Tech Forum

Community Discussion of Church Technology
https://tech.churchofjesuschrist.org/forum/

custom login page

https://tech.churchofjesuschrist.org/forum/viewtopic.php?t=17988

Page 1 of 1

custom login page

Posted: Mon Dec 09, 2013 10:19 am
by pauldev
I am using the lds java stack. I am trying to create my own login page, but I cannot seem to get it to work. Below is my spring config. Anyone see any errors?
<sec:http use-expressions="true" >
<sec:form-login login-processing-url="/static/j_spring_security_check"
login-page="/login"
authentication-failure-url="/login?login_error=t"/>
<sec:logout invalidate-session="true" />
<sec:intercept-url requires-channel="http" pattern="/spring_security_login" access="permitAll" />
<sec:intercept-url pattern="/xmlMetadata/getTn/**" access="permitAll"/>
<sec:intercept-url pattern="/**" access="isAuthenticated() and hasAnyRole( 'admin', 'scan', 'process', 'metadata', 'search')" />


<sec:access-denied-handler error-page="/errors/accessDenied" />
</sec:http>

Re: custom login page

Posted: Wed Jun 18, 2014 2:04 pm
by pauldev
I noticed that there was not a reply yet to this question...
Robert T helped me solve this last year...
Here is the info that he provided to me that got my code to work.
Just in case you are spinning your wheels on the same thing:

"I've attached a simple example application with a custom login form. The most basic steps are these:

1. If using Spring Web MVC define the login view controller in WEB-INF/<yourapp>-servlet.xml

<mvc:view-controller path="/security/login" />


2. In your applicationContext.xml, define a security rule for your login page to prevent an infinite redirect. To simply disable security, you may insert something like the following:

<sec:http security="none" pattern="/security/login" />

Alternatively, some people prefer to give this page anonymous access by adding an <intercept-url> child element. With security="none", the security context element will be null if you try to use it from on the page. With anonymous access, users will still be able to access the page but they will have an anonymous security context until they authenticate.

3. Configure Spring security to use your custom page by supplying the "login-page" attribute on the <sec:form-login> element.

<sec:http use-expressions="true">
<sec:intercept-url pattern="/**" access="isAuthenticated()" />
<sec:form-login login-page="/security/login"/> <!-- custom login -->
<sec:http-basic />
<sec:logout />
</sec:http>

The order of <sec:http> elements is important. The first matching rule will win."
All times are UTC-06:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited