0

My Spring Security Config

@Configuration @EnableWebSecurity @ComponentScan({"org.app.genesis.client.auth"}) public class SecurityConfig extends WebSecurityConfigurerAdapter { @Autowired private AuthenticationProvider customAuthProvider; @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticationProvider(customAuthProvider); } @Override public void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .and() .formLogin().loginPage("/").failureUrl("/?error") .and() .logout().logoutSuccessUrl("/?logout") .and() .csrf(); } }

my application.properties

spring.view.prefix: /WEB-INF/jsp/ spring.view.suffix: .jsp security.basic.enabled=false logging.level.org.springframework.security=INFO

my Spring boot configuration

@SpringBootApplication @ComponentScan({"org.app.genesis.client.controller","org.app.genesis.commons.service", "org.app.genesis.commons.security","org.app.genesis.inventory.service","org.app.genesis.client.auth"}) @EnableJpaRepositories(basePackages = "org.app.genesis.*.repo") @EntityScan(basePackages = "org.app.genesis.*.model") public class Application extends SpringBootServletInitializer { public static void main(String[] args) { ApplicationContext ctx = SpringApplication.run(Application.class, args); } @Override protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { return application.sources(Application.class); } }

A Gist of my pom.xml

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-tomcat</artifactId> <scope>provided</scope> </dependency> <!-- Spring Framework Dependencies --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-actuator</artifactId> </dependency> <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactId>tomcat-embed-jasper</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>javax.servlet</groupId> <artifactId>jstl</artifactId> <scope>provided</scope> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>

The login form

<form class="form-signin"name="f" action="${pageContext.request.contextPath}/j_spring_security_check" method="POST"> <fieldset> <input class="form-control form-group" type="text" name="j_username" placeholder="Username"> <input class="form-control" type="password" name="j_password" placeholder="Password" > <a class="forgot pull-right" href="#">Forgot password?</a> <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button> </fieldset> </form>

The controller that generates the page 

@RequestMapping(value="/") public String index() { return "index"; }

However upon logging in this error shows

enter image description here

I am trying to migrate my existing security.xml configuration on annotation. but however the said error pops up. here is my security.xml

<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd"> <context:component-scan base-package="org.brightworks.genesis.client.auth"/> <http pattern="/resources/**" security="none"/> <http pattern="/index.jsp" security="none"/> <http> <intercept-url pattern="/api/*" requires-channel="https"/> <!--TODO Add RESOURCE PATTERN checker --> <form-login login-page="/index.jsp" default-target-url="/dashboard"/> <logout /> </http> <!-- Test Login values --> <authentication-manager> <!--use inMemoryUserDetailsService for faux auth --> <authentication-provider ref="customAuthenticationProvider"/> </authentication-manager> </beans:beans>

Just in case you guys need to see the package structure

enter image description here Have I missed anything in the configurations?

Improve this question

1 Answer 1

Reset to default
4

From the below link, you can see that for annotation java config the following things hold

http://spring.io/blog/2013/07/03/spring-security-java-config-preview-web-security/

  1. GET /login renders the login page instead of /spring_security_login

  2. POST /login authenticates the user instead of /j_spring_security_check

You need to make the following changes to get your security working.

Change your spring security config as follows

 @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/login").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login/") .loginProcessingUrl("/login") .failureUrl("/login?error") .permitAll(); }

Your JSP should be(j_spring_security_check replaced with login,j_username replaced with username)

<form class="form-signin"name="f" action="${pageContext.request.contextPath}/login" method="POST"> <fieldset> <input class="form-control form-group" type="text" name="username" placeholder="Username"> <input class="form-control" type="password" name="password" placeholder="Password" > <a class="forgot pull-right" href="#">Forgot password?</a> <button name="submit" class="btn btn-block btn-primary" type="submit">Sign in</button> </fieldset> </form>

To Specify dashboard as the default target URL, You can do the following.

@Override public void addViewControllers(ViewControllerRegistry registry) { registry.addViewController("/login").setViewName("login"); registry.addViewController("/").setViewName("dashboard"); registry.addViewController("/dashboard").setViewName("dashboard"); }
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.