Spring Secuirty login redirects to Error Page
After Default Spring Security login, no of my controllers redirects to main page.
Code As Follows.
The main problem is that after Completed initialization and after typing spring-security fields specified in application properties there is no errors, just only error page. No redirects.
SecurityConfig. All pom dependencies are also added
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(USERS_QUERY)
.authoritiesByUsernameQuery(ROLES_QUERY)
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/console/**", "/reset", "/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/home/**").hasAuthority("ADMIN").anyRequest()
.authenticated().and().csrf().disable()
.formLogin().loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/home",true)
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.and().rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(60*60)
.and().exceptionHandling().accessDeniedPage("/access_denied");
}
}
Controller
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value= {"/", "/login"}, method=RequestMethod.GET)
public String login() {
ModelAndView model = new ModelAndView();
model.setViewName("user/login");
return "login";
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.GET)
public ModelAndView signup() {
ModelAndView model = new ModelAndView();
User user = new User();
model.addObject("user", user);
model.setViewName("user/signup");
return model;
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.POST)
public ModelAndView createUser(@Valid User user, BindingResult bindingResult) {
ModelAndView model = new ModelAndView();
User userExists = userService.findUserByEmail(user.getEmail());
if(userExists != null) {
bindingResult.rejectValue("email", "error.user", "This email already exists!");
}
if(bindingResult.hasErrors()) {
model.setViewName("user/signup");
} else {
userService.saveUser(user);
model.addObject("msg", "User has been registered successfully!");
model.addObject("user", new User());
model.setViewName("user/signup");
}
return model;
}
@RequestMapping(value= {"/home/home"}, method=RequestMethod.GET)
public ModelAndView home() {
ModelAndView model = new ModelAndView();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = userService.findUserByEmail(auth.getName());
model.addObject("userName", user.getFirstname() + " " + user.getLastname());
model.setViewName("home/home");
return model;
}
}
Probably all ant matchers could be okay, besides of this I have no idea, what goes wrong. Is it problem with spring-secuirty ?
Do I have to configure something else in another way ? Thanks for all answers.
java spring spring-security
|
show 1 more comment
After Default Spring Security login, no of my controllers redirects to main page.
Code As Follows.
The main problem is that after Completed initialization and after typing spring-security fields specified in application properties there is no errors, just only error page. No redirects.
SecurityConfig. All pom dependencies are also added
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(USERS_QUERY)
.authoritiesByUsernameQuery(ROLES_QUERY)
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/console/**", "/reset", "/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/home/**").hasAuthority("ADMIN").anyRequest()
.authenticated().and().csrf().disable()
.formLogin().loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/home",true)
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.and().rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(60*60)
.and().exceptionHandling().accessDeniedPage("/access_denied");
}
}
Controller
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value= {"/", "/login"}, method=RequestMethod.GET)
public String login() {
ModelAndView model = new ModelAndView();
model.setViewName("user/login");
return "login";
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.GET)
public ModelAndView signup() {
ModelAndView model = new ModelAndView();
User user = new User();
model.addObject("user", user);
model.setViewName("user/signup");
return model;
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.POST)
public ModelAndView createUser(@Valid User user, BindingResult bindingResult) {
ModelAndView model = new ModelAndView();
User userExists = userService.findUserByEmail(user.getEmail());
if(userExists != null) {
bindingResult.rejectValue("email", "error.user", "This email already exists!");
}
if(bindingResult.hasErrors()) {
model.setViewName("user/signup");
} else {
userService.saveUser(user);
model.addObject("msg", "User has been registered successfully!");
model.addObject("user", new User());
model.setViewName("user/signup");
}
return model;
}
@RequestMapping(value= {"/home/home"}, method=RequestMethod.GET)
public ModelAndView home() {
ModelAndView model = new ModelAndView();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = userService.findUserByEmail(auth.getName());
model.addObject("userName", user.getFirstname() + " " + user.getLastname());
model.setViewName("home/home");
return model;
}
}
Probably all ant matchers could be okay, besides of this I have no idea, what goes wrong. Is it problem with spring-secuirty ?
Do I have to configure something else in another way ? Thanks for all answers.
java spring spring-security
What's the meaning of only error page ? How do you login ?
– chaoluo
Nov 25 '18 at 10:38
I will show this on images. imgur.com/a/BLS1xIE After typing localhost:8080 I got pic nr1 and after typing correct username and password I am redirected to every page included in controllers but as we can se I have whitelabel errorpage.
– Return.h
Nov 25 '18 at 10:48
What are the params that you send to the login processing filter ? username&password?
