Reputation: 438
I'm developing a simple project in order to learn something about spring.
I've created the login page and all the authentication management, now I'm trying to build the registration page, I've done both backend and frontend side but I have a problem.
The button 'Save' send a post request with path user/signup but it fails, the network console says 302, I think that it is a security problem because if I authenticate and then I try to register a user the request is successfull. So maybe I need to say to spring security that the registration request must be available for all user, also for the unauthenticated ones. I put the path user/signup in spring boot but it doesn't works, I also tried using only /signup
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/script/**", "/css/**", "/getRegisterPage","user/signup");
}
This is the project: https://github.com/StefanoPisano/expenses (branch 0.2)
Upvotes: 3
Views: 9664
Reputation: 2575
This
web.ignoring().antMatchers("/script/**", "/css/**", "/getRegisterPage","/user/signup");
will ignore all request with these pattern.
What you need is:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/user/signup").permitAll()
.anyRequest().fullyAuthenticated()
.and()
.formLogin()
.loginPage("/getLoginPage")
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home", true)
.permitAll();
http
.csrf().disable();
}
permitAll() - Allow anyone (including unauthenticated users) to access to the URL. Check this for more information https://docs.spring.io/spring-security/site/docs/current/reference/html/jc.html
Upvotes: 2
Reputation: 1463
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/script/**", "/css/**", "/getRegisterPage","/user/signup").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/getLoginPage")
.loginProcessingUrl("/login")
.usernameParameter("username")
.passwordParameter("password")
.defaultSuccessUrl("/home", true)
.permitAll();
}
Upvotes: 2