Arjun
Reputation: 1262
loadUserByUsername() method not getting invoked by spring security
I'm new to Spring security and just started learning it. I want to use a custom User class, So I'm trying to implement UserDetailsService interface and override loadUserByUsername() method to return the custom User object.
but spring security is not invoking loadUserByUsername(),
So user is not getting authenticated, Instead gets redirected to login page.
I can't figure out what's going wrong
Code:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login","/css/**","/images/**").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.permitAll();
}
@Autowired
@Qualifier("userDetailsService")
UserDetailsService userDetailsService;
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("configureglobal called");
auth.userDetailsService(userDetailsService);
}
}
@Service("userDetailsService")
public class MyUserDetailsService implements UserDetailsService {
@Autowired
private UserRepository userRepository;
@Override
public UserDetails loadUserByUsername(final String username)
throws UsernameNotFoundException {
System.out.println("loadUserByUsername called");
User user = userRepository.findByUsername(username);
return user;
}
}
public interface UserRepository extends JpaRepository<User, Long>{
User findByUsername(String username);
List<User> findByName(String name);
}
Here is my controller class. Even when a valid username and password is provided, login method is getting called 3 times and loadUserByUsername() is not invoked
@Controller
public class MainController {
@RequestMapping(value= {"/login"})
public String login() {
System.out.println("login called");
return "login";
}
@RequestMapping(value={"/",/home"})
public String homeReturner(HttpServletRequest request,Model model) {
System.out.println("home returner called");
model.addAttribute("name", request.getAttribute("name"));
return "home";
}
}
User class
@Entity
public class User implements UserDetails {
@Id
@GeneratedValue(strategy=GenerationType.AUTO)
private Integer id;
private String name;
private String username;
private String password;
public Integer getId() {
return id;
}
public void setId(Integer id) {
this.id = id;
}
public String getName() {
return name;
}
public void setName(String name) {
this.name = name;
}
public String getUsername() {
return username;
}
public void setUsername(String userName) {
this.username = userName;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
// TODO Auto-generated method stub
return null;
}
@Override
public boolean isAccountNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isAccountNonLocked() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isCredentialsNonExpired() {
// TODO Auto-generated method stub
return true;
}
@Override
public boolean isEnabled() {
// TODO Auto-generated method stub
return true;
}
}
Html form in the login page
<form action="/signin">
<input type="text" name="username" placeholder="Email"> <input type="password" name="password" placeholder="Password"> <button type="submit">Sign in</button><br>
<input type="checkbox" name=""> <label>Remember me.</label> <input type="checkbox" name=""><label>Forgot password?</label>
</form>
Sign in controller
@Controller
public class LoginController {
@Autowired
private UserRepository userRepository;
@GetMapping(path="/signin")
public String signin() {
System.out.print("signin called");
return "home";
}
}
What's going wrong here? Why loadUserByUsername() isn't invoked?
Debug Log
2018-07-04 21:59:19.249 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.util.matcher.AndRequestMatcher : Trying to match using NegatedRequestMatcher [requestMatcher=Ant [pattern='/**/favicon.ico']]
2018-07-04 21:59:19.250 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/favicon.ico'; against '/**/favicon.ico'
2018-07-04 21:59:19.251 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.u.matcher.NegatedRequestMatcher : matches = false
2018-07-04 21:59:19.252 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.util.matcher.AndRequestMatcher : Did not match
2018-07-04 21:59:19.252 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.s.HttpSessionRequestCache : Request not saved as configured RequestMatcher did not match
2018-07-04 21:59:19.252 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.a.ExceptionTranslationFilter : Calling Authentication entry point.
2018-07-04 21:59:19.253 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.web.DefaultRedirectStrategy : Redirecting to 'http://localhost:8080/login'
2018-07-04 21:59:19.254 DEBUG 7128 --- [nio-8080-exec-4] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7a1d6f3f
2018-07-04 21:59:19.254 DEBUG 7128 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-07-04 21:59:19.257 DEBUG 7128 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-07-04 21:59:19.298 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-07-04 21:59:19.298 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-07-04 21:59:19.298 DEBUG 7128 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2018-07-04 21:59:19.298 DEBUG 7128 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@22d63ce1. A new one will be created.
2018-07-04 21:59:19.299 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-07-04 21:59:19.300 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2018-07-04 21:59:19.300 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/logout'
2018-07-04 21:59:19.301 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2018-07-04 21:59:19.301 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /login
2018-07-04 21:59:19.302 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-07-04 21:59:19.302 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.s.DefaultSavedRequest : pathInfo: both null (property equals)
2018-07-04 21:59:19.302 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.s.DefaultSavedRequest : queryString: both null (property equals)
2018-07-04 21:59:19.303 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.s.DefaultSavedRequest : requestURI: arg1=/home; arg2=/login (property not equals)
2018-07-04 21:59:19.303 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2018-07-04 21:59:19.303 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-07-04 21:59:19.304 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-07-04 21:59:19.304 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@3793fe54: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB5BC6CF44B2064132ADF5A75EE463DD; Granted Authorities: ROLE_ANONYMOUS'
2018-07-04 21:59:19.306 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-07-04 21:59:19.306 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-07-04 21:59:19.307 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-07-04 21:59:19.307 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/'
2018-07-04 21:59:19.308 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/login'; against '/login'
2018-07-04 21:59:19.308 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /login; Attributes: [permitAll]
2018-07-04 21:59:19.308 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@3793fe54: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB5BC6CF44B2064132ADF5A75EE463DD; Granted Authorities: ROLE_ANONYMOUS
2018-07-04 21:59:19.309 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7cbce1e2, returned: 1
2018-07-04 21:59:19.310 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : Authorization successful
2018-07-04 21:59:19.310 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : RunAsManager did not change Authentication object
2018-07-04 21:59:19.310 DEBUG 7128 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : /login reached end of additional filter chain; proceeding with original chain
login called2018-07-04 21:59:19.320 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.header.writers.HstsHeaderWriter : Not injecting HSTS header since it did not match the requestMatcher org.springframework.security.web.header.writers.HstsHeaderWriter$SecureRequestMatcher@7a1d6f3f
2018-07-04 21:59:19.321 DEBUG 7128 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.
2018-07-04 21:59:19.326 DEBUG 7128 --- [nio-8080-exec-3] o.s.s.w.a.ExceptionTranslationFilter : Chain processed normally
2018-07-04 21:59:19.326 DEBUG 7128 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : SecurityContextHolder now cleared, as request processing completed
2018-07-04 21:59:26.605 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 1 of 11 in additional filter chain; firing Filter: 'WebAsyncManagerIntegrationFilter'
2018-07-04 21:59:26.606 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 2 of 11 in additional filter chain; firing Filter: 'SecurityContextPersistenceFilter'
2018-07-04 21:59:26.607 DEBUG 7128 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : HttpSession returned null object for SPRING_SECURITY_CONTEXT
2018-07-04 21:59:26.607 DEBUG 7128 --- [nio-8080-exec-7] w.c.HttpSessionSecurityContextRepository : No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@22d63ce1. A new one will be created.
2018-07-04 21:59:26.607 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 3 of 11 in additional filter chain; firing Filter: 'HeaderWriterFilter'
2018-07-04 21:59:26.607 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 4 of 11 in additional filter chain; firing Filter: 'LogoutFilter'
2018-07-04 21:59:26.607 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/signin'; against '/logout'
2018-07-04 21:59:26.608 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 5 of 11 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter'
2018-07-04 21:59:26.608 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/signin'; against '/login'
2018-07-04 21:59:26.608 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 6 of 11 in additional filter chain; firing Filter: 'RequestCacheAwareFilter'
2018-07-04 21:59:26.609 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.s.DefaultSavedRequest : pathInfo: both null (property equals)
2018-07-04 21:59:26.609 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.s.DefaultSavedRequest : queryString: both null (property equals)
2018-07-04 21:59:26.610 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.s.DefaultSavedRequest : requestURI: arg1=/home; arg2=/signin (property not equals)
2018-07-04 21:59:26.610 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.s.HttpSessionRequestCache : saved request doesn't match
2018-07-04 21:59:26.610 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 7 of 11 in additional filter chain; firing Filter: 'SecurityContextHolderAwareRequestFilter'
2018-07-04 21:59:26.610 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 8 of 11 in additional filter chain; firing Filter: 'AnonymousAuthenticationFilter'
2018-07-04 21:59:26.611 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.a.AnonymousAuthenticationFilter : Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@3793fe54: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB5BC6CF44B2064132ADF5A75EE463DD; Granted Authorities: ROLE_ANONYMOUS'
2018-07-04 21:59:26.611 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 9 of 11 in additional filter chain; firing Filter: 'SessionManagementFilter'