– chaoluo
Nov 25 '18 at 10:57
I've specified them in application.properties. In my DB I have no account so by default are choosen fields from spring-security ( imo, I might be wrong ) as bellow spring.security.user.name=user spring.security.user.password=user
– Return.h
Nov 25 '18 at 11:30
Could you share the http request when login?
– chaoluo
Nov 25 '18 at 11:56
|
show 1 more comment
After Default Spring Security login, no of my controllers redirects to main page.
Code As Follows.
The main problem is that after Completed initialization and after typing spring-security fields specified in application properties there is no errors, just only error page. No redirects.
SecurityConfig. All pom dependencies are also added
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(USERS_QUERY)
.authoritiesByUsernameQuery(ROLES_QUERY)
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/console/**", "/reset", "/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/home/**").hasAuthority("ADMIN").anyRequest()
.authenticated().and().csrf().disable()
.formLogin().loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/home",true)
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.and().rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(60*60)
.and().exceptionHandling().accessDeniedPage("/access_denied");
}
}
Controller
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value= {"/", "/login"}, method=RequestMethod.GET)
public String login() {
ModelAndView model = new ModelAndView();
model.setViewName("user/login");
return "login";
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.GET)
public ModelAndView signup() {
ModelAndView model = new ModelAndView();
User user = new User();
model.addObject("user", user);
model.setViewName("user/signup");
return model;
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.POST)
public ModelAndView createUser(@Valid User user, BindingResult bindingResult) {
ModelAndView model = new ModelAndView();
User userExists = userService.findUserByEmail(user.getEmail());
if(userExists != null) {
bindingResult.rejectValue("email", "error.user", "This email already exists!");
}
if(bindingResult.hasErrors()) {
model.setViewName("user/signup");
} else {
userService.saveUser(user);
model.addObject("msg", "User has been registered successfully!");
model.addObject("user", new User());
model.setViewName("user/signup");
}
return model;
}
@RequestMapping(value= {"/home/home"}, method=RequestMethod.GET)
public ModelAndView home() {
ModelAndView model = new ModelAndView();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = userService.findUserByEmail(auth.getName());
model.addObject("userName", user.getFirstname() + " " + user.getLastname());
model.setViewName("home/home");
return model;
}
}
Probably all ant matchers could be okay, besides of this I have no idea, what goes wrong. Is it problem with spring-secuirty ?
Do I have to configure something else in another way ? Thanks for all answers.
java spring spring-security
After Default Spring Security login, no of my controllers redirects to main page.
Code As Follows.
The main problem is that after Completed initialization and after typing spring-security fields specified in application properties there is no errors, just only error page. No redirects.
SecurityConfig. All pom dependencies are also added
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.jdbcAuthentication()
.usersByUsernameQuery(USERS_QUERY)
.authoritiesByUsernameQuery(ROLES_QUERY)
.dataSource(dataSource)
.passwordEncoder(bCryptPasswordEncoder);
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/console/**", "/reset", "/login").permitAll()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/signup").permitAll()
.antMatchers("/home/**").hasAuthority("ADMIN").anyRequest()
.authenticated().and().csrf().disable()
.formLogin().loginPage("/login").failureUrl("/login?error=true")
.defaultSuccessUrl("/home",true)
.usernameParameter("email")
.passwordParameter("password")
.and().logout()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/")
.and().rememberMe()
.tokenRepository(persistentTokenRepository())
.tokenValiditySeconds(60*60)
.and().exceptionHandling().accessDeniedPage("/access_denied");
}
}
Controller
@Controller
public class UserController {
@Autowired
private UserService userService;
@RequestMapping(value= {"/", "/login"}, method=RequestMethod.GET)
public String login() {
ModelAndView model = new ModelAndView();
model.setViewName("user/login");
return "login";
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.GET)
public ModelAndView signup() {
ModelAndView model = new ModelAndView();
User user = new User();
model.addObject("user", user);
model.setViewName("user/signup");
return model;
}
@RequestMapping(value= {"/signup"}, method=RequestMethod.POST)
public ModelAndView createUser(@Valid User user, BindingResult bindingResult) {
ModelAndView model = new ModelAndView();
User userExists = userService.findUserByEmail(user.getEmail());
if(userExists != null) {
bindingResult.rejectValue("email", "error.user", "This email already exists!");
}
if(bindingResult.hasErrors()) {
model.setViewName("user/signup");
} else {
userService.saveUser(user);
model.addObject("msg", "User has been registered successfully!");
model.addObject("user", new User());
model.setViewName("user/signup");
}
return model;
}
@RequestMapping(value= {"/home/home"}, method=RequestMethod.GET)
public ModelAndView home() {
ModelAndView model = new ModelAndView();
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
User user = userService.findUserByEmail(auth.getName());
model.addObject("userName", user.getFirstname() + " " + user.getLastname());
model.setViewName("home/home");
return model;
}
}
Probably all ant matchers could be okay, besides of this I have no idea, what goes wrong. Is it problem with spring-secuirty ?
