SpringSecurity login function form always causes failureUrl to skip when transition

Spring implements login functionality.
I referred to the following article.

Try implementing login functionality with Spring-Boot - Qiita

We implemented it step by step, and we first implemented a function that only transitions to another screen without determining the value when submitting from the form.

I would like you to enter a value in form and fly to the target URL (hello) in successForwardUrl, but it doesn't work.
The login?error screen appears.

Is there something wrong with the description?

If anyone knows, please take care of me.

Folder Configuration

Source Code

list.html

<!doctype html>
<html xmlns:th="http://www.thymeleaf.org">
<headth:replace="~{layout/component::head('login')}">
<body>
<th:blockth:replace="~{layout/component::header}">/th:block>
<div class="container">
    <th:blockth:replace="~{layout/component::container_top('login')}">/th:block>
    <div class="row justice-content-start">
        <form method="post" th:action="@{/sign_in}">
            <table class="table table-border">
                <tr>
                    <td>
                        <label>Login ID</label>
                    </td>
                    <td>
                        <input type="text" name="username">
                    </td>
                </tr>
                <tr>
                    <td>
                        <label>Password</label>
                    </td>
                    <td>
                        <input type="password" name="password">
                    </td>
                </tr>
            </table>
            <div class="mb-3">
                <input type="submit" value="confirm" class="btn btn-outline-secondary">
            </div>
        </form>
    </div>
</div>
<footer th:replace="~{layout/component::footer}">/footer>
</body>
</html>

WebSecurityConfig.java

package com.example.demo.login;

import org.springframework.context.annotation.Bean;
import org.springframework.context.announcement.Configuration;
import org.springframework.security.config.announcement.web.builders.HttpSecurity;
import org.springframework.security.config.announcement.web.builders.WebSecurity;
import org.springframework.security.config.announcement.web.configuration.EnableWebSecurity;
import org.springframework.security.config.announcement.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@ EnableWebSecurity
public class WebSecurityConfig extensions WebSecurityConfigurerAdapter {



    // The password obtained from DB compared to the value of the form is encrypted, so it is used to encrypt the value of the form.
    @ Bean
    publicBCryptPasswordEncoder passwordEncoder(){
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        return bCryptPasswordEncoder;
    }

    @ Override
    public void configure (WebSecurity web) threads Exception {
        web.ignoring().antMatches()
                            "/images/**",
                            "/css/**",
                            "/javascript/**"
                            );
    }

    @ Override
    protected void configure(HttpSecurity http)throws Exception {
        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin()
                .loginPage("/login")// The login page does not go through the controller and must be linked to ViewName
                .loginProcessingUrl("/sign_in")//SubmitURL in form, authentication processing is performed when a request is sent to this URL
                .usernameParameter("username") // Specify the name attribute of the request parameter
                .passwordParameter ("password")
                .successForwardUrl("/hello")
                .failureUrl("/login?error")
                .permitAll()
                .and()
            .logout()
                .logoutUrl("/logout")
                .logoutSuccessUrl("/login?logout")
                .permitAll();
    }
}

MvcConfig.java

package com.example.demo.login;

import org.springframework.context.announcement.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.announcement.WebMvcConfigurer;

@Configuration
public class MvcConfiguration components WebMvcConfigurer {

    /**
     * Call login.html from the URL "/login"
     */
    public void addViewControllers (ViewControllerRegistry) {
        registry.addViewController("/login").setViewName("login");
    }

}

java spring spring-security

2022-09-30 14:01

1 Answers

I don't know how far the linked implementation is going, but judging only by the code in the question statement, the encoder designation is wrong (so authentication always fails).

By default, it is retained in the DelegatingPasswordEncoder format (Reference), so you must remove the following:

@Bean
    publicBCryptPasswordEncoder passwordEncoder(){
        BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
        return bCryptPasswordEncoder;
    }

In the linked code, around here (but not mentioned in the Qiita article).

I don't think the Qiita article is easy for others to read, so I think you should look for another sample code.

2022-09-30 14:01

If you have any answers or tips

Popular Tags

python x 4647

android x 1593

java x 1494

javascript x 1427

c x 927

c++ x 878

ruby-on-rails x 696

php x 692

python3 x 685

html x 656