What should be happening is that your form should capture the user name and password and do a POST to the j_spring_security_check
entry point the credentials as parameters; e.g.
/accounts/j_spring_security_check?j_username=guest&j_password=guest
This is then supposed to check them, and if they are correct, add the details to the user's session and redirect back to the page that the user was trying to access in the first place.
However, it looks like the request to the j_spring_security_check
URL is being redirected by the filter chain.
I can think of two possible causes:
The security check URL
"/accounts/j_spring_security_check"
might not be right. You could try"/j_spring_security_check"
instead.The
<intercept-url>
elements have been configured so that requests to the security check URL require some authorities. (In this case, the catch-all element for the"/**"
seems to be the problem.) That is incorrect. You need to configure the<intercept-url>
elements to allow requests to the security check URL when the requestor is anonymous.