2018-07-04 21:59:26.612 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 10 of 11 in additional filter chain; firing Filter: 'ExceptionTranslationFilter'
2018-07-04 21:59:26.612 DEBUG 7128 --- [nio-8080-exec-7] o.s.security.web.FilterChainProxy : /signin at position 11 of 11 in additional filter chain; firing Filter: 'FilterSecurityInterceptor'
2018-07-04 21:59:26.612 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/signin'; against '/'
2018-07-04 21:59:26.613 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/signin'; against '/login'
2018-07-04 21:59:26.613 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/signin'; against '/css/**'
2018-07-04 21:59:26.613 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.u.matcher.AntPathRequestMatcher : Checking match of request : '/signin'; against '/images/**'
2018-07-04 21:59:26.614 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Secure object: FilterInvocation: URL: /signin; Attributes: [authenticated]
2018-07-04 21:59:26.614 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.a.i.FilterSecurityInterceptor : Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@3793fe54: Principal: anonymousUser; Credentials: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffde5d4: RemoteIpAddress: 0:0:0:0:0:0:0:1; SessionId: FB5BC6CF44B2064132ADF5A75EE463DD; Granted Authorities: ROLE_ANONYMOUS
2018-07-04 21:59:26.615 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.access.vote.AffirmativeBased : Voter: org.springframework.security.web.access.expression.WebExpressionVoter@7cbce1e2, returned: -1
2018-07-04 21:59:26.618 DEBUG 7128 --- [nio-8080-exec-7] o.s.s.w.a.ExceptionTranslationFilter : Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:84) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:233) ~[spring-security-core-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:124) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:91) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:119) ~[spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:137) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:170) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:63) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:66) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:215) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:178) [spring-security-web-5.0.6.RELEASE.jar:5.0.6.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:357) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:270) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:109) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:93) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:200) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) [spring-web-5.0.7.RELEASE.jar:5.0.7.RELEASE]
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:496) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:81) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:803) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:790) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1468) [tomcat-embed-core-8.5.31.jar:8.5.31]
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) [tomcat-embed-core-8.5.31.jar:8.5.31]
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [na:1.8.0_162]
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [na:1.8.0_162]
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.5.31.jar:8.5.31]
at java.lang.Thread.run(Unknown Source) [na:1.8.0_162]
Upvotes: 2
Views: 5865
Answers (3)
EM1LJAN
Reputation: 37
I had the same problem, I solved it by changing the method="get" to method="post" in form.
<form th:action="@{/users/login}" th:method="post" class="login">
//inputs
<input type="submit" value="Enter!"/>
</form>
Upvotes: 0
user15552763
Reputation: 11
I faced same issue and I can see below in logs Hibernate: select user0_.id as id1_0_, user0_.is_active as is_activ2_0_, user0_.password as password3_0_, user0_.roles as roles4_0_, user0_.user_name as user_nam5_0_ from user user0_ where user0_.user_name=?
- means loadUserByUserName is searching user with "user_name" in DB.
- I created userName with userName column in DB
- when I select * from user where user_name = '<user_login_name_you_are trying>'; and it will return user_name = null and that's the reason its not autheticating user and its unable to find user in DB.
- I updated the column with the same value as userName column and it worked.
Upvotes: 1
fg78nc
Reputation: 5232
Please try to modify as follows.
.and().formLogin()
.loginPage("/login")
.loginProcessingUrl("/login")
.failureUrl("/login?error=true")
.defaultSuccessUrl("/default") // add page where to navigate after login
.usernameParameter("username") // make sure your form has correct params
.passwordParameter("password") // make sure your form has correct params
.permitAll() // allow access
Your controllers :
@GetMapping(value = "/login")
public ModelAndView login(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout) {
logger.info("Login(error): {}", error);
logger.info("Login(logout): {}", logout);
ModelAndView model = new ModelAndView();
if (error != null) {
model.addObject("error", "Invalid username/password");
}
if (logout != null) {
model.addObject("message", "Logged out");
}
model.setViewName("login");
return model;
}
@GetMapping("/default")
public String defaultAfterLogin(HttpServletRequest httpServletRequest) {
return "redirect:/";
}
Upvotes: 0
Related Questions
- username parameter is empty in loadUserByUsername(String username) - spring boot
- Spring Boot + Security loadByUserName not passing userName
- loadUserByUsername is not invoked
- Spring Security loadUserByUsername() method is not called and authentication is sucess for incorrect password
- when loadUserByUsername is invoked? (spring security)
- Spring security loadByUsername's username field is empty
- NullPointerException while using loadUserByUsername
- Why isn't loadUserByUserName invoke?
- loadUserByUsername Method of UserDetailsService never called
- Why is my loadUserByUsername not working?