I have a basic SpringBoot 2.1.5.RELEASE app. Using Spring Initializer, JPA, embedded Tomcat, Thymeleaf template engine, and package as an executable JAR file.
I had this Thymeleaf template that works OK with the login
<form id="loginForm" th:action="@{/login}" method="post">
<div class="input_label"><i class="fa fa-user"></i><input type="text" id="usernameId" name="username" th:attr="placeholder=#{login.user.placeholder}" /></div>
<div class="input_label"><i class="fa fa-key"></i><input type="text" name="password" placeholder="Password" /></div>
<input type="submit" value="LOGIN" />
</form>
That I replace for this other one:
<form id="loginForm" th:action="@{/login}" method="post">
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend"><i class="icon s7-user"></i></div>
<input class="form-control" id="username" name="username" type="text" th:attr="placeholder=#{login.user.placeholder}" autocomplete="off" />
</div>
</div>
<div class="form-group">
<div class="input-group">
<div class="input-group-prepend"><i class="icon s7-lock"></i></div>
<input class="form-control" id="password" name="password" type="password" placeholder="Password">
</div>
</div>
<div class="form-group login-submit">
<a class="btn btn-lg btn-primary btn-block" th:href="@{/login}" data-dismiss="modal">Login</a>
</div>
<div class="form-group row login-tools">
<div class="col-sm-6 login-remember">
<label class="custom-control custom-checkbox mt-2">
<input class="custom-control-input" type="checkbox"><span class="custom-control-label">Remember me</span>
</label>
</div>
<div class="col-sm-6 pt-2 text-sm-right login-forgot-password"><a href="pages-forgot-password.html">Forgot Password?</a></div>
</div>
</form>
But even it seems that the authentication is OK, here the console:
2019-05-22 15:09 [http-nio-2233-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor.authenticateIfRequired(348) - Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@afd2c118: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@ffff4c9c: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: DD587EDE4D70B2AC1D1609FD3553FB31; Granted Authorities: ROLE_ANONYMOUS
2019-05-22 15:09 [http-nio-2233-exec-8] DEBUG o.s.s.access.vote.AffirmativeBased.decide(66) - Voter: org.springframework.security.web.access.expression.WebExpressionVoter@976c509, returned: 1
2019-05-22 15:09 [http-nio-2233-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor.beforeInvocation(243) - Authorization successful
2019-05-22 15:09 [http-nio-2233-exec-8] DEBUG o.s.s.w.a.i.FilterSecurityInterceptor.beforeInvocation(256) - RunAsManager did not change Authentication object
The application does not redirect to the page I set up in the config file
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers(publicMatchers()).permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").defaultSuccessUrl("/bonanza/all")
.failureUrl("/login?error").permitAll()
.and()
.logout().permitAll();
}
As said in the comment, you need something that can submit your form. Like the input in the first example you provided.
The console output is decieving, you are authenticated as "anonymous".