Witam. Mam problem z autentykacją podczas logowania.
Ale od początku:
web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd ">
<servlet>
<servlet-name>myapp</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>myapp</servlet-name>
<url-pattern>*.html</url-pattern>
</servlet-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<listener>
<listener-class>org.springframework.security.web.session.HttpSessionEventPublisher</listener-class>
</listener>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/myappContext.xml
/WEB-INF/myapp-servlet.xml
/WEB-INF/security-context.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CharacterEncodingFilter</filter-name>
<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
<init-param>
<param-name>forceEncoding</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CharacterEncodingFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>/index.html</welcome-file>
</welcome-file-list>
</web-app>
myapp-servlet.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.1.xsd">
<mvc:annotation-driven />
<mvc:view-controller path="/index.html" view-name="index" />
<mvc:view-controller path="/login.html" view-name="login" />
<context:component-scan base-package="myapp.web" />
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="prefix" value="/WEB-INF/pages/" />
<property name="suffix" value=".jsp" />
</bean>
</beans>
security-context.xml
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:jee="http://www.springframework.org/schema/jee"
xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.2.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.2.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd">
<sec:http use-expressions="true">
<sec:form-login login-page="/login.html"
authentication-failure-url="/login.html"
login-processing-url="/j_spring_security_check"
default-target-url="/index.html"/>
<sec:logout logout-url="/j_spring_security_logout"
logout-success-url="/index.html"
delete-cookies="JSESSIONID"/>
<sec:intercept-url pattern="/admin/*" access="hasRole(ROLE_ADMIN)"/>
</sec:http>
<sec:authentication-manager>
<sec:authentication-provider>
<sec:jdbc-user-service data-source-ref="dataSource"/>
<sec:password-encoder hash="plaintext">
<sec:salt-source user-property="username"/>
</sec:password-encoder>
</sec:authentication-provider>
</sec:authentication-manager>
</beans:beans>
Problem polega na tym, że za każdym razem kiedy próbuję się zalogować dostaję w logach:
2013-03-12 18:59:46,609 [] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-03-12 18:59:50,453 [] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-03-12 18:59:50,453 [] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-03-12 18:59:50,453 [] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@78aad8. A new one will be created.
2013-03-12 18:59:50,453 [] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter'
2013-03-12 18:59:50,453 [] DEBUG org.springframework.security.web.FilterChainProxy - /j_spring_security_check at position 3 of 9 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-03-12 18:59:50,453 [] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Request is to process authentication
2013-03-12 18:59:50,468 [] DEBUG org.springframework.security.authentication.ProviderManager - Authentication attempt using org.springframework.security.authentication.dao.DaoAuthenticationProvider
2013-03-12 18:59:50,562 [] DEBUG org.springframework.jdbc.core.JdbcTemplate - Executing prepared SQL query
2013-03-12 18:59:50,562 [] DEBUG org.springframework.jdbc.core.JdbcTemplate - Executing prepared SQL statement [select username,password,enabled from users where username = ?]
2013-03-12 18:59:50,640 [] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2013-03-12 18:59:52,437 [] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2013-03-12 18:59:52,484 [] DEBUG org.springframework.jdbc.core.JdbcTemplate - Executing prepared SQL query
2013-03-12 18:59:52,484 [] DEBUG org.springframework.jdbc.core.JdbcTemplate - Executing prepared SQL statement [select username,authority from authorities where username = ?]
2013-03-12 18:59:52,484 [] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - Fetching JDBC Connection from DataSource
2013-03-12 18:59:52,500 [] DEBUG org.springframework.jdbc.datasource.DataSourceUtils - Returning JDBC Connection to DataSource
2013-03-12 18:59:52,546 [] DEBUG org.springframework.security.authentication.dao.DaoAuthenticationProvider - Authentication failed: password does not match stored value
2013-03-12 18:59:52,546 [] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Authentication request failed: org.springframework.security.authentication.BadCredentialsException: Bad credentials
2013-03-12 18:59:52,546 [] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Updated SecurityContextHolder to contain null Authentication
2013-03-12 18:59:52,546 [] DEBUG org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter - Delegating to authentication failure handler org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler@31d0fc
2013-03-12 18:59:52,546 [] DEBUG org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler - Redirecting to /login.html
2013-03-12 18:59:52,562 [] DEBUG org.springframework.security.web.DefaultRedirectStrategy - Redirecting to '/myapp/login.html'
2013-03-12 18:59:52,562 [] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-03-12 18:59:52,562 [] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 1 of 9 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@78aad8. A new one will be created.
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 2 of 9 in additional filter chain; firing Filter: 'LogoutFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 3 of 9 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 4 of 9 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 5 of 9 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 6 of 9 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9056f12c: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@380f4: RemoteIpAddress: 127.0.0.1; SessionId: 8E0D9763737FE0D4407455332F035572; Granted Authorities: ROLE_ANONYMOUS'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 7 of 9 in additional filter chain; firing Filter: 'SessionManagementFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 8 of 9 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html at position 9 of 9 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/login.html'; against '/admin/*'
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Public object - authentication not attempted
2013-03-12 18:59:52,625 [] DEBUG org.springframework.security.web.FilterChainProxy - /login.html reached end of additional filter chain; proceeding with original chain
2013-03-12 18:59:52,625 [] DEBUG org.springframework.web.servlet.DispatcherServlet - DispatcherServlet with name 'myapp' processing GET request for [/myapp/login.html]
2013-03-12 18:59:52,625 [] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Looking up handler method for path /login.html
2013-03-12 18:59:52,625 [] DEBUG org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping - Did not find handler method for [/login.html]
2013-03-12 18:59:52,625 [] DEBUG org.springframework.web.servlet.handler.SimpleUrlHandlerMapping - Mapping [/login.html] to HandlerExecutionChain with handler [org.springframework.web.servlet.mvc.ParameterizableViewController@1a1f51c] and 1 interceptor
2013-03-12 18:59:52,625 [] DEBUG org.springframework.web.servlet.DispatcherServlet - Last-Modified value for [/myapp/login.html] is: -1
2013-03-12 18:59:52,625 [] DEBUG org.springframework.web.servlet.DispatcherServlet - Rendering view [org.springframework.web.servlet.view.JstlView: name 'login'; URL [/WEB-INF/pages/login.jsp]] in DispatcherServlet with name 'myapp'
2013-03-12 18:59:52,640 [] DEBUG org.springframework.web.servlet.view.JstlView - Forwarding to resource [/WEB-INF/pages/login.jsp] in InternalResourceView 'login'
2013-03-12 18:59:52,656 [] DEBUG org.springframework.security.web.context.HttpSessionSecurityContextRepository - SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2013-03-12 18:59:52,671 [] DEBUG org.springframework.web.servlet.DispatcherServlet - Successfully completed request
2013-03-12 18:59:52,671 [] DEBUG org.springframework.security.web.access.ExceptionTranslationFilter - Chain processed normally
2013-03-12 18:59:52,671 [] DEBUG org.springframework.security.web.context.SecurityContextPersistenceFilter - SecurityContextHolder now cleared, as request processing completed
Proszę o pomoc w zdiagnozowaniu co jest nie tak... Bo nie mam już pomysłów.