Home > Enterprise >  Spring Security not letting unauthorized users reach the login page
Spring Security not letting unauthorized users reach the login page

Time:01-06

I am using Spring Security and trying to add a custom login form, the browser does get redirected to the correct URL but I get a message along the lines of

The page isn’t redirecting properly

and can't see the login page at all.

Under the network tab (when I press F12) I see multiple requests to my custom login page, so I'm guessing Spring sees I'm unauthorized then redirects me to the login page over and over effectively creating a loop.

This is the code for my security configuration:

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {    
        
        http
            .authorizeHttpRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/showMyLoginPage")
                .permitAll();

        return http.build();
    }

Tried removing the loginPage() bit, solving the issue but yielding the default login page.

requested image

Request and response show no info..

Controller I'm using



@Controller
public class MainController {
    
    @RequestMapping("/")
    public String testMapping()
    {
        return "home";
    }
    
    @RequestMapping("/showMyLoginPage")
    public String loginPage()
    {
        return "users-login";
    }
}

My debug log: https://pastebin.com/LagTN71L

My configuration classes: (won't show hibernate or c3p0)

@Configuration
@EnableWebMvc
@ComponentScan("com.user.springsecuritydemo")
public class MainConfig implements WebMvcConfigurer {

    @Bean
    InternalResourceViewResolver configuInternalResourceViewResolver()
    {
        return new InternalResourceViewResolver("/WEB-INF/view/", ".jsp");
    }

    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) 
    {
        registry
          .addResourceHandler("/resources/**")
          .addResourceLocations("/resources/"); 
    }


}



public class SpringMVCDispatcherServletInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class<?>[] getRootConfigClasses() 
    {
        // TODO Auto-generated method stub
        return null;
    }

    @Override
    protected Class<?>[] getServletConfigClasses() 
    {
        return new Class[] { MainConfig.class };
    }

    @Override
    protected String[] getServletMappings() 
    {
    
        return new String[] { "/" };
    }
}

CodePudding user response:

Okay, I ended up fixing it, so basically my jsp page is under my /WEBINF/ directory, which was not allowed for everyone to access therefore the browser couldn't get to the login page... This is my SecurityFilterChain method:

    @Bean
    public SecurityFilterChain filterChain(HttpSecurity http) throws Exception
    {   
        http
        .authorizeHttpRequests()
        .requestMatchers("/WEB-INF/**")
        .permitAll();

        http.authorizeHttpRequests()
        .anyRequest()
        .authenticated();
        
        http
        .formLogin()
        .loginPage("/login")
        .permitAll();
        
        return http.build();
    }

Page link:https//www.codepudding.com/Enterprise/663398.html

Prev:How do I get MongoDB ChangeStreamDocument out as my dto instead of Document type?
Next:how to use a case statement in a sql where condition
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding