Spring Security Custom login using Java Config Based -


i using spring security java based config. unable call process action when user submits login form. here config , java file. please let me know doing wrong. in advance.

1) spring security java config class

@configuration @enablewebmvcsecurity public class securityconfig extends websecurityconfigureradapter {     @autowired     userservice userservice;     @bean     public authenticationmanager authenticationmanager() throws exception{         authenticationmanager authenticationmanager = new providermanager(                     arrays.aslist(authenticationprovider()));             return authenticationmanager;         }     @bean     public authenticationprovider authenticationprovider() throws     exception {         daoauthenticationprovider authenticationprovider = new daoauthenticationprovider();         authenticationprovider.setuserdetailsservice(userservice);         authenticationprovider.afterpropertiesset();         return authenticationprovider;         }         @override     protected void configure(httpsecurity http) throws exception {         http.authorizerequests().antmatchers("/**").permitall()         .antmatchers("/process/success").authenticated()         .and()         .formlogin()         .usernameparameter("username")          .passwordparameter("password")          .loginpage("/")         .failureurl("/?auth=fail")         .loginprocessingurl("/process")         .and().logout().logouturl("/logout")          .invalidatehttpsession(true).deletecookies("jsessionid")         .permitall();         } } 

2) jsp login page.

<form name="f" action="./process" method="post">     <fieldset>     <legend>please login</legend>     <c:if test="${'fail' eq param.auth}">     <div style="color: red">     login failed!!!<br /> reason :     ${sessionscope["spring_security_last_exception"].message}     </div>     </c:if>     <c:if test="${'succ' eq param.out}">     <div style="color: blue">     <h2>you have been logged out.</h2>     ${sessionscope["spring_security_last_exception"].message}     </div>     </c:if>     <div class="alert alert-success">${param.logout}</div>     <label for="username">username</label> <input type="text"id="username" name="username" /> <label for="password">password</label>     <input type="password" id="password" name="password" />      <input type="hidden" name="${_csrf.parametername}" value="${_csrf.token}" />     <div class="form-actions">     <button type="submit" class="btn">log in</button>     </div>     </fieldset>     </form> 

3) here home controller

@controller public class homecontroller {     @autowired     authenticationmanager authenticationmanager;     @requestmapping(value = "/", method = requestmethod.get)     public string index() {         system.out.println("index.....");         return "index";     }     @requestmapping(value = "/process", method = requestmethod.post)     public string process(@pathvariable("username") string username,         @pathvariable("password") string password,         httpservletrequest request, redirectattributes redirectattr) {         try {             usernamepasswordauthenticationtoken token = new usernamepasswordauthenticationtoken(username, password);             authentication authenticate = authenticationmanager.authenticate(token);             securitycontextholder.getcontext().setauthentication(authenticate);         } catch (authenticationexception e) {             system.out.println(e.getmessage());         }         system.out.println("login....." + request.getsession(false));         return "redirect:/process/success";     }     @requestmapping(value = "/process/success", method = requestmethod.get)     public string success() {         system.out.println("success.....");         return "success";     }     @requestmapping(value = "/logout", method = requestmethod.get)     public string logout(httpservletrequest request) {         system.out.println("logout....." + request.getsession(false)+ " new " + request.getsession(false).isnew());         request.getsession(false).invalidate();         return "index";     } } 

the problem spring security uses filters, , request intercepted , processed usernamepasswordauthenticationfilter. cannot reach controller.

spring security uses filter process login , should not think use controller that. should read (again) reference manual , start tutorial.


Comments

Popular posts from this blog

qt - Using float or double for own QML classes -

Create Outlook appointment via C# .Net -

ios - Swift Array Resetting Itself -