'Custom login does not override default login spring boot

I am working on an application with spring boot and thymeleaf

I want to override the default login with my custom login

but it is redirects me to default login page

TemplateController

@Controller
public class TemplateController {

    @GetMapping("/login")
    public String getLoginView() {
        return "login";
    }
}

ApplicationSecurityConfig

 http
        .csrf().disable()
        .authorizeRequests()
        .antMatchers("/", "index", "/css/*", "/js/*")
        .permitAll()
        .antMatchers("/api/**").hasRole(STUDENT.name())
        .antMatchers("/admin/api/**").hasRole(ADMIN.name())
        .antMatchers("/management/api/**").hasAnyRole(ADMIN.name(), ADMINTRAINEE.name())
        .anyRequest()
        .authenticated()
        .and()
        .formLogin()
        .loginPage("/login").permitAll();

Project structure

enter image description here

javaspringspring-bootspring-security


Solution 1:[1]

To implement your own logic for authentication, you need to extend WebSecurityConfigurerAdapter and override configure method.

@Configuration
@EnableWebSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

private final BCryptPasswordEncoder bCryptPasswordEncoder;
private final MyUserDetailsService userDetailsService;

@Bean
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
    return super.authenticationManagerBean();
}

@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.userDetailsService(userDetailsService)
            .passwordEncoder(bCryptPasswordEncoder);
}

@Override
protected void configure(HttpSecurity http) throws Exception {

}

@Override
public void configure(WebSecurity web) throws Exception {
    web.ignoring().antMatchers(UNPROTECTED_RESOURCES);
}

@Autowired
public WebSecurityConfiguration(BCryptPasswordEncoder bCryptPasswordEncoder, MyUserDetailsService userDetailsService) {
    this.bCryptPasswordEncoder = bCryptPasswordEncoder;
    this.userDetailsService = userDetailsService;
}
}

Custom login logic class:

@Service
public class MyUserDetailsService implements UserDetailsService {

@Autowired
private UserService userService;

@Override
@Transactional
public UserDetails loadUserByUsername(String userName) {
    User user = userService.findUserByUserName(userName);
    List<GrantedAuthority> authorities = getUserAuthority(user.getRoles());
    return buildUserForAuthentication(user, authorities);
}

private List<GrantedAuthority> getUserAuthority(Set<Role> userRoles) {
    Set<GrantedAuthority> roles = new HashSet<>();
    for (Role role : userRoles) {
        roles.add(new SimpleGrantedAuthority(role.getRole()));
    }
    return new ArrayList<>(roles);
}

private UserDetails buildUserForAuthentication(User user, List<GrantedAuthority> authorities) {
    return new org.springframework.security.core.userdetails.User(user.getUserName(), user.getPassword(),
            user.getActive(), true, true, true, authorities);
}
}

Here is an existing example I could find for you.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Arpan Shingala

Related Questions