I am trying to create my own custom login form using spring boot security:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>1.1.9.RELEASE</version>
</dependency>
In the front-end side I created this login form:
<br/>
<form action="j_spring_security_check" method="post" name="login" id="login">
<div class="input-group input-group-lg">
<span class="input-group-addon">@</span>
<input type="text" class="form-control" placeholder="Usuario" name="username">
</div>
<br/>
<div class="input-group input-group-lg">
<span class="input-group-addon">PWD</span>
<input type="password" class="form-control" placeholder="Clave" name="password">
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<br/>
<div>
<input type="submit" value="Acceder">
</div>
</form>
In the back-end:
@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
final static Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/", "/index.html", "/bootstrap/**", "/jquery/**").permitAll()
.anyRequest().authenticated().and().formLogin()
.loginPage("/login.html").passwordParameter("password").usernameParameter("username")
.permitAll()
.and().logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
I took some ideas from this post: http://www.mkyong.com/spring-security/spring-security-form-login-example
And my problem is when I login it never redirects me to the previously requested page and continously displays in the login form.
Thanks in advance for your support.
I know its late. But may be useful for some others
change action="j_spring_security_check"
to login.html
as you have defined loginPage("/login.html")
(overriding the j_spring_security_check
) in configure method. It should work
The default login processing URL is /login (not /j_spring_security_*). Probably you are just submitting the form to the wrong place?
use front end like
<div class="login-page">
<div class="form">
<form:form method="POST" action="${contextPath}/login"
class="login-form" modelAttribute="user">
<input type="hidden" name="${_csrf.parameterName}"
value="${_csrf.token}" />
<form:input path="username" type="text" id="inputUserName"
placeholder="User Name" />
<span><form:errors cssClass="error" path="username" /></span>
<form:input path="password" type="password" id="inputPassword"
placeholder="Password" />
<button type="submit" class="btn btn-group btn-default btn-animated">Log
In</button>
<p class="message">
Not registered? <a href="register">Create an account</a>
</p>
</form:form>
</div>
</div>
then back end as
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/register").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().defaultSuccessUrl("/welcome", true)
.loginPage("/login")
.permitAll()
.and()
.logout().logoutSuccessUrl("/login")
.permitAll();
}
the whole code is here on Github Spring boot security
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.