I'm new to SpringSecurity.
This my Spring-security-Context.xml file
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<http auto-config="true" path-type="ant">
<form-login login-page="/jack/login" authentication-failure-url="/jack/login" default-target-url="/jack/home" />
<intercept-url pattern="/themes/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/js/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/images/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/resources/**" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/**/*.png" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/**/*.jpg" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/upload-users" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/jack/login" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none" />
<intercept-url pattern="/jack/logincheck" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/jack/logout" access="IS_AUTHENTICATED_ANONYMOUSLY" filters="none"/>
<intercept-url pattern="/jack/sessionExpire" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/jack/**" access="IS_AUTHENTICATED_REMEMBERED" />
<intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:logout logout-url="/jack/logout"
logout-success-url="/jack/login" invalidate-session="true" />
<session-management invalid-session-url="/jack/logout" >
<concurrency-control max-sessions="1" error-if-maximum-exceeded="false" expired-url="/jack/logout"/>
</session-management>
<security:custom-filter ref="expiredSessionFilter" after="REMEMBER_ME_FILTER"/>
</http>
<beans:bean id="expiredSessionFilter" class="com.jack.web.filter.ExpiredSessionFilter">
</beans:bean>
<!-- Authentication providers -->
<beans:bean id="customAuthenticationProvider" class="com.jack.security.provider.CustomAuthenticationProvider" >
<!-- <security:custom-authentication-provider /> -->
<!-- <beans:property name="userDetailsService" ref="userDetailsService"/> -->
</beans:bean>
<authentication-manager>
<authentication-provider ref="customAuthenticationProvider" />
</authentication-manager>
</beans:beans>
case 1:
in web.xml
jack is the springcontext name
in security-context.xml
jack is the pattern like /jack/login
when i give URL like
localhost:8080/project/jack/login
this spring security works very well
case 2:
in web.xml
xxx is the springcontext name
in security-context.xml jack is the pattern like /jack/login
i'm not change anything in securitycontext.xml
When I give
localhost:8080/project/xxx/login
spring security allows the user to enter into my application.
after logout, if user copy - paste's the home page url means spring security not redirecting the user into login page.
How can i redirect the user to spring login page or is there any other option i have?