Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

BadCredentialsException after migrating to Spring Security 3.1

 
Darshan Shroff
Greenhorn
Posts: 12
Java Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have recently upgraded to spring-security-xxx-3.1.0 from 3.0.5.
In 3.0.5, i was using filters=none tag in the intercept-url tag for unprotecting urls.
Since it is not availible now in 3.1, i had to modify my security config xml to use security=none and it now looks as below :-




At app startup, the login page shows up. User Enters details. Login is successful. home.action is displayed.
I try browsing in the application, trying any other secured xyz.action. The application logs out automatically, with login page being shown.

The error stack trace i get from Spring is as below :-



Any pointers as to what i am doing wrong. ?
Not much help available on the web for 3.1. I am thinking of going back to 3.0.5.

Regards,
Darshan Shroff
http://in.linkedin.com/in/darshanshroff
 
Guy Korland
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Did you find a way to work around this issue?
 
Darshan Shroff
Greenhorn
Posts: 12
Java Spring Tomcat Server
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I see my application is still running on 3.0.5. So i probably gave up after trying for a couple of hours.

 
Bill Gorder
Bartender
Posts: 1682
7
Android IntelliJ IDE Linux Mac OS X Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
From the Spring Security doc

´╗┐The use of multiple <http> elements is an important feature, allowing the namespace to simultaneously support both stateful and stateless paths within the same application, for example. The previous syntax, using the attribute filters="none" on an intercept-url element is incompatible with this change and is no longer supported in 3.1.


Read the below link for more details:
http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ns-form-and-basic

also a post here on the same:
http://raibledesigns.com/rd/tags/spring

Try adding a * after your patterns



also for the login page you can try adding a intercept URL for it although I don't think you should have to do this.



 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic