Implementation Guide for Oracle Billing Insight > Customizing User Management > Customizing User Authentication and Authorization With Spring Security >

Customizing Authentication URLs

You can customize the default URLs for the following authentication pages:

• Login Page. The URL to display the Login page.
• Default Login Target. The URL for the page that displays to the user after logging in. The target can be an action, JSP, or HTML.

  NOTE:  If the user was prompted to log in after attempting to access a secured resource, then Spring displays the page for the originally requested URL.

• Access Denied Page. The URL for the Access Denied Page. If an authenticated user requests a page that he or she does not have authority to access, then Spring redirects the user to the Access Denied Page.
• Log Out Target Page. The destination URL that displays to the user after logging out.
• Login Failure Target. The URL for the page that displays to the user on login failure.

To customize Spring Security default URLs

1. Open the spring-security.xml file, located in the following directory:
   • UNIX. EDX_HOME/config/security/selfservice
   • Windows. EDX_HOME\config\security\selfservice
2. In the security:http section of the spring-security.xml file, edit the appropriate URL attribute, shown in the following table.

   Feature URL	Spring Configuration Attribute	Mapping Details
   Login Page	login-page	The login-page attribute maps to the loginFormUrl property of the LoginUrlAuthenticationEntryPoint.
   Default Login Target	default-target-url	The default-target-url attribute maps to the defaultTargetUrl property of UsernamePasswordAuthenticationFilter code.
   Access Denied Page	error-page	None.
   Log Out Target Page	logout-success-url	None.
   Login Failure Target	authentication-failure-url	The authentication-failure-url attribute maps to the authenticationFailureUrl property of the UsernamePasswordAuthenticationFilter code.