what does value = "/admin**" means in @RequestMapping

Hi,
I got the example from :
http://www.mkyong.com/spring-security/spring-security-form-login-using-database/
I downloaded the annotation version.
There is a line of code in controller which says :
      @RequestMapping(value = "/admin**", method = RequestMethod.GET)
What does ** means here ?

Even if i type http://localhost:8080/admin
I see the controller invokes the login function only.

Any help to understand the code in the above mentioned link please.

Thanks
Rohit BajajAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jim CakalicSenior Developer/ArchitectCommented:
'**' matches zero or more path segments so '/admin/**' will match any resource path that starts with /admin. FYI, it's an Ant-style glob so if you google that you'll find more information.

Regards,
Jim
0
Rohit BajajAuthor Commented:
HI,
In that case what i understood
the link http://localhost:8080/admin should redirect to
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
      public ModelAndView adminPage() {

But its actually redirecting to
@RequestMapping(value = "/login", method = RequestMethod.GET)
      public ModelAndView login(@RequestParam(value = "error", required = false) String error,
                  @RequestParam(value = "logout", required = false) String logout)
0
Jim CakalicSenior Developer/ArchitectCommented:
That would indicate to me that /admin is a protected resource and the session has not completed authentication or timed out prior to requesting it.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Rohit BajajAuthor Commented:
HI,
I found one file in the project which probably matches what you are saying :

package com.mkyong.config;

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Autowired
	DataSource dataSource;
	
	@Autowired
	public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
		
		auth.jdbcAuthentication().dataSource(dataSource)
			.usersByUsernameQuery("select username,password, enabled from users where username=?")
			.authoritiesByUsernameQuery("select username, role from user_roles where username=?");
	}	
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {

		http.authorizeRequests()
			.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
			.and()
				.formLogin().loginPage("/login").failureUrl("/login?error")
					.usernameParameter("username").passwordParameter("password")
			.and()
				.logout().logoutSuccessUrl("/login?logout")
			.and()
				.exceptionHandling().accessDeniedPage("/403")
			.and()
				.csrf();
		
	}
}

Open in new window


Please help me in understanding this code.
How does and when spring executes it ?
Or provide me a reference so i can learn about it.

I also have a table user_roles
which has the following data which probably helps explaining whats going on above :
2      mkyong      ROLE_ADMIN
3      alex              ROLE_USER
1      mkyong      ROLE_USER
0
Jim CakalicSenior Developer/ArchitectCommented:
0
Rohit BajajAuthor Commented:
Hi,
Thanks for help. But i am still struggling to understand whats going on at the back..
It would be really great if you can answer some of my questions.
If you want i can create a separate question for it.

The other table which i have is of users :
alex              123456      1
mkyong      123456      1

here 123456 is the password.
Now i have the following login.jsp :
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>
<html>
<head>
<title>Login Page</title>
<style>
.error {
	padding: 15px;
	margin-bottom: 20px;
	border: 1px solid transparent;
	border-radius: 4px;
	color: #a94442;
	background-color: #f2dede;
	border-color: #ebccd1;
}

.msg {
	padding: 15px;
	margin-bottom: 20px;
	border: 1px solid transparent;
	border-radius: 4px;
	color: #31708f;
	background-color: #d9edf7;
	border-color: #bce8f1;
}

#login-box {
	width: 300px;
	padding: 20px;
	margin: 100px auto;
	background: #fff;
	-webkit-border-radius: 2px;
	-moz-border-radius: 2px;
	border: 1px solid #000;
}
</style>
</head>
<body onload='document.loginForm.username.focus();'>

	<h1>Spring Security Login Form (Database Authentication)</h1>

	<div id="login-box">

		<h3>Login with Username and Password</h3>

		<c:if test="${not empty error}">
			<div class="error">${error}</div>
		</c:if>
		<c:if test="${not empty msg}">
			<div class="msg">${msg}</div>
		</c:if>

		<form name='loginForm'
			action="<c:url value='/login' />" method='POST'>

			<table>
				<tr>
					<td>User:</td>
					<td><input type='text' name='username'></td>
				</tr>
				<tr>
					<td>Password:</td>
					<td><input type='password' name='password' /></td>
				</tr>
				<tr>
					<td colspan='2'><input name="submit" type="submit"
						value="submit" /></td>
				</tr>
			</table>


	 <input type="hidden" name="${_csrf.parameterName}"
				value="${_csrf.token}" />

		</form>
	</div>

</body>
</html>

Open in new window


This gets invoked when i hit the url : http://localhost:8080/login
Now when i entere username = alex and password = 123456
I find by setting debug points that the following function gets called :

	@RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
	public ModelAndView defaultPage() {

		ModelAndView model = new ModelAndView();
		model.addObject("title", "Spring Security Login Form - Database Authentication");
		model.addObject("message", "This is default page!");
		model.setViewName("hello");
		return model;

	}

Open in new window


But in the login.jsp form we have
  <form name='loginForm'
			action="<c:url value='/login' />" method='POST'>

Open in new window


That says the /login controller should have been fired..

I think something is going on in the SecurityConfig.java class which i shared earlier. but i dont understand its two functions :
public void configAuthentication(AuthenticationManagerBuilder auth) throws Exception {
		
		auth.jdbcAuthentication().dataSource(dataSource)
			.usersByUsernameQuery("select username,password, enabled from users where username=?")
			.authoritiesByUsernameQuery("select username, role from user_roles where username=?");
	}	
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {

		http.authorizeRequests()
			.antMatchers("/admin/**").access("hasRole('ROLE_ADMIN')")
			.and()
				.formLogin().loginPage("/login").failureUrl("/login?error")
					.usernameParameter("username").passwordParameter("password")
			.and()
				.logout().logoutSuccessUrl("/login?logout")
			.and()
				.exceptionHandling().accessDeniedPage("/403")
			.and()
				.csrf();
		
	}

Open in new window


How the page is getting redirected and what this configure and configAuthentication are doing.

Thanks a lot for help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Java

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.