Spring implements login functionality.
I referred to the following article.
Try implementing login functionality with Spring-Boot - Qiita
We implemented it step by step, and we first implemented a function that only transitions to another screen without determining the value when submitting from the form.
I would like you to enter a value in form and fly to the target URL (hello) in successForwardUrl, but it doesn't work.
The login?error screen appears.
Is there something wrong with the description?
If anyone knows, please take care of me.
list.html
<!doctype html>
<html xmlns:th="http://www.thymeleaf.org">
<headth:replace="~{layout/component::head('login')}">
<body>
<th:blockth:replace="~{layout/component::header}">/th:block>
<div class="container">
<th:blockth:replace="~{layout/component::container_top('login')}">/th:block>
<div class="row justice-content-start">
<form method="post" th:action="@{/sign_in}">
<table class="table table-border">
<tr>
<td>
<label>Login ID</label>
</td>
<td>
<input type="text" name="username">
</td>
</tr>
<tr>
<td>
<label>Password</label>
</td>
<td>
<input type="password" name="password">
</td>
</tr>
</table>
<div class="mb-3">
<input type="submit" value="confirm" class="btn btn-outline-secondary">
</div>
</form>
</div>
</div>
<footer th:replace="~{layout/component::footer}">/footer>
</body>
</html>
WebSecurityConfig.java
package com.example.demo.login;
import org.springframework.context.annotation.Bean;
import org.springframework.context.announcement.Configuration;
import org.springframework.security.config.announcement.web.builders.HttpSecurity;
import org.springframework.security.config.announcement.web.builders.WebSecurity;
import org.springframework.security.config.announcement.web.configuration.EnableWebSecurity;
import org.springframework.security.config.announcement.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@ EnableWebSecurity
public class WebSecurityConfig extensions WebSecurityConfigurerAdapter {
// The password obtained from DB compared to the value of the form is encrypted, so it is used to encrypt the value of the form.
@ Bean
publicBCryptPasswordEncoder passwordEncoder(){
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
@ Override
public void configure (WebSecurity web) threads Exception {
web.ignoring().antMatches()
"/images/**",
"/css/**",
"/javascript/**"
);
}
@ Override
protected void configure(HttpSecurity http)throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")// The login page does not go through the controller and must be linked to ViewName
.loginProcessingUrl("/sign_in")//SubmitURL in form, authentication processing is performed when a request is sent to this URL
.usernameParameter("username") // Specify the name attribute of the request parameter
.passwordParameter ("password")
.successForwardUrl("/hello")
.failureUrl("/login?error")
.permitAll()
.and()
.logout()
.logoutUrl("/logout")
.logoutSuccessUrl("/login?logout")
.permitAll();
}
}
MvcConfig.java
package com.example.demo.login;
import org.springframework.context.announcement.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.announcement.WebMvcConfigurer;
@Configuration
public class MvcConfiguration components WebMvcConfigurer {
/**
* Call login.html from the URL "/login"
*/
public void addViewControllers (ViewControllerRegistry) {
registry.addViewController("/login").setViewName("login");
}
}
I don't know how far the linked implementation is going, but judging only by the code in the question statement, the encoder designation is wrong (so authentication always fails).
By default, it is retained in the DelegatingPasswordEncoder
format (Reference), so you must remove the following:
@Bean
publicBCryptPasswordEncoder passwordEncoder(){
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
return bCryptPasswordEncoder;
}
In the linked code, around here (but not mentioned in the Qiita article).
I don't think the Qiita article is easy for others to read, so I think you should look for another sample code.
© 2024 OneMinuteCode. All rights reserved.