0
I am trying to implement spring-boot web security in my webapp, but when I enter with login and password, it is simply reloading the page, and I cannot understand if it is authentication failure, or if the redirect to another page that is not correct ... anyway, follows the code;
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>br.com</groupId>
<artifactId>webapplication</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>webapplication</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.8.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-data-jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>com.h2database</groupId>
<artifactId>h2</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.squareup.retrofit2</groupId>
<artifactId>retrofit</artifactId>
<version>2.1.0</version>
</dependency>
<dependency>
<groupId>com.squareup.retrofit2</groupId>
<artifactId>converter-gson</artifactId>
<version>2.1.0</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb2-plugin</artifactId>
<version>0.12.3</version>
<executions>
<execution>
<goals>
<goal>generate</goal>
</goals>
</execution>
</executions>
<configuration>
<schemaLanguage>WSDL</schemaLanguage>
<generatePackage>hello.wsdl</generatePackage>
<schemas>
<schema>
<url>http://www.webservicex.com/stockquote.asmx?WSDL</url>
</schema>
</schemas>
</configuration>
</plugin>
</plugins>
</build>
</project>
Websecurityconfig.java
package br.com.webapplication.websecurity;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests()
.antMatchers("/styles/**", "/home").permitAll()
.antMatchers("/**").hasAnyRole("USER")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/home")
.successForwardUrl("/find-inventory")
.failureForwardUrl("/inventory-overview")
.permitAll()
.and()
.logout()
.permitAll();
}
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER");
}
}
Java controller.
package br.com.webapplication.controllers;
import br.com.webapplication.beans.Inventory;
import br.com.webapplication.beans.Product;
import br.com.webapplication.client.ApiClient;
import br.com.webapplication.client.ApiInterface;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import retrofit2.Call;
import java.io.IOException;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;
@Controller
public class InventoryController {
ApiInterface service = ApiClient.getApiClient().create(ApiInterface.class);
@RequestMapping("/home")
ModelAndView loginPage(Model model) {
return new ModelAndView("/views/login_page");
}
@PostMapping("/find-inventory")
ModelAndView homePage(Model model) {
return new ModelAndView("/views/find_inventory_page");
}
@RequestMapping("/inventory-overview")
ModelAndView inventoryOverview(Model model, @RequestParam("store") String store, @RequestParam("date") String date) {
List<Inventory> inventoryList = new ArrayList<Inventory>();
Inventory inventory1 = new Inventory("000001","DESCRIÇÃO DO PRODUTO",10);
Inventory inventory2 = new Inventory("000002","DESCRIÇÃO DO PRODUTO",20);
Inventory inventory3 = new Inventory("000003","DESCRIÇÃO DO PRODUTO",30);
Inventory inventory4 = new Inventory("000004","DESCRIÇÃO DO PRODUTO",40);
Inventory inventory5 = new Inventory("000005","DESCRIÇÃO DO PRODUTO",50);
Inventory inventory6 = new Inventory("000006","DESCRIÇÃO DO PRODUTO",60);
Inventory inventory7 = new Inventory("000007","DESCRIÇÃO DO PRODUTO",70);
Inventory inventory8 = new Inventory("000008","DESCRIÇÃO DO PRODUTO",80);
Inventory inventory9 = new Inventory("000009","DESCRIÇÃO DO PRODUTO",90);
Inventory inventory10 = new Inventory("000010","DESCRIÇÃO DO PRODUTO",100);
Inventory inventory11 = new Inventory("000011","DESCRIÇÃO DO PRODUTO",110);
Inventory inventory12 = new Inventory("000012","DESCRIÇÃO DO PRODUTO",120);
Inventory inventory13 = new Inventory("000013","DESCRIÇÃO DO PRODUTO",130);
Inventory inventory14 = new Inventory("000014","DESCRIÇÃO DO PRODUTO",140);
Inventory inventory15 = new Inventory("000015","DESCRIÇÃO DO PRODUTO",150);
Inventory inventory16 = new Inventory("000016","DESCRIÇÃO DO PRODUTO",160);
Inventory inventory17 = new Inventory("000017","DESCRIÇÃO DO PRODUTO",170);
Inventory inventory18 = new Inventory("000018","DESCRIÇÃO DO PRODUTO",180);
Inventory inventory19 = new Inventory("000019","DESCRIÇÃO DO PRODUTO",190);
Inventory inventory20 = new Inventory("000020","DESCRIÇÃO DO PRODUTO",200);
inventoryList.add(inventory1);
inventoryList.add(inventory2);
inventoryList.add(inventory3);
inventoryList.add(inventory4);
inventoryList.add(inventory5);
inventoryList.add(inventory6);
inventoryList.add(inventory7);
inventoryList.add(inventory8);
inventoryList.add(inventory9);
inventoryList.add(inventory10);
inventoryList.add(inventory11);
inventoryList.add(inventory12);
inventoryList.add(inventory13);
inventoryList.add(inventory14);
inventoryList.add(inventory15);
inventoryList.add(inventory16);
inventoryList.add(inventory17);
inventoryList.add(inventory18);
inventoryList.add(inventory19);
inventoryList.add(inventory20);
Integer total = 0;
for(Inventory inventory: inventoryList){
total += inventory.getQuantidade();
}
model.addAttribute("store", store);
model.addAttribute("date", date);
model.addAttribute("total", total);
model.addAttribute("inventoryList", inventoryList);
return new ModelAndView("/views/inventory_overview_page");
}
}
login_page.html
<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
<head>
<title>Inventário Lojas</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta name="viewport" content="width=device-width, user-scalable=no"/>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css"
integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M"
crossorigin="anonymous"/>
<link rel="stylesheet/less" type="text/css" href="styles/general.less"/>
<link rel="stylesheet/less" type="text/css" href="styles/login_page.less"/>
<link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css"/>
<script src="https://cdnjs.cloudflare.com/ajax/libs/less.js/2.7.2/less.min.js" type="text/javascript"/>
<script src="https://code.jquery.com/jquery-1.12.4.js"></script>
<script src="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
</head>
<body>
<form th:action="@{/find-inventory}" method="post">
<div class="container-fluid">
<div class="header">
<div th:replace="fragments/top_bar :: header"></div>
</div>
<div class="headerContent">
<div class="loginForm">
<div class="image">
<img src="images/grupo_avenida_logo.png"/>
</div>
<div class="loginForm">
<div class="data_input">
<label>Usuário:</label>
<input type="text" name="username"/>
<label>Senha:</label>
<input type="password" name="password"/>
</div>
<div class="buttons">
<div class="button">
<button type="submit">Entrar</button>
</div>
</div>
</div>
</div>
</div>
</div>
</form>
</body>
</html>
Since I am trying to "validate" the authentication if it happens, I want you to redirect it to /find-Inventory. However, if no authentication is done, redirect to "/Inventory-Overview".
Place the answer using the button below called "Answer your question"
– Guilherme Nascimento
What was wrong is that the login_page form was not with th:action for "/login"...
– Gustavo Trevisani
Scroll the page and look for the button "Answer your question", I reversed the edition of your question, do not put the answer in the body of the question, put in the field below next to the button "Answer your question"
– Guilherme Nascimento