tags:

views:

24

answers:

2
Q: 

How to prevent Spring Security 2.5 from overriding the loading of a Welcome Page (index.html)

Hello -

I have a Spring MVC Web app that I'd like to show a simple Welcome Page (index.html). On that page, I just to have a 2 href links: one to bring me to the Login Page that is then implemented using Spring Security (2.5.6) and Hibernate 3 and the other to a Registration Page for new users.

However, the problem is that Spring Security automatically loads my login page each time and does NOT load the index.html page where I have coded the 2 links to forward me to either login or registration. I am brought to the login page which works fine. However, I never get to show the initial index.html page of my web application.

Can anyone shed light on how to prevent Spring Security from overriding the 'Welcome Page' with it's Login Page.

Many thanks.

Here is my Spring Security set up in web.xml:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        WEB-INF/spring-beans.xml 
        WEB-INF/spring-security.xml
    </param-value>
</context-param>

 <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<welcome-file-list>
    <welcome-file>index.html</welcome-file>

</welcome-file-list>
A: 

use

<form-login login-page="/login.jsp" />

Teja Kantamneni  2010-07-08 20:32:33
+1  A: 

There's nothing wrong with your web.xml file, you need to show us your WEB-INF/spring-security.xml file.

If you keep getting directed to the login page, chances are you mess up the intercept-url pattern that causes your welcome page to be caught by Spring Security for further authentication before displaying it.

This is an example of the intercept-url tags that you will find in your WEB-INF/spring-security.xml file:-

<http auto-config="true" access-denied-page="/accessDenied.jsp">
        <intercept-url pattern="/login.jsp*" filters="none"/>  
        <intercept-url pattern="/admin/searchUsers.do" access="ROLE_ADMIN"  />
        <intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN"  />
        <form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/home.do"/>
        <logout logout-success-url="/home.do"/>
    </http>
limc  2010-07-08 20:33:06
Limc,THANK YOU VERY MUCH for pointing out my error. For the benefit of anyone else that might run into this silly error that cost me over 4 hours today, I accidentally had index.htm* inside one of my intercept-url in the Spring Security section.
checkers  2010-07-08 20:59:10

related questions

Spring MVC Webapp: Where to store paths to common images?
Does anyone know how to successfully integrate Seam and Spring MVC?
Spring - binding to an object rather than a String or primitive
Resource for learning Spring MVC
Best way to validate URL parameters in Spring MVC website?
Spring MVC validation with Annotations
How can I determine what roles are required to access a URL with Spring Security?
Spring MVC tag interaction with custom tag
How does Spring 2.5 map the incoming request data to ModelAttribute command ?
Benefits of using JSTL vs Velocity for view layer in MVC app?
Best Practice for Spring MVC form-backing object tree initialization
How to reuse a Criteria object with hibernate?
What are best practices for preventing stale CSS and JavaScript
Struts or Spring MVC or Struts & Spring?
What are some use cases for various DispatcherServlet.detectAllXxx flags?
How do I bind collection attributes to a form in Spring MVC
Unit tests vs integration tests with Spring
Adding HTTP Headers in a Spring Interceptor postHandle method
Can anyone explain servlet mapping?
Please share your experiences of DWR 3.0 M1 RC2 ?
How best to modify my model in Spring MVC if I care about IOC
Spring MVC : Binding 3 dropdowns to a date property in SimpleFormController
Spring-MVC Problem using @Controller on controller implementing an interface
Annotated Spring-MVC controller not recognized when controller extends interface
What are the best books for Spring and Spring MVC?