'Spring Security Login Form always loads first
I am working on a web application and I want to implement spring security. I want anyone to be able to see the home page at least.
I have attempted to map this but no matter what I do, the login page will appear first.
I have included the code below which should permit all users to pages within the guest controller.
Can anyone tell me why spring security always defaults to the login page?
Security Config
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception{
PasswordEncoder encoder
= PasswordEncoderFactories.createDelegatingPasswordEncoder();
auth.inMemoryAuthentication()
.withUser("alan")
.password(encoder.encode("password"))
.roles("USER", "ADMIN")
.and()
.withUser("brendan")
.password(encoder.encode("password"))
.roles("USER", "ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("", "/guest/**", "/", "index").permitAll()
.antMatchers("/admin/**").hasRole("ADMIN")
.anyRequest().authenticated()
.and()
.formLogin()
.usernameParameter("email")
.defaultSuccessUrl("/adminHome")
.permitAll()
.and()
.logout().logoutSuccessUrl("/").permitAll();
}
}
Guest Controller
@Controller
@RequestMapping("guest")
public class GuestController {
@Autowired
private PickUpGameService pickUpGameService;
@GetMapping("")
public String viewHomePagePlayer(Model model) {
model.addAttribute("listPickUpGames", pickUpGameService.getALLPickUpGames());
return "index";
}
@GetMapping("/login")
public String getLogin() {
return "login";
}
}
Debug logs
cd C:\Users\brian\OneDrive - Limerick Institute Of Technology\Software Project\practice\socialFootball\socialFootball_1_3\socialFootball_1.2; JAVA_HOME=C:\\Users\\brian\\OneDrive\\Documents\\jdk-16.0.2 cmd /c "\"C:\\Program Files\\NetBeans-12.4\\netbeans\\java\\maven\\bin\\mvn.cmd\" -Dexec.vmArgs= -Dexec.args=\"${exec.vmArgs} -classpath %classpath ${exec.mainClass} ${exec.appArgs}\" -Dexec.executable=C:\\Users\\brian\\OneDrive\\Documents\\jdk-16.0.2\\bin\\java.exe -Dexec.mainClass=com.example.socialFootball_12.application.SocialFootballApp -Dexec.classpathScope=runtime -Dexec.appArgs= -Dmaven.ext.class.path=\"C:\\Program Files\\NetBeans-12.4\\netbeans\\java\\maven-nblib\\netbeans-eventspy.jar\" -Dfile.encoding=UTF-8 org.codehaus.mojo:exec-maven-plugin:3.0.0:exec"
Running NetBeans Compile On Save execution. Phase execution is skipped and output directories of dependency projects (with Compile on Save turned on) will be used instead of their jar artifacts.
Scanning for projects...
-------------------< com.example:socialFootball_1.2 >-------------------
Building socialFootball_1.2 0.0.1-SNAPSHOT
--------------------------------[ jar ]---------------------------------
--- exec-maven-plugin:3.0.0:exec (default-cli) @ socialFootball_1.2 ---
17:35:08.128 [Thread-0] DEBUG org.springframework.boot.devtools.restart.classloader.RestartClassLoader - Created RestartClassLoader org.springframework.boot.devtools.restart.classloader.RestartClassLoader@7cd00193
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.6.6)
2022-05-01 17:35:08.446 INFO 13912 --- [ restartedMain] c.e.s.application.SocialFootballApp : Starting SocialFootballApp using Java 16.0.2 on DESKTOP-R5LL07R with PID 13912 (C:\Users\brian\OneDrive - Limerick Institute Of Technology\Software Project\practice\socialFootball\socialFootball_1_3\socialFootball_1.2\target\classes started by brian in C:\Users\brian\OneDrive - Limerick Institute Of Technology\Software Project\practice\socialFootball\socialFootball_1_3\socialFootball_1.2)
2022-05-01 17:35:08.447 INFO 13912 --- [ restartedMain] c.e.s.application.SocialFootballApp : No active profile set, falling back to 1 default profile: "default"
2022-05-01 17:35:08.509 INFO 13912 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : Devtools property defaults active! Set 'spring.devtools.add-properties' to 'false' to disable
2022-05-01 17:35:08.510 INFO 13912 --- [ restartedMain] .e.DevToolsPropertyDefaultsPostProcessor : For additional web related logging consider setting the 'logging.level.web' property to 'DEBUG'
2022-05-01 17:35:08.953 INFO 13912 --- [ restartedMain] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2022-05-01 17:35:09.026 INFO 13912 --- [ restartedMain] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 63 ms. Found 8 JPA repository interfaces.
2022-05-01 17:35:09.834 INFO 13912 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2022-05-01 17:35:09.844 INFO 13912 --- [ restartedMain] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2022-05-01 17:35:09.845 INFO 13912 --- [ restartedMain] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.60]
2022-05-01 17:35:10.159 INFO 13912 --- [ restartedMain] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2022-05-01 17:35:10.159 INFO 13912 --- [ restartedMain] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 1649 ms
2022-05-01 17:35:10.331 INFO 13912 --- [ restartedMain] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2022-05-01 17:35:10.384 INFO 13912 --- [ restartedMain] org.hibernate.Version : HHH000412: Hibernate ORM core version 5.6.7.Final
2022-05-01 17:35:10.527 INFO 13912 --- [ restartedMain] o.hibernate.annotations.common.Version : HCANN000001: Hibernate Commons Annotations {5.1.2.Final}
2022-05-01 17:35:10.609 INFO 13912 --- [ restartedMain] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Starting...
