Home > Enterprise >  Spring Security - Login page not found
Spring Security - Login page not found

Time:06-01

Im trying to create authentication using JWT Token using Spring Security. Im trying to make small changes in config but when I do that I cant run /login page because there is 404 not found error. I have class SecurityConfig extends WebSecurityConfigurerAdapter and 2 methods:

protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.jdbcAuthentication()
                .dataSource(dataSource)
                .withUser("test")
                .password("{bcrypt}"   new BCryptPasswordEncoder().encode("test"))
                .roles("USER");
    }

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests()
            .anyRequest().authenticated()
            .and()
            .formLogin().permitAll()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
}

I have overrided configure methods and added permitAll() to .formLogin() but when Im trying to open http://localhost:8080/login I got 404 not found error. What I did wrong? Thanks for help!

CodePudding user response:

The permission order is important,

try following

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.csrf().disable();
    http.authorizeRequests()
            .formLogin().permitAll()
            .and()
            .anyRequest().authenticated()
            .and()
            .exceptionHandling()
            .authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED));
}

CodePudding user response:

Since you have customized the AuthenticationEntryPoint by doing authenticationEntryPoint(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED)), Spring Security will not generate the login page for you, because it understands that you are not using the defaults. If you remove the customization of the AuthenticationEntryPoint the login page should be available.

There are more details in the DefaultLoginPageConfigurer, but it looks like this:

@Override
@SuppressWarnings("unchecked")
public void configure(H http) {
    AuthenticationEntryPoint authenticationEntryPoint = null;
    ExceptionHandlingConfigurer<?> exceptionConf = http.getConfigurer(ExceptionHandlingConfigurer.class);
    if (exceptionConf != null) {
        authenticationEntryPoint = exceptionConf.getAuthenticationEntryPoint();
    }
    if (this.loginPageGeneratingFilter.isEnabled() && authenticationEntryPoint == null) {
        this.loginPageGeneratingFilter = postProcess(this.loginPageGeneratingFilter);
        http.addFilter(this.loginPageGeneratingFilter);
        LogoutConfigurer<H> logoutConfigurer = http.getConfigurer(LogoutConfigurer.class);
        if (logoutConfigurer != null) {
            http.addFilter(this.logoutPageGeneratingFilter);
        }
    }
}

Page link:https//www.codepudding.com/Enterprise/426517.html

Prev:How to figure out why some file was deleted from spring-boot repository?
Next:Groovy script to convert xml to csv keeping spaces intact
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding