my dog learned polymorphism*
The moose likes Spring and the fly likes BadCredentialsException after migrating to Spring Security 3.1 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Frameworks » Spring
Bookmark "BadCredentialsException after migrating to Spring Security 3.1 " Watch "BadCredentialsException after migrating to Spring Security 3.1 " New topic
Author

BadCredentialsException after migrating to Spring Security 3.1

Darshan Shroff
Greenhorn

Joined: Nov 25, 2009
Posts: 12

I have recently upgraded to spring-security-xxx-3.1.0 from 3.0.5.
In 3.0.5, i was using filters=none tag in the intercept-url tag for unprotecting urls.
Since it is not availible now in 3.1, i had to modify my security config xml to use security=none and it now looks as below :-




At app startup, the login page shows up. User Enters details. Login is successful. home.action is displayed.
I try browsing in the application, trying any other secured xyz.action. The application logs out automatically, with login page being shown.

The error stack trace i get from Spring is as below :-



Any pointers as to what i am doing wrong. ?
Not much help available on the web for 3.1. I am thinking of going back to 3.0.5.

Regards,
Darshan Shroff
http://in.linkedin.com/in/darshanshroff
Guy Korland
Greenhorn

Joined: Aug 16, 2012
Posts: 1
Did you find a way to work around this issue?
Darshan Shroff
Greenhorn

Joined: Nov 25, 2009
Posts: 12

I see my application is still running on 3.0.5. So i probably gave up after trying for a couple of hours.

Bill Gorder
Bartender

Joined: Mar 07, 2010
Posts: 1652
    
    7

From the Spring Security doc

´╗┐The use of multiple <http> elements is an important feature, allowing the namespace to simultaneously support both stateful and stateless paths within the same application, for example. The previous syntax, using the attribute filters="none" on an intercept-url element is incompatible with this change and is no longer supported in 3.1.


Read the below link for more details:
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic

also a post here on the same:
http://raibledesigns.com/rd/tags/spring

Try adding a * after your patterns



also for the login page you can try adding a intercept URL for it although I don't think you should have to do this.




[How To Ask Questions][Read before you PM me]
 
GeeCON Prague 2014
 
subject: BadCredentialsException after migrating to Spring Security 3.1