.xml

<beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans" 
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.2.xsd">


    <http auto-config="true" access-denied-page="/notFound.jsp"
        use-expressions="true">
        <intercept-url pattern="/" access="permitAll" />
    </http>

    <!-- <beans:import resource="security-db.xml" /> -->

    <authentication-manager>
        <authentication-provider>
            <user-service>
                <user name="alex" password="123456" authorities="ROLE_USER" />
                <user name="mkyong" password="123456" authorities="ROLE_USER, ROLE_ADMIN" />
            </user-service>
        </authentication-provider>
    </authentication-manager>
</beans:beans>

AppConfig.java

@EnableWebMvc
@Configuration
@ComponentScan({ "com.myproject.*" })
@EnableTransactionManagement
@Import({ SecurityConfig.class })
public class AppConfig {


    @Bean
    public SessionFactory sessionFactory() {
        LocalSessionFactoryBuilder builder = new LocalSessionFactoryBuilder(
                dataSource());
        builder.scanPackages("com.myproject.model").addProperties(
                getHibernateProperties());
        return builder.buildSessionFactory();
    }

    private Properties getHibernateProperties() {
        Properties prop = new Properties();
        prop.put("hibernate.format_sql", "true");
        prop.put("hiberate.show_sql", "true");
        prop.put("hibernate.dialect", "org.hibernate.dialect.MySQL5Dialect");
        return prop;
    }

    @Bean(name = "dataSource")
    public BasicDataSource dataSource() {
        BasicDataSource ds = new BasicDataSource();
        ds.setDriverClassName("com.mysql.jdbc.Driver");
        ds.setUrl("jdbc:mysql://localhost:3306/test");
        ds.setUsername("jack");
        ds.setPassword("jack");
        return ds;
    }

    @Bean
    public HibernateTransactionManager txManager() {
        return new HibernateTransactionManager(sessionFactory());
    }

}

SecurityConfig.java

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(
                passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/profile/**")
                .access("hasRole('ADMIN')").and().formLogin()
                .loginPage("/signin").failureUrl("/signin?error")
                .usernameParameter("username").passwordParameter("password")
                .and().logout().logoutSuccessUrl("/index").and().csrf().and()
                .exceptionHandling().accessDeniedPage("/403");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

}

SpringMVCInitializer.java

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;

public class SpringMvcInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { AppConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

}

LoginController.java

@Controller
public class LoginController {

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ModelAndView login(
            @RequestParam(value = "error", required = false) String error,
            @RequestParam(value = "logout", required = false) String logout) {

        ModelAndView model = new ModelAndView();
        if (error != null) {
            model.addObject("error", "Invalid username and password!");
        }

        if (logout != null) {
            model.addObject("msg", "You've been logged out successfully.");
        }
        model.setViewName("login");

        return model;

    }
}

**

PART 2

Based on Thomas's suggestions I changed the code as following

**

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns="http://java.sun.com/xml/ns/javaee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee 
          http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
    version="3.0">
    <listener>
        <listener-class>org.apache.tiles.extras.complete.CompleteAutoloadTilesListener</listener-class>
    </listener>


    <servlet>
        <servlet-name>my</servlet-name>
        <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>

    <servlet-mapping>
      <servlet-name>my</servlet-name>
      <url-pattern>/</url-pattern>
    </servlet-mapping>



</web-app>

AppConfig.java

@EnableWebMvc
@Configuration
@ComponentScan({ "com.myproject" })
@EnableTransactionManagement
@Import({ SecurityConfig.class })
public class AppConfig {

    @Bean
    public SessionFactory sessionFactory() {
        LocalSessionFactoryBuilder builder = new LocalSessionFactoryBuilder(
                dataSource());
        builder.scanPackages("com.myproject.model").addProperties(
                getHibernateProperties());
        return builder.buildSessionFactory();
    }

    private Properties getHibernateProperties() {
        Properties prop = new Properties();
        prop.put("hibernate.format_sql", "true");
        prop.put("hiberate.show_sql", "true");
        prop.put("hibernate.dialect", "org.hibernate.dialect.MySQL5Dialect");
        return prop;
    }

    @Bean(name = "dataSource")
    public BasicDataSource dataSource() {
        BasicDataSource ds = new BasicDataSource();
        ds.setDriverClassName("com.mysql.jdbc.Driver");
        ds.setUrl("jdbc:mysql://localhost:3306/test");
        ds.setUsername("jack");
        ds.setPassword("jack");
        return ds;
    }

    @Bean
    public HibernateTransactionManager txManager() {
        return new HibernateTransactionManager(sessionFactory());
    }

}

SecurityConfig.java

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Autowired
    @Qualifier("userDetailsService")
    UserDetailsService userDetailsService;

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("password").roles("USER");
//      auth.userDetailsService(userDetailsService).passwordEncoder(
//              passwordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/profile/**")
                .access("hasRole('ADMIN')").and().formLogin()
                .loginPage("/login").failureUrl("/login?error")
                .and().logout().logoutSuccessUrl("/index").and().csrf().and()
                .exceptionHandling().accessDeniedPage("/403");
    }

    @Bean
    public PasswordEncoder passwordEncoder() {
        PasswordEncoder encoder = new BCryptPasswordEncoder();
        return encoder;
    }

}

SpringMVCInitializer.java

public class SpringMvcInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { AppConfig.class };
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

}

MainController

@Controller
public class MainController {

    @RequestMapping("/{viewName}")
    public String index(@PathVariable String viewName) {
        System.err.println("View Name is :" + viewName);
        if (isValidView(viewName)) {
            return viewName;
        }
        return null;
    }

Regarding MainController, this is the way that I handle static pages such as www.myproject.com/index, www.myproject.com/contactus etc. My other question regarding this issue is here

Daltondaltonism answered 13/6, 2015 at 5:15 Comment(0)
A
1

I would highly suggest you to follow either Java or XML config. I personally prefer Java config.

  • Remove all Spring Security related XML configs and create following files.

  • Amend the permission addresses to whatever you have.

    public class MessageSecurityWebApplicationInitializer extends
        AbstractSecurityWebApplicationInitializer { //register the springSecurityFilterChain with the war

}


public class MessageWebApplicationInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { SecurityConfig.class }; //make sure your config file gets loaded
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        // TODO Auto-generated method stub
        return null;
    }


   @Configuration
   @EnableWebMvcSecurity
   public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        System.err.println("in here");
        auth.inMemoryAuthentication().withUser("[email protected]")
                .password("password").roles("USER"); //access to inmemory credentials
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
                .antMatchers("/resources/**", "/", "/index", "/aboutus")
                .permitAll() //allow access to your static pages and resources
                .antMatchers("/profile/**")
                .hasRole("USER") //profile address is only available to users ( do not need to add ROLE_ as Spring does it for you)
                .and() //and is equivalent of end tag in XML 
                .formLogin().loginPage("/signin").failureUrl("/signin?error")
                .permitAll().and().logout().logoutUrl("/singout").permitAll();
    }

For further explanation and to access to DB refer to the documentation

Arvillaarvin answered 19/6, 2015 at 12:29 Comment(0)
H
3

There are several issues in your code. The most important one is that you are mixing the Java configuration and the XML configuration for Spring Security. Decide which configuration you prefer to use. In my answer, I will focus on the Java-based configuration, as I would completely remove the XML configuration from your code.

In your case, the @EnableWebSecurity annotation by default already registers the appropriate filters. But if your are using the Spring MVC, it should rather be @EnableWebMvcSecurity.

Furthermore, look at your HttpSecurity configuration:

 protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/profile/**")
                .access("hasRole('ADMIN')").and().formLogin()
                .loginPage("/signin").failureUrl("/signin?error")
                .usernameParameter("username").passwordParameter("password")
                .and().logout().logoutSuccessUrl("/index").and().csrf().and()
                .exceptionHandling().accessDeniedPage("/403");
}

You are obviously telling that login page will be at /signin, but in your LoginController the mapping is for /login. And what for you config the .usernameParameter("username") .passwordParameter("password")? It's already done this way in Spring Security default configuration.

You should also add the SecurityInitializer class, which in Spring Security 3.2 can look like this:

public class SecurityInitializer extends AbstractSecurityWebApplicationInitializer {

    public SecurityInitializer() {
        super(SecurityConfig.class);
    }
}

So to sum up, the basic steps to add the Spring Security to your project is to do the following:

  1. Add the appropriate (Maven, Gradle) dependencies for Spring Security;
  2. Configure the Spring Security class annotated with @EnableWebMvcSecurity, especially in configureGlobal(...) and configure(...) methods;
  3. Register the class extending AbstractSecurityWebApplicationInitializer;
  4. Provide the mapping for login page in your controller and write down the custom form in JSP page.

