I'm developing a MVC web app with Spring. I have to use Spring security for every created page in my web app. I create a login view:
<form>
<div class="form-group">
<label for="role">Ruolo</label>
<input type="role" class="form-control" id="role" aria-describedby="role" placeholder="Inserisci ruolo">
<small id="role" class="form-text text-muted">We'll never share your email with anyone else.</small>
</div>
<div class="form-group">
<label for="exampleInputPassword1">Password</label>
<input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
</div>
<div class="form-group">
<label for="exampleInputUsername">Username</label>
<input type="username" class="form-control" id="exampleInputPassword1" placeholder="Username">
</div>
<div class="form-check">
<input type="checkbox" class="form-check-input" id="exampleCheck1">
<label class="form-check-label" for="exampleCheck1">Check me out</label>
</div>
<button type="submit" class="btn btn-primary">Submit</button>
</form>
a login controller:
@RequestMapping("hi/untitled_war/login/form")
public class LoginController
{
@GetMapping
public String getLogin(Model model)
{
return "login";
}
This is my SecurityConfigClass:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder pass(){
return new BCryptPasswordEncoder();
}
@Bean
public UserDetailsService user(){
UserBuilder users = User.builder();
InMemoryUserDetailsManager manager= new InMemoryUserDetailsManager();
//1st user
manager.createUser(
users.username("ClientUser").password(new BCryptPasswordEncoder().encode("Abc12"))
.roles("Client").build() );
//2nd user
manager.createUser(
users.username("OpUser").password(new BCryptPasswordEncoder().encode("Abc123"))
.roles("Client","Operator").build() );
//3rd user
manager.createUser(
users.username("aAdmin").password(new BCryptPasswordEncoder().encode("Abc1234"))
.roles("Client", "Admin").build() );
return manager;
}
public void configure(final AuthenticationManagerBuilder auth) throws Exception{
auth.userDetailsService(user()).passwordEncoder(pass());
}
private static final String[] ADMIN_Matcher={
"/client/aadd/**", "/client/update/**", "client/delite/**", "cliente/view/**"
};
protected void configure(final HttpSecurity http) throws Exception{
http.authorizeRequests().antMatchers("/untitled_war/hi/**").permitAll()
.antMatchers("/login/**").permitAll()
.antMatchers("/untitled_war/hi/**")
.hasAnyRole("Anonimo","USER")
.antMatchers(ADMIN_Matcher).access("hasRole('Admin')")
.antMatchers("/client/**").hasRole("Admin")
.and()
.formLogin().loginPage("/untitled_war/hi/untitled_war/login")
.loginProcessingUrl("/login")
.failureUrl("/login/form?error")
.usernameParameter("userame").passwordParameter("password")
.and()
.exceptionHandling().accessDeniedPage("/login/form?forbidden")
.and()
.logout()
.logoutUrl("/login/form^logout")
.and()
.logout().logoutUrl("/login/form^logout");
// .and().csrf().disable()
}}
And the login doesn't work. I compile all labels into the form model, but after this my app doesn't redirect me to the page for admin role, or to a page for a simple user.
What's wrong here?
CodePudding user response:
if your views in a folder, such as resources/foldername/login.html
try to return "foldername/login";
instead of return "login";