I am developing a simple struts2 login page using spring security.The problem is that whenever I login, it always show my custom access denied page no matter the user is valid or not. I don't understand the error, as no error is showing except a warning:
org.apache.struts2.components.ServletUrlRenderer.warn No configuration found for the specified action: 'j_spring_security_check' in namespace: '/'. Form action defaulting to 'action' attribute's literal value.
my web.xml
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext-security.xml
</param-value>
</context-param>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>struts2</filter-name>
<filter-class>org.apache.struts2.dispatcher.ng.filter.StrutsPrepareAndExecuteFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>struts2</filter-name>
<url-pattern>*.action</url-pattern>
</filter-mapping>
<welcome-file-list>
<welcome-file>/jsp/index.jsp</welcome-file>
</welcome-file-list>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
my applicationContext-security.xml
<http auto-config="true">
<intercept-url pattern="/direct.action" access="permitAll()" />
<intercept-url pattern="/admin.action" access="hasRole('ROLE_Admin')" />
<access-denied-handler error-page="/jsp/deniedAccess.jsp" />
<form-login login-page="/jsp/login.jsp" default-target-url="/admin.action"
authentication-failure-url="/validateUser.action?error"
username-parameter="username" password-parameter="password" />
<logout logout-success-url="/logout.action?logout" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="user" password="user" authorities="ROLE_User" />
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
struts.xml
<struts>
<package name="default" extends="struts-default" namespace="/">
<action name="direct" class="action.LogAction" method="reDirect">
<result name="success">/jsp/login.jsp</result>
</action>
<action name="admin" class="action.LogAction" method="directAdmin">
<result name="success">/admin/adminHome.jsp</result>
</action>
<action name="validateUser" class="action.LogAction" method="errorDirect">
<result name="success">/jsp/login.jsp</result>
</action>
<action name="logout" class="action.LogAction" method="directLogout">
<result name="success">/jsp/login.jsp</result>
</action>
</package>
index.jsp
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Redirecting...</title>
</head>
<body>
Redirecting...
<META HTTP-EQUIV="Refresh" CONTENT="0;URL=direct.action">
</body>
I don't know what is the error.Any help will be appreciated
login.jsp
<s:form action="j_spring_security_check" namespace="/" method="post">
<s:textfield name="username" label="Username"/>
<s:password name="password" label="Password"/>
<s:submit align="center" value="Login"/>
</s:form>
Your login.jsp form tag points at j_spring_security_check, which isn't an action name in your struts.xml. Change that to whatever action name which will handle the login post.
If you have written a method in action.LogAction (or implemented execute()) to actually handle your login, you need to provide both a success and a failure result in the struts.xml The success result should take the user to wherever they should be after successful login, the failure result takes them back to the login jsp. See the struts docs here for more info.