Do I have to configure something else in another way ? Thanks for all answers.
java spring spring-security
java spring spring-security
edited Nov 25 '18 at 8:40
Return.h
asked Nov 25 '18 at 8:35
Return.hReturn.h
413
413
What's the meaning of only error page ? How do you login ?
– chaoluo
Nov 25 '18 at 10:38
I will show this on images. imgur.com/a/BLS1xIE After typing localhost:8080 I got pic nr1 and after typing correct username and password I am redirected to every page included in controllers but as we can se I have whitelabel errorpage.
– Return.h
Nov 25 '18 at 10:48
What are the params that you send to the login processing filter ? username&password?
– chaoluo
Nov 25 '18 at 10:57
I've specified them in application.properties. In my DB I have no account so by default are choosen fields from spring-security ( imo, I might be wrong ) as bellow spring.security.user.name=user spring.security.user.password=user
– Return.h
Nov 25 '18 at 11:30
Could you share the http request when login?
– chaoluo
Nov 25 '18 at 11:56
|
show 1 more comment
What's the meaning of only error page ? How do you login ?
– chaoluo
Nov 25 '18 at 10:38
I will show this on images. imgur.com/a/BLS1xIE After typing localhost:8080 I got pic nr1 and after typing correct username and password I am redirected to every page included in controllers but as we can se I have whitelabel errorpage.
– Return.h
Nov 25 '18 at 10:48
What are the params that you send to the login processing filter ? username&password?
– chaoluo
Nov 25 '18 at 10:57
I've specified them in application.properties. In my DB I have no account so by default are choosen fields from spring-security ( imo, I might be wrong ) as bellow spring.security.user.name=user spring.security.user.password=user
– Return.h
Nov 25 '18 at 11:30
Could you share the http request when login?
– chaoluo
Nov 25 '18 at 11:56
What's the meaning of only error page ? How do you login ?
– chaoluo
Nov 25 '18 at 10:38
What's the meaning of only error page ? How do you login ?
– chaoluo
Nov 25 '18 at 10:38
I will show this on images. imgur.com/a/BLS1xIE After typing localhost:8080 I got pic nr1 and after typing correct username and password I am redirected to every page included in controllers but as we can se I have whitelabel errorpage.
– Return.h
Nov 25 '18 at 10:48
I will show this on images. imgur.com/a/BLS1xIE After typing localhost:8080 I got pic nr1 and after typing correct username and password I am redirected to every page included in controllers but as we can se I have whitelabel errorpage.
– Return.h
Nov 25 '18 at 10:48
What are the params that you send to the login processing filter ? username&password?
– chaoluo
Nov 25 '18 at 10:57
What are the params that you send to the login processing filter ? username&password?
– chaoluo
Nov 25 '18 at 10:57
I've specified them in application.properties. In my DB I have no account so by default are choosen fields from spring-security ( imo, I might be wrong ) as bellow spring.security.user.name=user spring.security.user.password=user
– Return.h
Nov 25 '18 at 11:30
I've specified them in application.properties. In my DB I have no account so by default are choosen fields from spring-security ( imo, I might be wrong ) as bellow spring.security.user.name=user spring.security.user.password=user
– Return.h
Nov 25 '18 at 11:30
Could you share the http request when login?
– chaoluo
Nov 25 '18 at 11:56
Could you share the http request when login?
– chaoluo
Nov 25 '18 at 11:56
|
show 1 more comment
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53465871%2fspring-secuirty-login-redirects-to-error-page%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53465871%2fspring-secuirty-login-redirects-to-error-page%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
What's the meaning of only error page ? How do you login ?
– chaoluo
Nov 25 '18 at 10:38
I will show this on images. imgur.com/a/BLS1xIE After typing localhost:8080 I got pic nr1 and after typing correct username and password I am redirected to every page included in controllers but as we can se I have whitelabel errorpage.
– Return.h
Nov 25 '18 at 10:48
What are the params that you send to the login processing filter ? username&password?
– chaoluo
Nov 25 '18 at 10:57
I've specified them in application.properties. In my DB I have no account so by default are choosen fields from spring-security ( imo, I might be wrong ) as bellow spring.security.user.name=user spring.security.user.password=user
– Return.h
Nov 25 '18 at 11:30
Could you share the http request when login?
– chaoluo
Nov 25 '18 at 11:56