使用Spring Security更改网址

Question

I'm trying to do something very simple. If the user fails the login the url should change to /login?error so I can display a message.

But my attempt doesn't work and it stays in /login even when the user fails the login. What am I missing??

The error shows well if I put the url manually.

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Override
protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests().antMatchers("/").hasAnyRole("Administrator")
            .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/dashboard")
                .failureUrl("/login?error")
            .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login");
}

}

Login Page:

<form action="login" method="post">
 <input type="text" name="username" id="username" placeholder="Username" required="required" />
<input type="password" name="password" id="password" placeholder="Password"  required="required" />
<button type="submit" id="btnLogin" class="btn btn-atp btn-block btn-large">Sign in</button>
<div class="errorMessage">
  <c:if test="${param.error != null}">
    <p>Invalid username and password.</p>
  </c:if>
  <c:if test="${param.logout != null}">
    <p>You have been logged out.</p>
  </c:if>
</div>

Answer 1

I think that you forgot add "permitAll" after your "formLogin"

https://docs.spring.io/spring-security/site/docs/5.0.0.RELEASE/reference/htmlsingle/#jc-form

.formLogin()
 .loginPage("/login")
 .permitAll();  

permitAll - We must grant all users (ie unauthenticated users) access to our log in page. The formLogin().permitAll() method allows granting access to all users for all URLs associated with form based log in.