The following code is working as expected without any issue in Spring Boot 1.5.3 but not in 2.0.0-BUILD-SNAPSHOT.
Can any one tell me how to call redirect in Spring Boot 2.0.0?
Main class:
#SpringBootApplication
public class SpringBootExampleApplication {
public static void main(String[] args) {
// TODO: Auto-generated method stub
SpringApplication.run(SpringBootExampleApplication.class, args);
}
}
Controller:
#RequestMapping(value = "/validateUser", method = RequestMethod.POST)
public String forawar(Model model) {
// Validate before authentication
return "redirect:/login";
}
WebSecurityConfigurerAdapter:
#Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
// httpSecurity.httpBasic().and().authorizeRequests().anyRequest().authenticated().and().csrf().disable();
httpSecurity
.authorizeRequests()
.antMatchers("/", "/index", "/validateUser").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/loginError")
.defaultSuccessUrl("/dashBoardHome")
.permitAll()
.and()
.csrf().disable()
.logout().logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/index")
.permitAll();
}
Related
I have a similar issue with this post that I get status 404 instead of index page by adding context path. I doubt that I did something wrong like put the #EnableWebSecurity in the WebSecurityConfig file or in the Controller.
Here is the spring-boot config
#Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers(
"/registration**",
"/js/**",
"/css/**",
"/img/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/bad-404")
.defaultSuccessUrl("/")
.usernameParameter("email") //needed, if custom login page
.passwordParameter("password") //needed, if custom login page
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll();
}
Here is the main class to run the app
public static void main(String[] args) {
System.setProperty("server.servlet.context-path", "/index");
SpringApplication.run(SmartcardApplication.class, args);
}
Here is the Controller class
#Controller
public class MainController {
#GetMapping("/login")
public String login() {
return "login";
}
#GetMapping("/")
public String home(){
return "index";
}
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().exceptionHandling().authenticationEntryPoint(unauthorizedHandler).and()
.authorizeRequests()
.antMatchers("/", "/favicon.ico", "/**/*.png", "/**/*.gif", "/**/*.svg", "/**/*.jpg",/**/*.html","/**/*.css", "/**/*.js")
.permitAll()
.antMatchers("/v2/api-docs", "/configuration/ui", "/configuration/security","/webjars/**")
.permitAll().antMatchers("/swagger-resources","/swagger-resources/configuration/ui","/swagger-ui.html").hasRole("SWAG").anyRequest().authenticated()
.antMatchers("/api/all/**").permitAll().antMatchers("/api/Service/**").permitAll()
.antMatchers("/api/Service/Package/**").permitAll()
.antMatchers("api/public/customer/**").hasRole("CUSTOMER1")
.antMatchers(HttpMethod.OPTIONS).permitAll().anyRequest().authenticated().and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.clearAuthentication(true)
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login?logout")
.permitAll()
.and()
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
.addFilterBefore(authTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
}
#Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(authProvider);
auth.inMemoryAuthentication()
.withUser("user").password("{noop}password").roles("USER")
.and()
.withUser("manager").password("{noop}password").roles("MANAGER");
}
#Controller
public class HomeController {
#GetMapping("/")
public String root() {
return "index";
}
#GetMapping("/user")
public String userIndex() {
return "swagger-ui.html";
}
#GetMapping("/login")
public String login() {
return "login";
}
#GetMapping("/access-denied")
public String accessDenied() {
return "/error/access-denied";
}
}
so iam trying to authenticate /swagger-ui.html like a simple popup login using inmemory in order to access the api by certain users
when i do with this code i got the following output of the attached image
when i login there is no redirection for authentication
>
I have a simple WebSecurityConfiguration configuration class that defines how my application works on a security level.
#Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf()
.disable()
.antMatcher("/**")
.authorizeRequests()
.antMatchers("/register", "/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.passwordParameter("password")
.usernameParameter("emailAddress")
.successHandler(authenticationSuccessHandler())
.permitAll()
.and()
.logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.permitAll()
.and()
.httpBasic();
}
#Bean
public SavedRequestAwareAuthenticationSuccessHandler authenticationSuccessHandler() {
return new SavedRequestAwareAuthenticationSuccessHandler();
}
}
I also have a #Controller which defined two simple endpoints
#Controller
public class HomeController {
#RequestMapping(value = "/", method = RequestMethod.GET)
public String getHome() {
return "home";
}
#RequestMapping(value = "/test", method = RequestMethod.GET)
public void testEndpoint() throws CreateException {
return "test";
}
}
When load up the application and navigate to localhost:8080/test I am redirected to the login form as expected. However when I navigate to localhost:8080/ or localhost:8080 (no forwardslash) I am shown the "home" page where I would have expected to have been redirected to localhost:8080/login.
I have tried changing the .antMatcher("/**") to .antMatcher("**") but this doesn't have the desired effect either.
The issue is that one the .formLogin() and .logout() they have been ended with a .permitAll(). This allowed the root localhost:8080 to pass through without being authenticated.
By removing them it has solved the issue.
I want to change the HTTP post login address.
Right now the default "/login" is set and works but I want to change it to "/users/login"
This is my HttpSecurity configuration.
#Override
protected void configure(HttpSecurity http) throws Exception {
http.cors().and().csrf().disable().authorizeRequests()
.antMatchers(HttpMethod.POST, SIGN_UP_URL).permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/users/login")
.permitAll()
.and()
.addFilter(new JWTAuthenticationFilter(authenticationManager()))
.addFilter(new JWTAuthorizationFilter(authenticationManager()))
.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
}
The application class is nothing special.
package com.auth0.samples.authapi;
import..
#SpringBootApplication
public class Application {
#Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
I am trying to implement spring boot security.And it is not able to find login page
This is my folder structure.
resources
static
home.html
login.html
templates
index.html
This is security Config file
enter code here
#Configuration
#EnableWebSecurity
#EnableGlobalMethodSecurity(securedEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter{
#Autowired
public void configureAuth(AuthenticationManagerBuilder auth) throws
Exception{
auth
.inMemoryAuthentication()
.withUser("dan")
.password("password")
.roles("ADMIN")
.and()
.withUser("joe")
.password("password")
.roles("USER");
}
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.permitAll();
http.csrf().disable();
}
}
this is my webconfig file
public class WebConfig extends WebMvcConfigurerAdapter {
#Override
public void addViewControllers(ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/home").setViewName("home.html");
registry.addViewController("/login").setViewName("login.html");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
}
Please help. How to solve this error
It is working fine while specifying html file instead of just writing name of file.
Modifying above code.
#Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.permitAll()
.and()
.logout()
.logoutSuccessUrl("/login?logout")
.permitAll();
http.csrf().disable();
}
Also remove .html from setviewname
public class WebConfig extends WebMvcConfigurerAdapter {
#Override
public void addViewControllers(ViewControllerRegistry registry) {
super.addViewControllers(registry);
registry.addViewController("/home").setViewName("home");
registry.addViewController("/login").setViewName("login");
registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
}
}