I am trying to configure spring MVC web application to use custom login form for authentication using annotations. My problem is that custom login form is never opened, but instead of it I always get standard spring security login form.
I have defined the following SecurityConfiguration
class:
package com.test.spring.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
@EnableWebSecurity
public class SecurityConfiguration {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login").permitAll()
.antMatchers("/resources/**").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.and()
.formLogin()
.loginPage("/login")
.defaultSuccessUrl("/home")
.usernameParameter("user_login")
.passwordParameter("user_password")
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login")
.permitAll()
.and()
.csrf()
.and()
.sessionManagement()
.invalidSessionUrl("/login?time=1")
.maximumSessions(10);
}
}
And SecurityWebApplicationInitializer
class:
package com.test.spring.config;
import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SecurityWebApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
}
Also I created custom login form as login.html
so I assumed that the configuration would load my login.html
file instead standard spring security login form.
Whatever I do, I always get the standard login form:
I have also configured my controller:
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String login() {
return "login";
}
It seems that my security configuration wasn't loaded at all.
Where is the problem?
Finally figured it out.
The solution is really simple. My security configuration wasn't loaded at all because SecurityConfiguration
class must extends WebSecurityConfigurerAdapter
.
After that, configuration was loaded and everything is working as expected.
So, instead
public class SecurityConfiguration
There should be
public class SecurityConfiguration extends WebSecurityConfigurerAdapter
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.