I have an application running with spring-security version 2.0.4 and now i need to change that to version 4.2.0...
I create login page with this sample:
http://facestutorials.icefaces.org/tutorial/spring-security-basic.html
springSecurityLogin.jspx
<?xml version="1.0" encoding="ISO-8859-1" ?>
<f:view xmlns:f="http://java.sun.com/jsf/core"
xmlns:h="http://java.sun.com/jsf/html"
xmlns:ice="http://www.icesoft.com/icefaces/component">
<ice:outputDeclaration doctypeRoot="HTML"
doctypePublic="-//W3C//DTD HTML 4.01 Transitional//EN"
doctypeSystem="http://www.w3.org/TR/html4/loose.dtd"/>
<html>
<head>
<title>Spring Security Login</title>
</head>
<body>
<ice:form partialSubmit="false">
<ice:panelGrid columns="2">
<ice:outputLabel value="User Name" for="j_username"/>
<ice:inputText id="j_username"
value="#{loginBean.userId}" size="40"
maxlength="80"/>
<ice:outputLabel value="Password" for="j_password"/>
<ice:inputSecret id="j_password"
value="#{loginBean.password}" size="40"
maxlength="80"/>
</ice:panelGrid>
<ice:commandButton actionListener="#{loginBean.login}" value="Login"/>
<ice:messages style="color: red;"/>
</ice:form>
</body>
</html>
</f:view>
my login method:
public void login(ActionEvent e) throws java.io.IOException {
FacesContext.getCurrentInstance().getExternalContext().redirect("/spring-authentication/j_spring_security_check?j_username=" + userId + "&j_password=" + password);
}
That was working... But when i change the spring security version to 4.2.0 I got http error 404 when try to login.
Someone knows whats is happening?
The problem is the following...
spring-security allow authentication http call with GET or POST, after migrate, by default it's allow only POST calls.
To solve it, just insert the following line on your AuthenticationFilter:
UsernamePasswordAuthenticationFilter.setPostOnly(false);
This solve the problem.