HTTP Status 405 with Spring Security with Custom Form Login Using JavaConfig
Want a custom login form created with JavaConfig? Here's a neat tutorial, which breaks down initial config, additions, and shows you why.
Join the DZone community and get the full member experience.
Join For FreeI have been working on a 100% JavaConfig version of a custom form authentication Spring MVC application. Most examples use XML configuration, but I know I wanted to implement a solution without any XML.
I have investigated several examples, but here is my initial configuration that does work:
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/", "/index").permitAll()
.antMatchers("/customers/*").access("hasRole('USER')")
.antMatchers("/managers/*").access("hasRole('ADMIN') and hasRole('DBA')")
.and().formLogin().defaultSuccessUrl("/")
.and().anonymous()
.and().rememberMe()
.and().logout().logoutSuccessUrl("/")
.and().csrf()
.and().exceptionHandling().accessDeniedPage("/Access_Denied.html");
http.sessionManagement()
.maximumSessions(1)
.expiredUrl("/expired.html")
.sessionRegistry(sessionRegistry());
}I wanted to use a custom login form, so I added this configuration:
Then I added this login.jsp
<form name='f' action="<c:url value='/j_spring_security_check' />" method='POST'>
<table>
<tr>
<td>User:</td>
<td><input type='text' name='j_username' value=''>
</td>
</tr>
<tr>
<td>Password:</td>
<td><input type='password' name='j_password' />
</td>
</tr>
<tr>
<td colspan='2'><input name="submit" type="submit"
value="submit" />
</td>
</tr>
<tr>
<td colspan='2'><input name="reset" type="reset" />
</td>
</tr>
</table>
<input type="hidden"
name="${_csrf.parameterName}"
value="${_csrf.token}"/>
</form>Now I did test with both /login and /j_security_check as the action.
When using /login, I get an “HTTP 404 Page Not Found” exception, and when I use /j_security_check action, I get a “HTTP Status 405 – Request method ‘POST’ not supported” exception.
I ran across several incidents where using the XML configuration leads to the same error:
But this did not help my specific error.
Here is my updated configuration that finally worked:
.and().formLogin()
.loginPage("/login.jsp")
.loginProcessingUrl("/j_spring_security_check")
.usernameParameter("j_username")
.passwordParameter("j_password")
.permitAll()I can only surmise, that with the JavaConfig for Spring Security, there are several configuration attributes that are set for the default .formLogin(), and unless you explicitly set these attributes, the login.jsp will not execute the correct action.
Published at DZone with permission of Mick Knutson, DZone MVB. See the original article here.
Opinions expressed by DZone contributors are their own.
Comments