CODEWITHSUNDEEP
javaspringmavenspring-mvcspring-security
user488585
user488585

Reputation:

spring security HttpSecurity

I'm following the Spring Security guide from here, http://docs.spring.io/spring-security/site/docs/3.2.0.RELEASE/reference/htmlsingle/#jc-httpsecurity

I have these set up in my pom.xml

    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-web</artifactId>
        <version>3.2.0.RELEASE</version>
    </dependency>
    <dependency>
        <groupId>org.springframework.security</groupId>
        <artifactId>spring-security-config</artifactId>
        <version>3.2.0.RELEASE</version>
    </dependency>

In my security configuration class

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

I have 

protected void configure(HttpSecurity http) throws Exception {
  http
    .authorizeRequests()
        .anyRequest().authenticated()
        .and()
    .formLogin()
        .loginPage("/login") 
        .permitAll();        
}

HttpSecurity has the method formLogin, but the other calls starting with authorizeRequests() return the type
org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer<org.springframework.security.config.annotation.web.builders.HttpSecurity>.ExpressionInterceptUrlRegistry which doesn't have the method formLogin anymore.

Any idea where I'm going wrong?

Upvotes: 2

Views: 7754

Answers (1)

Erik Gillespie
Erik Gillespie

Reputation: 3959

Try changing the order so that the form login configuration comes first:

protected void configure(HttpSecurity http) throws Exception {
  http
    .formLogin()
        .loginPage("/login") 
        .permitAll()
        .and()
    .authorizeRequests()
        .anyRequest()
        .authenticated();
}

EDIT: changed ".and" to ".and()"

Upvotes: 4

Related Questions