The basic login form can look like this:

    <form name='loginForm' method='POST'>

      <table>
        <tr>
            <td>User:</td>
            <td><input type='text' name='username' value=''></td>
        </tr>
        <tr>
            <td>Password:</td>
            <td><input type='password' name='password' /></td>
        </tr>
        <tr>
            <td colspan='2'><input name="submit" type="submit"
                value="submit" /></td>
        </tr>
      </table>

      <input type="hidden" name="${_csrf.parameterName}"
        value="${_csrf.token}" />

    </form>

These basic steps enable the Spring Security in your project. For more information, the good tutorials are: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/hellomvc.html http://docs.spring.io/spring-security/site/docs/3.2.x/guides/form.html

Good luck :)

Hypotenuse answered 13/6, 2015 at 10:48 Comment(11)
thanks, does the form need 'action' attribute? Is it possible to upgrade it to spring-security version 4? the latest version of it?Daltondaltonism
I suppose yes, but I have never used the 4.x version. Try it and please tell me if there are some changes required. Regarding the 'action' attribute, it is not necessary if you want to post the authentication data to the same path , e.g. /login or /signin - in your code that is the case.Hypotenuse
I changed the dependencies to the version suggested in your link 3.2.7.RELEASE, also changed signin to login and changed body of configureGlobal to auth.inMemoryAuthentication().withUser("user").password("password").roles("USER"); It is still showing the same error message. I know it is because of controller but not sure what to do.Daltondaltonism
What error message? "IllegalStateException: Duplicate Filter registration for 'springSecurityFilterChain'. Check to ensure the Filter is only configured once."? Have you removed my-security.xml and all the tags related to Spring Security from web.xml? And the @Import({ SecurityConfig.class }) from AppConfig class?Hypotenuse
the error is javax.servlet.ServletException: Could not resolve view with name 'j_spring_security_check'. I commented all spring-security related lines in my web.xml, when I run the code it throws previous exception and the address will become localhost:8080/myProject/j_spring_security_checkDaltondaltonism
Without all the source code I can just guessing now, but the mapping in your MainController is not acceptable. You should not do this @RequestMapping("/{viewName}"). It may catch all the requests like: localhost:8080/myProject/{something}. Remove this method and also remove the asterisk from @ComponentScan({ "com.myproject" }) it will scan all the subpackages also.Hypotenuse
I see then how to deal with static pages?Daltondaltonism
In Spring MVC the dispatcher servlet is responsible for translating the request paths to controllers methods, hence one @RequestMapping method in your controller will resolve one static (or JSP) page. Good basic tutorial: byteslounge.com/tutorials/spring-mvc-requestmapping-example. In your case, I would first check if all the application paths (including /login) are resolved correctly without the Spring Security dependencies, and only then you can secure them.Hypotenuse
I am not sure what you mean by "first check if all the application paths are resolved correclty etc" all the paths are working. I will update the question shortly.Daltondaltonism
Let us continue this discussion in chat.Daltondaltonism
The question is updated. If you are concerned with the 'MainController' please let me know what should I replace it with to handle static pages such as www.myproject.com/index, www.myproject.com/login, www.myproject.com/contactus please note I am using Tiles3.Daltondaltonism
A
1

I would highly suggest you to follow either Java or XML config. I personally prefer Java config.

  • Remove all Spring Security related XML configs and create following files.

  • Amend the permission addresses to whatever you have.

    public class MessageSecurityWebApplicationInitializer extends
        AbstractSecurityWebApplicationInitializer { //register the springSecurityFilterChain with the war

}


public class MessageWebApplicationInitializer extends
        AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() {
        return new Class[] { SecurityConfig.class }; //make sure your config file gets loaded
    }

    @Override
    protected Class<?>[] getServletConfigClasses() {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        // TODO Auto-generated method stub
        return null;
    }


   @Configuration
   @EnableWebMvcSecurity
   public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Autowired
        public void configureGlobal(AuthenticationManagerBuilder auth)
            throws Exception {
        System.err.println("in here");
        auth.inMemoryAuthentication().withUser("[email protected]")
                .password("password").roles("USER"); //access to inmemory credentials
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
                .antMatchers("/resources/**", "/", "/index", "/aboutus")
                .permitAll() //allow access to your static pages and resources
                .antMatchers("/profile/**")
                .hasRole("USER") //profile address is only available to users ( do not need to add ROLE_ as Spring does it for you)
                .and() //and is equivalent of end tag in XML 
                .formLogin().loginPage("/signin").failureUrl("/signin?error")
                .permitAll().and().logout().logoutUrl("/singout").permitAll();
    }

For further explanation and to access to DB refer to the documentation

Arvillaarvin answered 19/6, 2015 at 12:29 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.