custom login page

Support and Announcements for the Tech Java Web Application Platform (setup, configuration, bugs, feedback).
Locked
pauldev
New Member
Posts: 28
Joined: Mon Jan 07, 2013 12:42 pm

custom login page

#1

Post by pauldev »

I am using the lds java stack. I am trying to create my own login page, but I cannot seem to get it to work. Below is my spring config. Anyone see any errors?
<sec:http use-expressions="true" >
<sec:form-login login-processing-url="/static/j_spring_security_check"
login-page="/login"
authentication-failure-url="/login?login_error=t"/>
<sec:logout invalidate-session="true" />
<sec:intercept-url requires-channel="http" pattern="/spring_security_login" access="permitAll" />
<sec:intercept-url pattern="/xmlMetadata/getTn/**" access="permitAll"/>
<sec:intercept-url pattern="/**" access="isAuthenticated() and hasAnyRole( 'admin', 'scan', 'process', 'metadata', 'search')" />


<sec:access-denied-handler error-page="/errors/accessDenied" />
</sec:http>
pauldev
New Member
Posts: 28
Joined: Mon Jan 07, 2013 12:42 pm

Re: custom login page

#2

Post by pauldev »

I noticed that there was not a reply yet to this question...
Robert T helped me solve this last year...
Here is the info that he provided to me that got my code to work.
Just in case you are spinning your wheels on the same thing:

"I've attached a simple example application with a custom login form. The most basic steps are these:

1. If using Spring Web MVC define the login view controller in WEB-INF/<yourapp>-servlet.xml

<mvc:view-controller path="/security/login" />


2. In your applicationContext.xml, define a security rule for your login page to prevent an infinite redirect. To simply disable security, you may insert something like the following:

<sec:http security="none" pattern="/security/login" />

Alternatively, some people prefer to give this page anonymous access by adding an <intercept-url> child element. With security="none", the security context element will be null if you try to use it from on the page. With anonymous access, users will still be able to access the page but they will have an anonymous security context until they authenticate.

3. Configure Spring security to use your custom page by supplying the "login-page" attribute on the <sec:form-login> element.

<sec:http use-expressions="true">
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:form-login login-page="/security/login"/> <!-- custom login -->
<sec:http-basic />
<sec:logout />
</sec:http>

The order of <sec:http> elements is important. The first matching rule will win."
Locked

Return to “Java Web Project Support (Stack)”