I am using spring security framework integrated with Struts2, Spring and Hibernate.
<David:http auto-config="true" access-denied-page="/accessDenied.html">
<!-- Don`t set any role restriction on login.jsp -->
<David:intercept-url pattern="/login.jsp"
access="IS_AUTHENTICATED_ANONYMOUSLY" />
<!-- Restrict access to All other pages -->
<David:intercept-url pattern="/admin.jsp"
access="ROLE_ADMIN" />
<!-- Set the login page and what to do if login fails -->
<David:form-login login-page="/login.jsp"
authentication-failure-url="/accessdenied.html?login_error=1"
default-target-url="/index.jsp"/>
<David:logout logout-success-url="/index.jsp" />
</David:http>
<!-- Specify login examnination strategy -->
<David:authentication-provider>
<David:password-encoder hash="md5" />
<David:jdbc-user-service
data-source-ref="dataSource"
users-by-username-query="select username, password, status as enabled from user where username=?"
authorities-by-username-query="select u.username,r.name as authority
from user u
join user_role ur
on u.id=ur.user_id
join role r
on r.id=ur.role_id
where u.username=?" />
</David:authentication-provider>
This is my security configuration page.
The issue is that the login form page will not direct to the success page or failure page based on whatever I input, even though the password and account are both correct.
But I am 100% sure that spring security framework is working.
Because, I cannot directly access the admin page by typing the URL in url address column. I have to provide the correct password and username However, THE ISSUE is it cannot AUTO-DIRECT.......................
Why was that???
Thanks