stackoom
  简体   繁体   中英

Spring Security Custom Login Processing URL always redirecting to failurehandler

 原文  2019-02-11 18:48:39       java/ spring/ spring-security

Question

I am developing a code with spring security with annotation based configuration.

But after hitting the login processing url defined in configure method of WebSecurityConfig Class (which extends WebSecurityConfigurerAdapter ) from login page its always redirecting to .failureHandler() method of httpSecurity rather than .successHandler() even if correct username and password is provided.

Following is the configure method and configureGlobal method of WebSecurityConfig class. 

@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {

    httpSecurity
    .authorizeRequests()
    .antMatchers("/login.success").access("hasRole('ROLE_USER')")
            .and()
            .formLogin()
            .loginPage("/login.home")
            .usernameParameter("username")
            .passwordParameter("password")
            .loginProcessingUrl("/login.do")
            .successHandler(applicationLoginSuccessHandler)
            .failureHandler(applicationLoginFailureHandler)
            .and()
            .logout()
            .logoutRequestMatcher(new AntPathRequestMatcher("/logout"));
}

@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception {
    authenticationManagerBuilder.inMemoryAuthentication().withUser("user").password("pass").roles("USER");

}

here is the snippet of login.jsp 

<c:url value="login.do" var="loginUrl"/>
<form action="${loginUrl}" method="POST">         
    <c:if test="${param.error != null}">          
        <p>  
            Invalid username and password.  
        </p>  
    </c:if>  
    <c:if test="${param.logout != null}">         
        <p>  
            You have been logged out.  
        </p>  
    </c:if>  
    <p>  
        <label for="username">Username</label>  
        <input type="text" id="username" name="username"/>      
    </p>  
    <p>  
        <label for="password">Password</label>  
        <input type="password" id="password" name="password"/>      
    </p>  
    <input type="hidden"                          
        name="${_csrf.parameterName}"  
        value="${_csrf.token}"/>  
    <button type="submit" class="btn">Log in</button>  
</form>

What i am missing ?

i am using spring security 5.1.2.release

2 answers

solution1
 0  2019-02-11 20:45:52

Login page and logout page must be accessable for everyone. You have missed .pemitAll() method after login config and after logout config.

solution2
 0  2019-02-13 16:58:15

Its been working. Actually i missed a password encoder for this. While i gave one its redirecting to success page.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Custom failureHandler throws 401 in Spring security login Spring Security Custom Login Error (on submit login processing url is not invoked) Spring Security always redirecting to login page how to register custom FailureHandler in custom filter spring security Spring Security ignores successHandler and failureHandler Spring security custom login url spring security login always redirect to failure url Spring Security lgoin always redirecting to authentication failure URL Trouble with login using Spring-Security and redirecting to required URL Spring Security always redirecting to failureUrl()
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM