I make the /welcome page available to everyone, but when I go to it, I am still redirected to the login page
WebSecurityConfig:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig{
@Bean
public UserDetailsService userDetailsService(PasswordEncoder encoder){
UserDetails admin = User.builder().username("admin").password(encoder.encode("admin")).build();
UserDetails user = User.builder().username("user").password(encoder.encode("user")).build();
return new InMemoryUserDetailsManager(admin, user);
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/welcome").permitAll()
.anyRequest().authenticated())
.formLogin(withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
}
siteController:
@Controller
public class siteController {
@GetMapping("/welcome")
public String welcome(){
return "welcome.html";
}
@GetMapping("/admin")
public String admin(){
return "admin.html";
}
}
DemoApplication:
@SpringBootApplication
public class DemoApplication {
public static void main(String[] args) {
SpringApplication.run(DemoApplication.class, args);
}
}
I tried to make all the pages available without authorization and I managed to log in to them without authorization, it looked like this
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.anyRequest().permitAll())
.formLogin(withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
But when I write like this
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.authorizeHttpRequests(auth -> auth
.requestMatchers("/welcome").permitAll()
.anyRequest().authenticated())
.formLogin(withDefaults())
.csrf(AbstractHttpConfigurer::disable);
return http.build();
}
I am no longer allowed on all pages without authorization
So, thank you all for your help, I've sorted out this problem. I deleted the siteController file and replaced it with the MvsConfig configuration file, in which I indicated how I understand creating new controllers and naming them, in the end I got this:
instead of the siteController file:
@Controller
public class siteController {
@GetMapping("/welcome")
public String welcome(){
return "welcome.html";
}
@GetMapping("/admin")
public String admin(){
return "admin.html";
}
}
I made a file MvcConfig:
@Configuration
public class MvcConfig implements WebMvcConfigurer {
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/welcome").setViewName("welcome");
registry.addViewController("/").setViewName("welcome");
registry.addViewController("/hello").setViewName("hello");
registry.addViewController("/admin").setViewName("admin");
registry.addViewController("/login").setViewName("login");
}
}
and my WebSecurityConfig file configuration:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((requests) -> requests
.requestMatchers("/", "/welcome").permitAll()
.anyRequest().authenticated()
)
.formLogin((form) -> form
.loginPage("/login")
.permitAll()
)
.logout((logout) -> logout.permitAll());
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
UserDetails user =
User.withDefaultPasswordEncoder()
.username("user")
.password("password")
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
}