I am trying to replace a simple thymeleaf login page with the default one. The problem is it is not working as expected. I am getting the authorization requred as an alert for example. I am providing the screenshots and codes for the security in which authorizeRequest() and antMatchers are not used anymore.
I am getting this alert instead of getting the replaced login page
@EnableWebSecurity
@Configuration
public class HospitalSecurityConfig {
@Bean
public SecurityFilterChain filterChain (HttpSecurity http) throws Exception {
http
.authorizeHttpRequests()
.requestMatchers("/").authenticated()
.requestMatchers("/mylogin").permitAll()
.and()
.formLogin().loginPage("/mylogin").loginProcessingUrl("/mylogin").permitAll()
.and()
.logout().logoutUrl("/logout")
.and()
.authenticationProvider(authProvider())
.httpBasic()
;
return http.build();
}
@Bean
public UserDetailsService detailsService() {
return new HospitalUserDetailsServiceer();
}
@Bean
public AuthenticationProvider authProvider() {
DaoAuthenticationProvider provider = new DaoAuthenticationProvider();
provider.setPasswordEncoder(encoder());
provider.setUserDetailsService(detailsService());
return provider;
}
@Bean
public PasswordEncoder encoder() {
return new BCryptPasswordEncoder();
}
}
myLogin.html:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3"
xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout">
<head>
<meta charset="ISO-8859-1">
<title>Welcome to HealthMe Application!</title>
<link th:href="@{/css/cssLogin.css}" rel="stylesheet" />
<script type="text/javascript" th:src="@{/js/jsLogin.js}"></script>
</head>
<body>
<form th:action="@{/mylogin}" method="post">
Username = <input name="username" type="text"> <br>
Password = <input name="password" type="password"> <br>
<input type="submit">
</form>
</body>
</html>
I handled the "/mylogin" path call by:
@EnableWebMvc
@Configuration
public class HospitalMVCconfig implements WebMvcConfigurer{
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/mylogin").setViewName("myLogin");
}
I solved the problem and put the final code here:
@Bean
public SecurityFilterChain filterChain (HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(t ->
t.anyRequest()
.authenticated()
)
.formLogin(form ->
form
.loginPage("/mylogin")
.loginProcessingUrl("/mylogin")
.successHandler(successHandler())
.permitAll()
)
.logout(out ->
out.logoutRequestMatcher(new
AntPathRequestMatcher("/logout"))
.permitAll()
)
.authenticationProvider(authProvider()
);
return http.build();
}
where the successful handler method is as follows:
private AuthenticationSuccessHandler successHandler() {
SimpleUrlAuthenticationSuccessHandler simpleUrlAuthenticationSuccessHandler = new SimpleUrlAuthenticationSuccessHandler();
simpleUrlAuthenticationSuccessHandler.setDefaultTargetUrl("/");
return simpleUrlAuthenticationSuccessHandler;
}