Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1901: Forwarding to /j_spring_security_check results in 404 #2131

spring-issuemaster opened this Issue Jan 29, 2012 · 7 comments


None yet
2 participants

Brad Chen (Migrated from SEC-1901) said:

In a JSF environment, RequestDispatcher is used to forward request to /j_spring_security_check to do user login. In Spring Security 3.1.0, doing so results in 404 error. The same code works fine with 3.0.7.

Currently I use a custom filter to invoke UsernamePasswordAuthenticationFilter directly to work around the problem. As such, I suspect FilterChainProxy is not run when the request is forwarded.

Luke Taylor said:

Are you applying the security filter chain to forwarded requests in your web.xml configuration?

Brad Chen said:

Yes, FORWARD is one of the dispatchers for the filter. The code works in 3.0.7 but not in 3.1.0.

Luke Taylor said:

Sorry, but it's pretty hard to know what's going on without more details. Could you provide a sample app which reproduces the issue? Or some the debug log from the point where the request is forwarded. It may also depend on the container you're running in.

Brad Chen said:

sample app

Brad Chen said:

The sample app has been attached. It seems that the problem occurs when is enabled in security.xml. When it's removed, the app works fine.

The user of the sample app is admin/admin.

Rob Winch said:

Thanks for the good example project. The issue was that DebugFilter extended OncePerRequestFilter which will only be invoked once per request (i.e. it skips being invoked on the FORWARD). I have made updates in master to correct the issue.

Rob Winch said:

Changed to namespace since the DebugFilter is in config jar not the web jar

@spring-issuemaster spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment