spring security 3.1 login not working.

Hi there
I am trying to go through spring in action third edition.
I am trying to implement a basic login and url security. I am not getting any login page. Here is my web.xml

Here is my application context xml name servlet-context.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xmlns:mvc="http://www.springframework.org/schema/mvc"
	xmlns:tx="http://www.springframework.org/schema/tx"
	xmlns:context="http://www.springframework.org/schema/context"
	xmlns:aop="http://www.springframework.org/schema/aop"
	xmlns:jee="http://www.springframework.org/schema/jee"
	xmlns:p="http://www.springframework.org/schema/p"
	xsi:schemaLocation="
        http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
        http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.0.xsd
        http://www.springframework.org/schema/jee http://www.springframework.org/schema/jee/spring-jee-3.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<context:component-scan base-package="com.app" />
	<context:component-scan base-package="com.app.appServices"/>
	<context:component-scan base-package="com.app.dao"/>

<mvc:annotation-driven />
	
	<bean id="tilesConfigurer" class="org.springframework.web.servlet.view.tiles2.TilesConfigurer">
	    <property name="definitions">
	        <list>
	            <value>/WEB-INF/views/frontend.xml</value>
	        </list>
	    </property>
	</bean>

<bean id="tilesViewResolver" class="org.springframework.web.servlet.view.UrlBasedViewResolver">
    <property name="viewClass">
        <value>
            org.springframework.web.servlet.view.tiles2.TilesView
        </value>
    </property>
    <property name="order" value="0"/>
	</bean>
	
	<bean id="viewResolver"
    class="org.springframework.web.servlet.view.InternalResourceViewResolver">
	    <property name="viewClass"
	       value="org.springframework.web.servlet.view.JstlView" />
	    <property name="prefix" value="/WEB-INF/views/" />
	    <property name="suffix" value=".jsp" />
	    <property name="order" value="1"/>
	</bean>
	
	<mvc:resources location="/images/" mapping="/images/**"/>
    <mvc:resources location="/styles/" mapping="/styles/**"/>
    <mvc:resources location="/scripts/" mapping="/scripts/**"/>
	<context:property-placeholder location="WEB-INF/jdbc.properties" />
	
	<bean id="dataSource" 
	 class="org.springframework.jdbc.datasource.DriverManagerDataSource">
	   <property name="driverClassName" value="${database.driver}" />
	   <property name="url" value="${database.url}" />
	   <property name="username" value="${database.user}" />
	   <property name="password" value="${database.password}" />
	</bean>
	
	<context:annotation-config />
	
	<tx:annotation-driven transaction-manager="txManager"/>
	
	<bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate">
		<property name="dataSource">
			<ref bean="dataSource" />
		</property>
	</bean>
	
	<bean id="appService" class="com.app.appServices.ServiceImp">
	</bean>

here is my security xml

I have two controller. for admin I have one controller

I dont have any login or index jsp. when I go to http://localhost:8080/App/admin it gives me 400 page not found error

I don't see you filter mapping in your web.xml

Besides telling that you want to use the SecuriltyDelegatingFilterProxy, you also have to map it to URLs in the web.xml file Usually to all the URLs like you did with the DispatcherServlet in the servlet-mapping.

Mark

Thanks a lot for your reply.

I changed my web.xml.

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<servlet>
		<servlet-name>shuruat</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>
				/WEB-INF/servlet-context.xml
				/WEB-INF/my-security.xml
			</param-value>
		</init-param>
		<load-on-startup>1</load-on-startup>
	</servlet>

<servlet-mapping>
		<servlet-name>shuruat</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>
	
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>
	<filter-mapping>
  		<filter-name>springSecurityFilterChain</filter-name>
  		<url-pattern>/admin/*</url-pattern>
	</filter-mapping>

</web-app>

but now I am getting this error.

TTP Status 500 -

type Exception report

message

description The server encountered an internal error () that prevented it from fulfilling this request.

exception

java.lang.IllegalStateException: No WebApplicationContext found: no ContextLoaderListener registered?
org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:251)
note The full stack trace of the root cause is available in the Apache Tomcat/6.0.33 logs.

I googled some stuff and changed my web.xml to this

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<servlet>
		<servlet-name>shuruat</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<init-param>
			<param-name>contextConfigLocation</param-name>
			<param-value>
				/WEB-INF/shuruat-servlet.xml
				/WEB-INF/my-security.xml
			</param-value>
		</init-param>
		<load-on-startup>2</load-on-startup>
	</servlet>

<servlet-mapping>
		<servlet-name>shuruat</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>
	
	<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/shuruat-servlet.xml,
        			/WEB-INF/my-security.xml
        </param-value>
    </context-param>
    
    
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>
	<filter-mapping>
  		<filter-name>springSecurityFilterChain</filter-name>
  		<url-pattern>/admin/*</url-pattern>
	</filter-mapping>
	
	<listener>
    	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
</web-app>

now wehen I try to go to http://localhost:8080/App/admin url changes to http://localhost:8080/App/spring_security_login and I get this error

HTTP Status 400 -

type Status report

message

description The request sent by the client was syntactically incorrect ().

Apache Tomcat/6.0.33

You duplicated

<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/shuruat-servlet.xml,
/WEB-INF/my-security.xml
</param-value>
</context-param>

in your web.xml

The DispatcherServlet is loading the same config files. So now you have two copies of all those beans.

The DispatcherServlet should load the xml that contains web only components, spring beans.

The ContextLoaderListener should only load the xml that contains the middle tier spring beans.

You will get two ApplicationContexts, one a parent, one a child. and that is what you want.

You last error is that the URL request isn't formed correctly, or that you don't have a URL mapping to your Controller for that URL.

I recommend reading the Spring MVC sections in the Spring documentation to help explain it more.

Thanks

Mark

I dont think thats the issue, but still I changed it because that how it should be.

my new web.xml is

<?xml version="1.0" encoding="UTF-8"?>
<web-app version="2.5" xmlns="http://java.sun.com/xml/ns/javaee"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">

<servlet>
		<servlet-name>shuruat</servlet-name>
		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
		<load-on-startup>1</load-on-startup>
	</servlet>

<servlet-mapping>
		<servlet-name>shuruat</servlet-name>
		<url-pattern>/</url-pattern>
	</servlet-mapping>
	
	
	<listener>
    	<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
	</listener>
	
	<context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>/WEB-INF/shuruat-servlet.xml,
        			/WEB-INF/my-security.xml
        </param-value>
    </context-param>
    
    
	<filter>
		<filter-name>springSecurityFilterChain</filter-name>
		<filter-class>
			org.springframework.web.filter.DelegatingFilterProxy
		</filter-class>
	</filter>
	<filter-mapping>
  		<filter-name>springSecurityFilterChain</filter-name>
  		<url-pattern>/admin1/*</url-pattern>
	</filter-mapping>
	
	
</web-app>

Its still not working what am i doing wrong. I read hundreds of blogs and forum but its still not working. I have posted my all configuration here. and all changes one by one. What am I doing wrong???

In your security context xml file, where are you defining the login page?

I want default login page that spring 3 generates for you. For that I dont need to specify login page right???

Ok, fine.. Yes, then you don't need to define login page in security context file.. In web.xml, you are mapping /admin1/* to spring security filter, so when you request for /admin, this filter is not applied..