Spring boot & Spring security always redirect to Login

java spring spring-boot spring-security spring-data

16,352

Solution 1

super.configure(http);

Did the damage. it works after removing "super.configure(http);"

Solution 2

I just tried your code and it works fine, please insure that you have the @EnableWebSecurity on you Spring security configuration.

16,352

Author by

Chinthaka Dinadasa

Tech Lead @ 99x.io

Updated on June 04, 2022

Comments

Chinthaka Dinadasa almost 2 years

I'm trying to integrate spring security with spring boot web application. my project structure as follows,

and project dependencies as follows,

<dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-tomcat</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>org.apache.tomcat.embed</groupId>
        <artifactId>tomcat-embed-jasper</artifactId>
        <scope>provided</scope>
    </dependency>
    <dependency>
        <groupId>javax.servlet</groupId>
        <artifactId>jstl</artifactId>
    </dependency>
    <!-- Need this to compile JSP,
        tomcat-embed-jasper version is not working, no idea why -->
    <dependency>
        <groupId>org.eclipse.jdt.core.compiler</groupId>
        <artifactId>ecj</artifactId>
        <version>4.6.1</version>
        <scope>provided</scope>
    </dependency>
    <!-- Optional, test for static content, bootstrap CSS-->
    <dependency>
        <groupId>org.webjars</groupId>
        <artifactId>bootstrap</artifactId>
        <version>3.3.7</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <!-- https://mvnrepository.com/artifact/org.springframework.boot/spring-boot-starter-data-mongodb -->
    <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-data-mongodb</artifactId>
    </dependency>

and web security configurations are

@Override
protected void configure(HttpSecurity http) throws Exception {
    super.configure(http);
    http.authorizeRequests()
            .antMatchers("/user/**").permitAll()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error=true")
            .successHandler(customAuthenticationSuccessHandler)
            .usernameParameter("user")
            .passwordParameter("password")
            .permitAll()
            .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessHandler(customLogoutSuccessHandler)
            .permitAll();
}

@Override
public void configure(WebSecurity web) throws Exception {
    super.configure(web);

    web
            .ignoring()
            .antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");


}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    super.configure(auth);
    auth.userDetailsService(SecureUserDetailService);
}

I've gave permitAll() to /user/** URL pattern in spring security configurations. Then used /user/registration as request mapping value in UserRegistrationController. But when i accessing the mentioned URL it always redirect to login page.