How to prevent Spring Security 2.5 from overriding the loading of a Welcome Page (index.html)

I have a Spring MVC Web app that I'd like to show a simple Welcome Page (index.html). On that page, I just to have a 2 href links: one to bring me to the Login Page that is then implemented using Spring Security (2.5.6) and Hibernate 3 and the other to a Registration Page for new users.

However, the problem is that Spring Security automatically loads my login page each time and does NOT load the index.html page where I have coded the 2 links to forward me to either login or registration. I am 开发者_Python百科brought to the login page which works fine. However, I never get to show the initial index.html page of my web application.

Can anyone shed light on how to prevent Spring Security from overriding the 'Welcome Page' with it's Login Page.

Many thanks.

Here is my Spring Security set up in web.xml:

<context-param>
    <param-name>contextConfigLocation</param-name>
    <param-value>
        WEB-INF/spring-beans.xml 
        WEB-INF/spring-security.xml
    </param-value>
</context-param>

 <filter>
    <filter-name>springSecurityFilterChain</filter-name>
    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>

<filter-mapping>
    <filter-name>springSecurityFilterChain</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

<welcome-file-list>
    <welcome-file>index.html</welcome-file>

</welcome-file-list>

There's nothing wrong with your web.xml file, you need to show us your WEB-INF/spring-security.xml file.

If you keep getting directed to the login page, chances are you mess up the intercept-url pattern that causes your welcome page to be caught by Spring Security for further authentication before displaying it.

This is an example of the intercept-url tags that you will find in your WEB-INF/spring-security.xml file:-

<http auto-config="true" access-denied-page="/accessDenied.jsp">
        <intercept-url pattern="/login.jsp*" filters="none"/>  
        <intercept-url pattern="/admin/searchUsers.do" access="ROLE_ADMIN"  />
        <intercept-url pattern="/**.do" access="ROLE_USER,ROLE_ADMIN"  />
        <form-login authentication-failure-url="/login.jsp?login_error=1" default-target-url="/home.do"/>
        <logout logout-success-url="/home.do"/>
    </http>

use

<form-login login-page="/login.jsp" />

Controller should handle user's request and in your case no controller which mapped to this URL. When controller found, it performs some logic and returns view name which will be used to represent server's response. So, view name translator called only after controller and only for deduce full path to particular JSP file.

<mvc:view-controller path="/" view-name="index"/>

Try to add