Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/spring-mvc/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Spring mvc 如何使用Spring安全登录划分安全区域和非安全区域_Spring Mvc - Fatal编程技术网
Fatal编程技术网
  • spring-mvc/
  • Spring mvc 如何使用Spring安全登录划分安全区域和非安全区域

Spring mvc 如何使用Spring安全登录划分安全区域和非安全区域

spring-mvc

Spring mvc 如何使用Spring安全登录划分安全区域和非安全区域,spring-mvc,Spring Mvc,我当前的SpringMVC应用程序最初设计为只容纳经过身份验证的用户,因此要使用该应用程序,用户将导航到www.myappdomain.com。但是,现在我想将这些资源迁移到www.myappdomain.com/member下,并将前一个资源用作静态网站(或任何人都可以访问) 我能想到的一个解决方案是使用RequestMapping(“member”)修改所有控制器,但这也要求我修改JSP中的所有映射 有没有其他更方便的方法来实现我想要的 已更新 根据M.Deinum给出的答案,我决定创建额外

我当前的SpringMVC应用程序最初设计为只容纳经过身份验证的用户,因此要使用该应用程序,用户将导航到
www.myappdomain.com
。但是,现在我想将这些资源迁移到
www.myappdomain.com/member
下,并将前一个资源用作静态网站(或任何人都可以访问)

我能想到的一个解决方案是使用
RequestMapping(“member”)
修改所有控制器,但这也要求我修改JSP中的所有映射

有没有其他更方便的方法来实现我想要的

已更新

根据M.Deinum给出的答案,我决定创建额外的servlet名称。但是,每次我尝试登录时(无论是否使用正确的凭据),我都会被重定向到登录页面

web.xml

org.springframework.security

DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/**/favicon.ico'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/**/resources/**'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/maintenance.html'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 1 of 11 in additional filter chain; firing Filter: 'ChannelProcessingFilter'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/login*'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/**'
DEBUG: org.springframework.security.web.access.channel.ChannelProcessingFilter - Request: FilterInvocation: URL: /member/j_spring_security_check; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2d4d3ce6. A new one will be created.
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 3 of 11 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FACD6A03C058DB14AFEE4FF7BAF6A1FA; Granted Authorities: ROLE_ANONYMOUS'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/login*'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/**'
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /member/j_spring_security_check; Attributes: [isFullyAuthenticated()]
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FACD6A03C058DB14AFEE4FF7BAF6A1FA; Granted Authorities: ROLE_ANONYMOUS
DEBUG: org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@72ffa2f5, returned: -1
DEBUG: org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)
如果一切都在一场战争中,并且您不想修改控制器,只需向web.xml添加另一个
DispatcherServlet

<servlet>
    <servlet-name>member</servlet-name>
    // Other properties
</servlet>

<servlet-mapping>    
    <servlet-name>member</servlet-name>
    <url-pattern>/member/*</url-pattern>
</servlet-mapping>
要使其在筛选器映射中工作。

您需要更改第二个
截取url
以仅包含成员路径。像这样

<intercept-url pattern="/members/**" access="isFullyAuthenticated()" requires-channel="https" />
更新

由于这通常是在Spring中直接实现的,所以我采用了您的安全上下文并对其进行了简化。试试这个。一旦工作正常,您可以添加一些附加选项:

<http pattern="/**/favicon.ico" security="none" />
<http pattern="/**/resources/**" security="none" />
<http pattern="/maintenance.html" security="none" />
<http pattern="/member/login**" security="none" />

<http pattern="/member/**" auto-config="false" use-expressions="true">

    <intercept-url pattern="/member/**" access="isAuthenticated()"
        requires-channel="https" />

    <form-login 
       authentication-success-handler-ref="myAuthenticationSuccessHandler"
       login-page="/member/login" 
       authentication-failure-url="/member/loginFailed" 
    />

    <logout invalidate-session="true" delete-cookies="JSESSIONID" />
</http>
使用

静态和动态内容是否在同一war文件中?是。如果我把它们分开会更好吗?不,只是想知道。。。看看我的答案。张贴你的登录表。我的猜测是提交到“/j_-spring\u security\u check”,但是它应该提交到“/member/j_-spring\u security\u check”,因为过滤器侦听它提交到
/member/j_-spring\u security\u check
的以“/member”开头的URL,并说它找到了。我是通过Chrome的网络标签查到的。谢谢你给我指明了正确的方向。但是,每次尝试登录时,我都会被重定向到登录页面。我正在用xml文件更新我的问题。感谢您的
DispatcherServlet
映射到/,请确保您启用了
,当然,您已经正确配置了Spring安全性(它应该以/*的url模式映射,而不是映射到servlet)。我的静态内容可以查看。只是禁区无法相应进入。我将按照您的建议进行操作,并将更新返回给您。也许您想使用您在
登录处理url
上的最后一条评论更新您的答案。我尝试了
/member/**
/**
,但它仍然提供了
org.springframework.security.web.access.ExceptionTranslationFilter-访问被拒绝(用户是匿名的);重定向到身份验证入口点org.springframework.security.access.AccessDeniedException:访问被拒绝
error.Hmm…您是否尝试过此操作:
。使用此操作后,我收到此错误
警告:org.springframework.web.servlet.PageNotFound-找不到URI为HTTP请求的映射[/dnag2/member/j_-spring\u security\u check]在名为“app”的DispatcherServlet中
我仍在获取访问被拒绝spring安全日志上的错误查看您的日志输出UsernamePasswordAuthenticationFilter未处理URL。添加
登录处理URL=“/member/j_-spring\u security\u check”
到您的
表单登录
元素。默认值为“//j\u spring\u security\u check”,您需要将其强制到“//member/j\u spring\u security\u check”。或者将筛选器映射到//*并让表单提交到“/dnag2/j\u spring\u security\u check” 
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/**/favicon.ico'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/**/resources/**'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/maintenance.html'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 1 of 11 in additional filter chain; firing Filter: 'ChannelProcessingFilter'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/login*'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/**'
DEBUG: org.springframework.security.web.access.channel.ChannelProcessingFilter - Request: FilterInvocation: URL: /member/j_spring_security_check; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - HttpSession returned null object for SPRING_SECURITY_CONTEXT
DEBUG: org.springframework.security.web.context.HttpSessionSecurityContextRepository - No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@2d4d3ce6. A new one will be created.
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 3 of 11 in additional filter chain; firing Filter: 'ConcurrentSessionFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
DEBUG: org.springframework.security.web.authentication.AnonymousAuthenticationFilter - Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FACD6A03C058DB14AFEE4FF7BAF6A1FA; Granted Authorities: ROLE_ANONYMOUS'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
DEBUG: org.springframework.security.web.FilterChainProxy - /member/j_spring_security_check at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/login*'
DEBUG: org.springframework.security.web.util.AntPathRequestMatcher - Checking match of request : '/member/j_spring_security_check'; against '/member/**'
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Secure object: FilterInvocation: URL: /member/j_spring_security_check; Attributes: [isFullyAuthenticated()]
DEBUG: org.springframework.security.web.access.intercept.FilterSecurityInterceptor - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@9055c2bc: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@b364: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FACD6A03C058DB14AFEE4FF7BAF6A1FA; Granted Authorities: ROLE_ANONYMOUS
DEBUG: org.springframework.security.access.vote.AffirmativeBased - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@72ffa2f5, returned: -1
DEBUG: org.springframework.security.web.access.ExceptionTranslationFilter - Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
    at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:83)
    at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:206)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:115)
    at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:84)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:183)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.session.ConcurrentSessionFilter.doFilter(ConcurrentSessionFilter.java:125)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:947)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1009)
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:724)

<servlet>
    <servlet-name>member</servlet-name>
    // Other properties
</servlet>

<servlet-mapping>    
    <servlet-name>member</servlet-name>
    <url-pattern>/member/*</url-pattern>
</servlet-mapping>

<form-login login-processing-url="/member/j_spring_security_check" ... />

<intercept-url pattern="/members/**" access="isFullyAuthenticated()" requires-channel="https" />

<http pattern="/**/favicon.ico" security="none" />
<http pattern="/**/resources/**" security="none" />
<http pattern="/maintenance.html" security="none" />
<http pattern="/member/login**" security="none" />

<http pattern="/member/**" auto-config="false" use-expressions="true">

    <intercept-url pattern="/member/**" access="isAuthenticated()"
        requires-channel="https" />

    <form-login 
       authentication-success-handler-ref="myAuthenticationSuccessHandler"
       login-page="/member/login" 
       authentication-failure-url="/member/loginFailed" 
    />

    <logout invalidate-session="true" delete-cookies="JSESSIONID" />
</http>