Env: Spring 3.1.3 Spring security: 3.1.3 Spring ldap: 1.3.1 JDK1.6
Problem: I get a 404 on my login-processing-url.
Details: I have three http intercept blocks: a public one, the second one used to intercept and secure URLs for admins (uses authentication manager 1) and the third one for regular users (uses authentication manager 2).
When the login form in http intercept block 1 post the credentials to the login-processing-url of the form login, it yields 404. I do mot get this - since the form login announces the login-processing-url, shouldn't that filter chain recognize that URL?
Also, shluld I explicitly do "permitAll" on the login-processing-url of a form or is that automagically done under the covers?
Lastly, is it problematic to have distinct http interceptor blocks to have distinct login-processing-urls? (I cannot see why - but I ask anyways).
Configs:
Spring security configuration:
//...
<debug />
<global-method-security secured-annotations="enabled" />
<http pattern="/public/**" security="none"/>
<http use-expressions="true" pattern="/protected/x/support/**" authentication-manager-ref="lAdminAuthManager">
<intercept-url pattern="/protected/x/support/**" access="hasRole('ROLE_ADMIN')"/>
<form-login login-page="/public/login.jsp"
login-processing-url="/protected/x/support/j_spring_security_check"
username-parameter="username"
password-parameter="password"
authentication-failure-url="/login/form?error"
default-target-url="/protected/x/support/index.html"/>
</http>
<http use-expressions="true" entry-point-ref="lUserLoginEntryPoint">
<intercept-url pattern="/protected/x/foo1/**" access="permitAll"/>
<intercept-url pattern="/protected/x/foo2/**" access="permitAll"/>
<intercept-url pattern="/j_spring_security_check" access="permitAll"/>
<intercept-url pattern="/**" access="hasRole('ROLE_USER')"/>
<custom-filter ref="lUserLoginFilter" position="FORM_LOGIN_FILTER"/>
<custom-filter ref="lPreauthAuthenticationFilter" position="PRE_AUTH_FILTER" />
</http>
//...
Any hints greatly appreciated!
Thanx,
Uma