Over a million developers have joined DZone.

HTTP Status 405 with Spring Security with Custom Form Login Using JavaConfig

Want a custom login form created with JavaConfig? Here's a neat tutorial, which breaks down initial config, additions, and shows you why.

· Performance Zone

Download Forrester’s “Vendor Landscape, Application Performance Management” report that examines the evolving role of APM as a key driver of customer satisfaction and business success, brought to you in partnership with BMC.

I have been working on a 100% JavaConfig version of a custom form authentication Spring MVC application. Most examples use XML configuration, but I know I wanted to implement a solution without any XML.

I have investigated several examples, but here is my initial configuration that does work:

    protected void configure(final HttpSecurity http) throws Exception {
            .antMatchers("/", "/index").permitAll()
            .antMatchers("/managers/*").access("hasRole('ADMIN') and hasRole('DBA')")


I wanted to use a custom login form, so I added this configuration:

Then I added this login.jsp

<form name='f' action="<c:url value='/j_spring_security_check' />" method='POST'>
            <td><input type='text' name='j_username' value=''>
            <td><input type='password' name='j_password' />
            <td colspan='2'><input name="submit" type="submit"
                                   value="submit" />
            <td colspan='2'><input name="reset" type="reset" />
    <input type="hidden"

Now I did test with both /login and /j_security_check as the action.

When using /login, I get an “HTTP 404 Page Not Found” exception, and when I use /j_security_check action, I get a “HTTP Status 405 – Request method ‘POST’ not supported” exception.

I ran across several incidents where using the XML configuration leads to the same error:


But this did not help my specific error.

Here is my updated configuration that finally worked:


I can only surmise, that with the JavaConfig for Spring Security, there are several configuration attributes that are set for the default .formLogin(), and unless you explicitly set these attributes, the login.jsp will not execute the correct action.

See Forrester’s Report, “Vendor Landscape, Application Performance Management” to identify the right vendor to help IT deliver better service at a lower cost, brought to you in partnership with BMC.


Published at DZone with permission of Mick Knutson, DZone MVB. See the original article here.

Opinions expressed by DZone contributors are their own.

The best of DZone straight to your inbox.

Please provide a valid email address.

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}