Spring : Spring Security in a web application
This page last changed on Jan 09, 2008 by Kees de Kooter
Spring Security, formerly known as Acegi has reached its first milestone. The configuration is radically simplified. Here are my first steps.
New config file
The new config takes advantage of the spring namespace support. Unfortunately the schema is not yet published.
<beans:beans xmlns:beans="http://www.springframework.org/schema/beans" xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd "> <annotation-driven /> <http auto-config="true"> <form-login login-page="/login.jsp" authentication-failure-url="/login-failed.jsp" /> <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" /> </http> <authentication-provider> <jdbc-user-service data-source="dataSource"/> </authentication-provider> </beans:beans>
This code was copied from Ben Alex' blog http://blog.interface21.com/main/2007/12/06/whats-new-in-spring-security-2/ entry about Spring Security. Unfortunately it does not work properly. I get the following exception in Firefox:
The page isn't redirecting properly
Firefox has detected that the server is redirecting the request for this address in a way that will never complete.
I had this problem with Acegi as well and solved it by excluding login.jsp from authentication. I was hoping the framework is by now clever enough to not protect its own login page .