stackoom
  简体   繁体   中英

Spring security custom login form not invoked

 原文  2015-09-04 09:13:05       security/ spring-mvc/ login/ spring-security/ configuration

Question

I am trying to configure spring MVC web application to use custom login form for authentication using annotations. My problem is that custom login form is never opened, but instead of it I always get standard spring security login form.

I have defined the following SecurityConfiguration class: 

package com.test.spring.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@EnableWebSecurity
public class SecurityConfiguration {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/login").permitAll()  
                .antMatchers("/resources/**").permitAll()
                .antMatchers("/admin/**").hasRole("ADMIN")
                .and()
            .formLogin()
                .loginPage("/login")
                .defaultSuccessUrl("/home")
                .usernameParameter("user_login")
                .passwordParameter("user_password")
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login")
                .permitAll()
                .and()
            .csrf()
                .and()
            .sessionManagement()
                .invalidSessionUrl("/login?time=1")
                .maximumSessions(10);
    }

}

And SecurityWebApplicationInitializer class: 

package com.test.spring.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {

}

Also I created custom login form as login.html so I assumed that the configuration would load my login.html file instead standard spring security login form.

Whatever I do, I always get the standard login form:

在此处输入图片说明

I have also configured my controller: 

    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public String login() {
        return "login";
    }

It seems that my security configuration wasn't loaded at all.

Where is the problem?

1 answers

solution1
 0 ACCPTED  2015-09-04 11:01:12

Finally figured it out.

The solution is really simple. My security configuration wasn't loaded at all because SecurityConfiguration class must extends WebSecurityConfigurerAdapter .

After that, configuration was loaded and everything is working as expected.

So, instead 

public class SecurityConfiguration

There should be 

public class SecurityConfiguration extends WebSecurityConfigurerAdapter

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Custom login form - Spring Security Spring security: custom login form with locale Spring custom login form issue with Spring Security 4.0.2 Spring boot security with 3 fields authentication and custom login form Spring Security - Custom login form not calling the AuthenticationProvider on submit Spring Security Form Login Not Identified Spring Security annotations disable login form functionality MVC Form based Spring Security login? spring security custom login method post not supported Custom login checks (Grails Spring Security)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM