stackoom
  简体   繁体   中英

Custom formLogin() in Spring security returns a (type=Forbidden, status=403)

 原文  2019-12-12 09:29:14       java/ spring-boot/ spring-security

Question

I've Setup a Spring boot app using dependencies of Spring Security and Spring Web. I use for this example inMemoryAuthentication(). I setup 3 html pages and placed them in the Static folder (I'm not using Thymeleaf or JSP pages just plain html).

When I use default formLogin() , and run the app , I get the default login page of spring security , once I type user and password I'm able to get the destined page dash.html as expected.

When I use a customized formLogin() , run the app , I get status 403 type Forbidden:

Whitelabel Error Page

This application has no explicit mapping for /error, so you are seeing this as a fallback.

Thu Dec 12 10:10:14 IST 2019 There was an unexpected error (type=Forbidden, status=403).

Forbidden

I searched in StackOverflow , also searched in the link below , but didn't see any solution (In the link it uses Thymeleaf , whereas I'm using HTML pages placed in the resources/static folder)

https://docs.spring.io/spring-security/site/docs/current/guides/html5/form-javaconfig.html#creating-a-login-view

Did someone have this issue also ?
Please Advise,

Regards, Shalem

Related Data and Code:

  1. I'm Using Spring boot 2.1.3
  2. JAVA8
  3. Project folders layout in the linked image: folder layout

I setup Spring Security code as follows:

package com.rc1.conig;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("shalem")
            .password(passwordEncoder().encode("12"))
            .roles("USER");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
            .antMatchers("/").permitAll()
            .antMatchers("/dash/**").authenticated()
            .and()
            .formLogin()
            .loginPage("/mylogin")
            .permitAll();
    }
}

- Controllers Code : 

package com.rc1.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class DashController {

    @RequestMapping("/dash")
    public String getDashboard() {
        return "dash.html";
    }
}


package com.rc1.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class LoginController {

    @RequestMapping("/mylogin")
    public String getLogin() {
        return "login-page.html";
    }
}

* HTML Pages: 


<!-- index.html page -->

<!DOCTYPE html>
<html>
<head>
<meta charset="windows-1255">
<title>Home</title>
</head>
<body>
    <h1>Home Page</h1>
    <h3>
        <a href="http://localhost:8080/dash">dashboard</a>
    </h3>
</body>
</html>


<!-- Customized login-page.html -->

<!DOCTYPE html>
<html>
<head>
<meta charset="windows-1255">
<title>mylogin</title>
</head>
<body>
    <form action="http://localhost:8080/mylogin" method="post">
        <p>
            user: <input type="text" name="user">
        </p>
        <p>
            pass :<input type="password" name="password">
        </p>
        <button type="submit">login</button>
    </form>
</body>
</html>


<!-- dash.html page -->

<!DOCTYPE html>
<html>
<head>
<meta charset="windows-1255">
<title>Insert title here</title>
</head>
<body>
    <h1>dashboard receieved</h1>
</body>
</html>

1 answers

solution1
 0  2019-12-22 15:40:19

If you want to use a custom login page, then you should specify where username and password submitted to. So, just change here,

@Override
protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
        .antMatchers("/").permitAll()
        .antMatchers("/dash/**").authenticated()
        .and()
        .formLogin()
        .loginPage("/mylogin")
        .loginProcessingUrl("/perform_login")
        .defaultSuccessUrl("/homepage")
        .permitAll();
}

After that, any anonymous user hit any authenticated url, then redirect to

/mylogin

after that user put username and password then that username and password submitted to

/perform_login

If credential are valid then redirect to

/homepage

otherwise go back to

/mylogin

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Spring security in angularjs returns 403 forbidden for login 403 Forbidden on custom authentication in Spring Security 403 forbidden - Spring Security Unexpected error (type=Forbidden, status=403) using csrf with Spring Security v3.0.0 and Thymeleaf Spring Boot with Spring Security formlogin in memory auth Whitelabel Status 404 spring security angularjs forbidden 403 DELETE operation returns ERROR: There was an unexpected error (type=Forbidden, status=403). Forbidden 403 Forbidden - Spring security with spring boot Spring : Always say forbidden - Status 403 Spring Security X509 - 403 Forbidden
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM