If I want to specify my own login page with
.formLogin()
.loginPage("/login")
It's not clear to me where I need to Post to. Do I post to /login as well? Does Spring provide an endpoint with the same name that accepts a post? What are the responses? I can't find any documentation that tells me what responses to expect. I keep getting a 200, no matter what user I enter.
I have a class which implements UserDetailsService and I'm referencing them in my config
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(encoder);
but the loadUserByUsername method of that service is not getting called.
If I want to process the login myself by specifying
.loginProcessingUrl("/api/login")
What is expected from that endpoint?
Update
My login form is implemented by React. I got it from elsewhere, so the error handling it's doing might not be relevant for this use case. I'm trying to understand the return codes I should expect. The code looks something like this
const payload = {
"email": state.email,
"password": state.password,
}
axios.post( '/login', payload)
.then(function (response) {
console.log('response.status', response.status);
if (response.status === 200) {
redirectToHome();
props.showError(null)
} else if (response.data.code === 204) {
props.showError("Username and password do not match");
} else {
props.showError("Username does not exists");
}
})
.catch(function (error) {
console.log(error);
});
Update2
I have .failureURL("/login?error") and .accessDeninedPage("/login?denied)
When Spring tries to redirect to /login?denied I'm seeing this
"FORWARD" dispatch for POST "/login?denied", parameters={denied:[]}
Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' not supported]
Exiting from "FORWARD" dispatch, status 405
GET "/login", parameters={}
Why is Spring not able to Post to the page. And then it redirects to GET "/login".
My expectation is that it would do a GET /login?denied. In other words, redirect to my form with an error indication. But it's doing a POST instead, which is not working
CodePudding user response:
By doing just
formLogin().loginPage("/login")
it will configure a POST endpoint with the url /login for authentication. The user credential for authentication should contain username and password using the request parameter name username and password respectively. They can be put in the query string or the posted form data.
If authentication is failed , it will redirect to /login?error .
If authentication is successful, it will redirect to the url that you try to visit before login. Or redirect to / if that page is the login form.
All of these behaviour are mentioned in the javadoc of the loingPage() , and SavedRequestAwareAuthenticationSuccessHandler for the redirect behaviour after successful authentication.
If I want to process the login myself by specifying
.loginProcessingUrl("/api/login")What is expected from that endpoint?
It will just change the url of the POST endpoint that authenticating user credential to /api/login. So your login form should POST to it for authenticating credential . All other behaviour remain unchanged.