After converting Spring Security Xml configuration into javaconfig, home page is automatcally redirected to /login.htm?logout . Home page is not coming. Also, login attempt is failing.
working Xml configuration:
<http pattern="/resources" security="none" />
<!-- HTTP security configurations -->
<http auto-config="true" use-expressions="true">
<!-- Configure these elements to secure URIs in your application -->
<intercept-url pattern="/admin.htm" access="hasRole('ROLE_ADMIN')" />
<intercept-url pattern="/personal/myPhotos.htm"
access="hasAnyRole('ROLE_USER', 'ROLE_FAMILY', 'ROLE_ADMIN')" />
<intercept-url pattern="/personal/familyPhotos.htm"
access="hasAnyRole('ROLE_FAMILY', 'ROLE_ADMIN')" />
<form-login login-processing-url="/j_spring_security_check"
login-page="/login.htm" authentication-failure-url="/login.htm?login_error=t" />
<logout logout-success-url="/" />
<remember-me key="myAppKey" token-validity-seconds="864000" />
<access-denied-handler error-page="/denied" />
</http>
<beans:bean id="encoder"
class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder" />
<authentication-manager>
<authentication-provider user-service-ref="customUserDetailsService">
<password-encoder ref="encoder" />
</authentication-provider>
</authentication-manager>
non-working javaconfig:
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder registry)
throws Exception {
registry.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
public void configure(WebSecurity webSecurity) throws Exception {
webSecurity.ignoring().antMatchers("/resources");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable()
.authorizeRequests()
.antMatchers("/**").permitAll()
.antMatchers("/admin.htm")
.hasAuthority("ROLE_ADMIN")
.antMatchers("/personal/myPhotos.htm")
.hasAnyAuthority("ROLE_USER", "ROLE_FAMILY", "ROLE_ADMIN")
.antMatchers("/personal/familyPhotos.htm")
.hasAnyAuthority("ROLE_FAMILY", "ROLE_ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.htm")
.loginProcessingUrl("/j_spring_security_check")
.failureUrl("/login.htm?login_error=t")
.permitAll()
.and()
.logout().logoutUrl("/")
.and()
.rememberMe().key("myAppKey").tokenValiditySeconds(864000);
}
}
RE-EDIT:
Based on the comment provided i can see the problem would be with your following piece of code:
.and()
.logout().logoutUrl("/")
Based on that code setup it means every time you go to your homepage/index page it will return http:///login?logout as per your problem.
I'm going to assume that you want to redirect to homepage/index page so therefore i present you this fix:
.and()
.logout()
.logoutSuccessUrl("/");
If this doesn't work please advise and i'll assist you further, otherwise accepting my answer will be thank you enough :).