CODEWITHSUNDEEP
javaspring-mvcspring-bootthymeleaf
Limpep
Limpep

Reputation: 499

Spring boot security invalid requestURI

trying to create a simple login page using Spring boot and thymeleaf. But for some reason when a user tries to login after they have entered their details in successfully it takes them to an invalid page i.e. a javascript page

requestURI: arg1=/js/jquery-1.11.2.min.js; arg2=/login (property not equals)

For example a user hits /cms/home and they are taken to the login page, once they have logged in they should be taken back to /cms/home. here is my code

@Configuration
@EnableWebMvcSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

@Override
public void configure(HttpSecurity httpSecurity) throws Exception{

    httpSecurity
            .authorizeRequests()
            .antMatchers("/", "/resources/**").permitAll()
            .anyRequest().fullyAuthenticated()
            .and()
            .formLogin()
            .loginPage("/login")
            .failureUrl("/login?error")
            .permitAll()
            .and()
            .logout()
            .logoutUrl("/logout")
            .logoutSuccessUrl("/")
            .permitAll();


}

@Override
public void configure(WebSecurity security){
    security.ignoring().antMatchers("/css/**","/fonts/**","js/**","/CMS/css/**","/CMS/js/**","/libs/**");
}

and here is the login page

   <!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org">

<head>
    <meta charset="UTF-8"/>

    <link href="../static/css/bootstrap.min.css"
          th:href="@{/css/bootstrap.min.css}"
          rel="stylesheet" media="screen" />

    <script href="../static/js/bootstrap.min.js"
            th:href="@{/js/bootstrap.min.js}"
            ></script>

    <script  href="../static/js/jquery-1.11.2.min.js"
            th:src="@{/js/jquery-1.11.2.min.js}"></script>

    <link href="../static/CMS/css/login.css"
          th:href="@{/CMS/css/login.css}"
          rel="stylesheet" media="screen" />



    <title>CMS Login</title>
</head>
<body>

<div class="container">

    <div class="row" id="pwd-container">
        <div class="col-md-4"></div>

        <div class="col-md-4">
            <section class="login-form">
                <div th:if="${param.error}">
                    Invalid username and password.
                </div>
                <div th:if="${param.logout}">
                    You have been logged out.
                </div>
                <form  th:action="@{/login}"  method="post" role="login">



                    <input type="text" name="username" placeholder="Email" required="" class="form-control input-lg" value="myOwnUser" />

                    <input type="password"  name="password" class="form-control input-lg" id="password" placeholder="Password" required=""  value="myOwnPassword"/>

                    <button type="submit" name="go" class="btn btn-lg btn-primary btn-block">Sign in</button>
                    <div>
                       <a href="#">reset password</a>
                    </div>

                </form>

                <div class="form-links">
                    <a href="#">www.website.com</a>
                </div>
            </section>
        </div>

        <div class="col-md-4"></div>


    </div>
</div>

</body>
</html>

If anyone can help that would be great

Upvotes: 1

Views: 661

Answers (1)

Damien Polegato
Damien Polegato

Reputation: 508

In your ant matcher you forgot a / in "js/**" so it doesn't allow loading /js/jquery-1.11.2.min.js until user is logged in and then first thing after login your app loads the file which is now authorized.

Upvotes: 1

Related Questions