File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Spring and the fly likes Spring security not intercepting request Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Java Interview Guide this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Frameworks » Spring
Bookmark "Spring security not intercepting request" Watch "Spring security not intercepting request" New topic

Spring security not intercepting request

karthik chellappan
Ranch Hand

Joined: Jul 01, 2007
Posts: 31
I'm trying to do a basic spring security D/B authentication program.I tried this by two ways i.e.

Method 1 : Using custom tables for Spring Security authentication.
Method 2 : Using Spring security specific database tables for user authentication and authorization.

File Locations:
1. index.jsp -> webapp/index.jsp
2. welcome.jsp -> webapp/pages/welcome.jsp
3. login.jsp -> webapp/pages/login.jsp

For method 1,Spring security was not intercepting request and i didn't see errors in console.Instead of intercepting the request i was directly taken to welcome.jsp.

P.S - Since i was not trying authorization, i didn't use 'authorities-by-username-query' attribute below in security context xml. I'm not sure if its mandatory to create a table for authorization as well.

Below is my security-context.xml:





How can i debug this kind of scenarios effectively if errors are not shown in console. I've already SL4J logging enabled through maven.

For method 2, i created spring specific database tables in the name of “USERS” and “AUTHORITIES” after following linklink. Here SQL query is not used in xml as shown below.

Every thing remains same except for security-context.xml.

when i tried the above way, even though i enter correct user name & password, i was getting 'bad credentials' message [But yes, in this case spring security is intercepting the request]. I'm using Oracle database.

Please guide me where i'm going wrong in both the cases. Advance thanks.

Kathleen Angeles
Ranch Hand

Joined: Aug 06, 2012
Posts: 123

Hi karthik,

I suggest that you start with a simple one first. Try in-memory authentication first. If that works, try other methods like those you tried.

Here is a not-exactly-related-but-might-be-helpful thread - 'Spring security problem' -

- k

[SpringSource Certified Spring Professional (Spring Certification) - Practice Tests]
karthik chellappan
Ranch Hand

Joined: Jul 01, 2007
Posts: 31
Hi Kathleen,

Thanks for the reply. I've tried in-memory authentication and it worked fine for me. But for D/B Authentication i always keep on getting 'Bad credentials' error. I did check the link which you've referred and executed the query manually to check if its working. I found query working without any problem as there was no trailing space issues.

Now I've following 'users_detail' table in D/B :





Data in the 'users_detail' table :


100 user 123456 1

My query is in security-context.xml :

"select username,password, enabled from users_detail where username=?"

when i execute the query manually i.e. select username,password,enabled from users_detail where username='user'. i get the resultsets.

Where am i going wrong ? Why is it that JdbcUserDetailsManager class always return 'Query returned no results for user 'user' ' even though there is an entry for the same in D/B.

DEBUG: - Query returned no results for user 'user'
DEBUG: - User 'user' not found

Debug mode doesn't show which method of JdbcUserDetailsManager class is being executed when i get the above error. How can i know that? Also, does spring internally do any encryption/decryption technique while saving password field?
Mark Spritzler

Joined: Feb 05, 2001
Posts: 17276

OK. First, yes you need both queries whether you are doing Authorization or not. Because you are using the built in JDBC UserDetails Service. Real class name JdbcDaoImpl.

I would also guess for the second example the Encryption MD5 is where the passwords aren't matching. Meaning in the database it is stored plain text, but the incoming login request has it in MD5, so they don't match.

You need to make sure the passwords are stored in the db encrypted MD5.


Perfect World Programming, LLC - iOS Apps
How to Ask Questions the Smart Way FAQ
I agree. Here's the link:
subject: Spring security not intercepting request
It's not a secret anymore!