I'm having to migrate an application from Spring Security 2 to 3.2 and I'm completely lost, I've never used spring security :(
I modified some configurations on spring-security.xml:
<http pattern="/ordreminderform.jsp" security="none" />
<http pattern="/passwordreminder.jsp" security="none" />
<http pattern="/getUser.jsp" security="none" />
<http pattern="/csra2.css" security="none" />
<http auto-config="true" access-denied-page="/accessDenied.jsp">
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/index.jsp"
access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" />
<intercept-url pattern="/Users.do" access="ROLE_ADMIN" />
<intercept-url pattern="/Project.do"
access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" />
<intercept-url pattern="/Csra.do"
access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" />
<intercept-url pattern="/About.do"
access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" />
<session-management session-fixation-protection="newSession">
<concurrency-control max-sessions="1"
error-if-maximum-exceeded="false" />
</session-management>
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?login_error=true"
username-parameter="username" password-parameter="password"
default-target-url="/index.jsp" always-use-default-target="true" />
</http>
<http>
<intercept-url pattern="/usuarios/**"
access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" />
<intercept-url pattern="/admin/**" access="ROLE_ADMIN" />
<!--<intercept-url pattern="/**" -->
<!-- access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" /> -->
</http>
<http pattern="/imagens/**" security="none" />
<http pattern="/js/**" security="none" />
<http pattern="/css/**" security="none" />
<http pattern="/fonts/**" security="none" />
<http>
<intercept-url pattern="/**"
access="ROLE_USER,ROLE_ADMIN,ROLE_B1,ROLE_B2,ROLE_B3" />
</http>
When I try to deploy it, it throws:
org.springframework.beans.factory.parsing.BeanDefinitionParsingException: Configuration problem:No AuthenticationEntryPoint could be established. Please make sure you have a login mechanism configured through the namespace (such as form-login) or specify a custom AuthenticationEntryPoint with the 'entry-point-ref' attribute |Offending resource: class path resource [spring-security-config.xml]
It's weird because I do have a form-login! The .xml is a mess and I'm trying to make it better. I'm using Spring* 3.1.0 and Spring Security 3.2.3
Thanks!