Spring Security Custom login using Java Config Based -
i using spring security java based config. unable call process action when user submits login form. here config , java file. please let me know doing wrong. in advance.
1) spring security java config class
@configuration @enablewebmvcsecurity public class securityconfig extends websecurityconfigureradapter { @autowired userservice userservice; @bean public authenticationmanager authenticationmanager() throws exception{ authenticationmanager authenticationmanager = new providermanager( arrays.aslist(authenticationprovider())); return authenticationmanager; } @bean public authenticationprovider authenticationprovider() throws exception { daoauthenticationprovider authenticationprovider = new daoauthenticationprovider(); authenticationprovider.setuserdetailsservice(userservice); authenticationprovider.afterpropertiesset(); return authenticationprovider; } @override protected void configure(httpsecurity http) throws exception { http.authorizerequests().antmatchers("/**").permitall() .antmatchers("/process/success").authenticated() .and() .formlogin() .usernameparameter("username") .passwordparameter("password") .loginpage("/") .failureurl("/?auth=fail") .loginprocessingurl("/process") .and().logout().logouturl("/logout") .invalidatehttpsession(true).deletecookies("jsessionid") .permitall(); } }
2) jsp login page.
<form name="f" action="./process" method="post"> <fieldset> <legend>please login</legend> <c:if test="${'fail' eq param.auth}"> <div style="color: red"> login failed!!!<br /> reason : ${sessionscope["spring_security_last_exception"].message} </div> </c:if> <c:if test="${'succ' eq param.out}"> <div style="color: blue"> <h2>you have been logged out.</h2> ${sessionscope["spring_security_last_exception"].message} </div> </c:if> <div class="alert alert-success">${param.logout}</div> <label for="username">username</label> <input type="text"id="username" name="username" /> <label for="password">password</label> <input type="password" id="password" name="password" /> <input type="hidden" name="${_csrf.parametername}" value="${_csrf.token}" /> <div class="form-actions"> <button type="submit" class="btn">log in</button> </div> </fieldset> </form>
3) here home controller
@controller public class homecontroller { @autowired authenticationmanager authenticationmanager; @requestmapping(value = "/", method = requestmethod.get) public string index() { system.out.println("index....."); return "index"; } @requestmapping(value = "/process", method = requestmethod.post) public string process(@pathvariable("username") string username, @pathvariable("password") string password, httpservletrequest request, redirectattributes redirectattr) { try { usernamepasswordauthenticationtoken token = new usernamepasswordauthenticationtoken(username, password); authentication authenticate = authenticationmanager.authenticate(token); securitycontextholder.getcontext().setauthentication(authenticate); } catch (authenticationexception e) { system.out.println(e.getmessage()); } system.out.println("login....." + request.getsession(false)); return "redirect:/process/success"; } @requestmapping(value = "/process/success", method = requestmethod.get) public string success() { system.out.println("success....."); return "success"; } @requestmapping(value = "/logout", method = requestmethod.get) public string logout(httpservletrequest request) { system.out.println("logout....." + request.getsession(false)+ " new " + request.getsession(false).isnew()); request.getsession(false).invalidate(); return "index"; } }
the problem spring security uses filters, , request intercepted , processed usernamepasswordauthenticationfilter
. cannot reach controller.
spring security uses filter process login , should not think use controller that. should read (again) reference manual , start tutorial.
Comments
Post a Comment