Spring Security 4 Throws HTTP Status 404 Error in One Machine But Works Fine In Another
I am working in developing a Java application that runs on Glassfish 4.1 and uses Spring Security 4.2.0 for user authentication. Spring Security has been working fine in my development environment as well as in the production server for several months now, meaning that I can succesfully authenticate against user credentials stored in the respective server (development or production), and get redirected to the application's main page afterwards.
But this week, another developer in my company started working on the project, and after getting the source code and configuring his development environment, when he runs the application, after hitting the login button, he will get this every single time:
These are the files I used to configure Spring Security's authentication in my application:
Web.xml
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
applicationContext.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:jee="http://www.springframework.org/schema/jee"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/jee
http://www.springframework.org/schema/jee/spring-jee.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login*" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')" />
<form-login
login-page="/login.jsp"
default-target-url="/BMSim.html"
always-use-default-target="true"
authentication-failure-url="/login.jsp?error"
username-parameter="username"
password-parameter="password" />
<logout logout-url="/logout" logout-success-url="/login.jsp?logout" />
<!-- disable csrf protection -->
<csrf disabled="true"/>
<!-- allow SmartGWT to create frames and call servlets from there -->
<headers>
<frame-options policy="SAMEORIGIN" />
</headers>
</http>
<jee:jndi-lookup id="dataSource" jndi-name="jdbc/BMSim" expected-type="javax.sql.DataSource" />
<authentication-manager>
<authentication-provider>
<jdbc-user-service data-source-ref="dataSource"
users-by-username-query="select username,password, enabled from users where username=?"
authorities-by-username-query="select username, authority from authorities where username =? " />
</authentication-provider>
</authentication-manager>
</beans:beans>
login.jsp
<html>
<body class="login t_center" onload="document.f.username.focus();">
<form name="f" action="login" method="POST">
<label>user: </label>
<input id="username" type="text" name="username" />
<label>password: </label>
<input id="password" type="password" name="password" />
<input class="login-button" name="submit" type="submit" value="login"/>
</form>
</body>
</html>
glassfish-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE glassfish-web-app PUBLIC "-//GlassFish.org//DTD GlassFish Application Server 3.1 Servlet 3.0//EN" "http://glassfish.org/dtds/glassfish-web-app_3_0-1.dtd">
<glassfish-web-app>
<context-root>/BMSim</context-root>
</glassfish-web-app>
We have tried a lot of different things, but being no experts in Spring Security (or any part of Spring's framework, for that matter), we can't seem to be able to find the problem.
Any ideas on what can be causing this strange behavior (working in some environments, but not in others)?
This was finally solved and it turned out that it was a conflict between the version of the SQL Server driver defined in pom.xml (v4.2) and the actual jar that was placed on the Glassfish domain's lib folder (v4.0).
- How to authenticate resource owner with JWT when sending request to /oauth2/authorize?
- How to add Header - Authorization for swagger 3, spring boot
- How to manage exceptions thrown in filters in Spring?
- why does spring security refuse to use my config file
- An error occurred while attempting to decode the Jwt: Signed JWT rejected: Another algorithm expected, or no matching key(s) found
- After Spring Boot 3 update: Manually authenticating user not working
- Multiple user details services for different endpoints
- Spring Security - Authrozation on rest apis
- Exclude specific resource page(s) from Cross-Origin-Resource-Policy same-origin header in Spring WebSecurityConfigurerAdapter
- my Spring CustomSecurityExpressionRoot not working
- @EnableGlobalMethodSecurity is deprecated in the new spring boot 3.0
- Spring Security blocks POST requests despite SecurityConfig
- #oauth2 security expressions on method level
- Calling spring authorization server OAuth2 REST endpoints
- How to extend the RequestMatcher in default RequestCache in Spring Security?
- How do I ensure a filter is executed after security filters in the SecurityFilterChain?
- how does spring security order multiple SecurityFilterChain?
- Spring 6 upgrade @PreAuthorize not working with ArgumentResolver
- Why is WebDataBinder used when Jackson is/should be used for deserialization (which breaks correct order of validation/authorization)?
- CORS in Spring Security (Spring Boot 3)
- Spring Security Authentication returns empty authorities
- Should i use ofNullable after checking if the value is null?
- Spring Boot throwing 401 Unauthorized on POST request
- Spring Boot security, always opens login page
- Spring boot 3 Upgrade - java.lang.NoSuchMethodError
- How to save header's value into Spring Security context considering concurrency safety
- Property 'security.basic.enabled' is Deprecated: The security auto-configuration is no longer customizable
- Consider defining a bean of type 'org.springframework.security.authentication.AuthenticationManager' in your configuration
- StackOverflowError with Unresolvable Circular Reference in AuthenticationManager Bean Definition
- Spring Security 6.3.3 WebFlux CORS