Spring Security 3 - always return error 302

Question

I use Spring 4 to create a simple application. Recently, I\'m adding Spring Security 3 to the project but always get the Error Code 302 ( so it redirect to home

Answer 1

I believe Spring is redirecting you to /home because you didn't actually authenticated a User through the login process.

1. You access your web-app through http://mylocal:8080/moon returning the home.jsp view
2. You click the SignIn button, submitting your login form since no form login is explicitly declared, Spring Security will display the username and password prompt box for the end-user to enter its credentials
3. These credentials are then POSTed to the login processing URL (/acct/signin) for which you happen to have a mapping with the signin method in the AccountController
4. Such controller fails to authenticate a User the Spring way, but still redirect the request to /demo by returning a String
5. The /demo path is protected (.anyRequest().authenticated()) to any unauthenticated user, since the current user is indeed unauthenticated, Spring Security will automatically redirect the request to the login page
6. You end up on /home (.loginPage("/home"))

Using a InMemoryUserDetailsManagerConfigurer (see inMemoryAuthentication javadoc), you can only successfully login through the configured credentials. If you want a fully-fledged Authentication system, you must provide an UserDetailsService implementation to your Spring Security configuration (through the userDetailsService method).

---

EDIT : Following the conversation with chialin.lin, it seems the missing configuration was a defaultSuccessfulUrl for Spring Security to know where to redirect the user once authenticated.