Spring boot security login verify failed
Spring boot security login verify failed
I want to verify the user's identity when he or she send a localhost:8080/submit request, so I added the following to SecurityConfig class:
localhost:8080/submit
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/submit").access("hasRole('WORKER')")
.antMatchers("/**").permitAll()
.and()
.formLogin()
.loginPage("/login")
.and()
.logout()
.logoutSuccessUrl("/")
.and()
.rememberMe()
.tokenValiditySeconds(4838400)
.key("workerKey");
}
I wish the page could redirect to localhost:8080/login when I input localhost:8080/submit in the address field. My Worker entity has the role "WORKER":
localhost:8080/login
localhost:8080/submit
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority("WORKER"));
}
I can register an account and redirect to the login page when I input "localhost:8080/submit". But when I input the correct username and password, it responds to me an error page instead of submit page:
There was an unexpected error (type=Forbidden, status=403).
Forbidden
My submit page is simply a "welcome" word page. My mappings are
@RequestMapping(value = "/login", method = RequestMethod.GET)
public String showLogin() {
return "login";
}
@RequestMapping(value = "/submit", method = RequestMethod.GET)
public String showSubmit() {
return "submit";
}
And when I input localhost:8080/submit again, it did not redirect to the login page this time. Instead, it redirects to the error page directly and show the same error. So what forbid me to redirect to the submit page?
localhost:8080/submit
/submit
@Dfor That would be also great! How do I get it?
– yahoo
Jul 2 at 4:06
2 Answers
2
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().fullyAuthenticated()
.antMatchers("/submit").hasRole("WORKER").and().formLogin().permitAll().and().logout().permitAll();
}
@Bean
public UserDetailsService userDetailsService() {
// ensure the passwords are encoded properly
@SuppressWarnings("deprecation")
UserBuilder users = User.withDefaultPasswordEncoder();
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(users.username("me").password("me").roles("WORKER").build());
return manager;
}
}
You can customize even more with your custom login page.
login page
Thank you for giving me an alternative solution. I also find the solution for my code. You can see my answer if you are interested!
– yahoo
Jul 2 at 7:45
make your answer as valid
– Dfor Tye
Jul 2 at 7:47
What does "make your answer as valid" mean? I cannot understand.
– yahoo
Jul 2 at 7:53
Check the valid button for your answer as to let the newcomers know the solution for your problem.
– Dfor Tye
Jul 2 at 7:55
Yes that's it. I see.
– Dfor Tye
Jul 2 at 8:00
I have find the problem myself. I need to change the role "WORKER" in the Worker class to "ROLE_WORKER". Like this
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return Arrays.asList(new SimpleGrantedAuthority("ROLE_WORKER"));
}
It seems I cannot simplify the role "ROLE_WORKER" into "WORKER" in the Worker class but can simplify it in the SecurityConfig class.
see this url to remove prefix in spring security role stackoverflow.com/questions/38134121/…
– hicham abdedaime
Jul 2 at 8:21
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
I don't know exactly the problem with your case. But if you want a working solution when the user should authenticate if it hits
/submit, I can provide one.– Dfor Tye
Jul 2 at 3:35