2022-05-01 17:35:10.763 INFO 13912 --- [ restartedMain] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Start completed.
2022-05-01 17:35:10.774 INFO 13912 --- [ restartedMain] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQL5InnoDBDialect
2022-05-01 17:35:11.726 INFO 13912 --- [ restartedMain] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2022-05-01 17:35:11.734 INFO 13912 --- [ restartedMain] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2022-05-01 17:35:12.320 WARN 13912 --- [ restartedMain] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2022-05-01 17:35:12.566 INFO 13912 --- [ restartedMain] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page template: index
2022-05-01 17:35:12.892 DEBUG 13912 --- [ restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression [authenticated] for any request
2022-05-01 17:35:12.925 INFO 13912 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Will not secure any request
2022-05-01 17:35:13.031 INFO 13912 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729
2022-05-01 17:35:13.077 INFO 13912 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2022-05-01 17:35:13.094 INFO 13912 --- [ restartedMain] c.e.s.application.SocialFootballApp : Started SocialFootballApp in 4.955 seconds (JVM running for 5.525)
2022-05-01 17:35:22.985 INFO 13912 --- [nio-8080-exec-3] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-05-01 17:35:22.993 INFO 13912 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-05-01 17:35:22.994 INFO 13912 --- [nio-8080-exec-3] o.s.web.servlet.DispatcherServlet : Completed initialization in 0 ms
2022-05-01 17:35:23.005 DEBUG 13912 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing GET /guest/
2022-05-01 17:35:23.011 DEBUG 13912 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-05-01 17:35:23.016 DEBUG 13912 --- [nio-8080-exec-3] o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext
2022-05-01 17:35:23.016 DEBUG 13912 --- [nio-8080-exec-3] o.s.s.w.session.SessionManagementFilter : Request requested invalid session id B1508772064DD89F082C9583FF397BFF
2022-05-01 17:35:23.037 DEBUG 13912 --- [nio-8080-exec-3] o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [GET /guest/] with attributes [authenticated]
2022-05-01 17:35:23.090 DEBUG 13912 --- [nio-8080-exec-3] o.s.s.w.s.HttpSessionRequestCache : Saved request http://localhost:8080/guest/ to session
2022-05-01 17:35:23.090 DEBUG 13912 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : Trying to match using And [Not [RequestHeaderRequestMatcher [expectedHeaderName=X-Requested-With, expectedHeaderValue=XMLHttpRequest]], MediaTypeRequestMatcher [contentNegotiationStrategy=org.springframework.web.accept.HeaderContentNegotiationStrategy@7c4f8075, matchingMediaTypes=[application/xhtml+xml, image/*, text/html, text/plain], useEquals=false, ignoredMediaTypes=[*/*]]]
2022-05-01 17:35:23.090 DEBUG 13912 --- [nio-8080-exec-3] s.w.a.DelegatingAuthenticationEntryPoint : Match found! Executing org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint@2939fc38
2022-05-01 17:35:23.090 DEBUG 13912 --- [nio-8080-exec-3] o.s.s.web.DefaultRedirectStrategy : Redirecting to http://localhost:8080/login
2022-05-01 17:35:23.090 DEBUG 13912 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:23.099 DEBUG 13912 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:23.099 DEBUG 13912 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-05-01 17:35:23.108 DEBUG 13912 --- [nio-8080-exec-4] o.s.security.web.FilterChainProxy : Securing GET /login
2022-05-01 17:35:23.108 DEBUG 13912 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-05-01 17:35:23.112 DEBUG 13912 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:23.112 DEBUG 13912 --- [nio-8080-exec-4] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:23.112 DEBUG 13912 --- [nio-8080-exec-4] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-05-01 17:35:23.848 INFO 13912 --- [ Thread-5] j.LocalContainerEntityManagerFactoryBean : Closing JPA EntityManagerFactory for persistence unit 'default'
2022-05-01 17:35:23.854 INFO 13912 --- [ Thread-5] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown initiated...
2022-05-01 17:35:23.866 INFO 13912 --- [ Thread-5] com.zaxxer.hikari.HikariDataSource : HikariPool-1 - Shutdown completed.
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.6.6)
2022-05-01 17:35:24.024 INFO 13912 --- [ restartedMain] c.e.s.application.SocialFootballApp : Starting SocialFootballApp using Java 16.0.2 on DESKTOP-R5LL07R with PID 13912 (C:\Users\brian\OneDrive - Limerick Institute Of Technology\Software Project\practice\socialFootball\socialFootball_1_3\socialFootball_1.2\target\classes started by brian in C:\Users\brian\OneDrive - Limerick Institute Of Technology\Software Project\practice\socialFootball\socialFootball_1_3\socialFootball_1.2)
2022-05-01 17:35:24.029 INFO 13912 --- [ restartedMain] c.e.s.application.SocialFootballApp : No active profile set, falling back to 1 default profile: "default"
2022-05-01 17:35:24.367 INFO 13912 --- [ restartedMain] .s.d.r.c.RepositoryConfigurationDelegate : Bootstrapping Spring Data JPA repositories in DEFAULT mode.
2022-05-01 17:35:24.440 INFO 13912 --- [ restartedMain] .s.d.r.c.RepositoryConfigurationDelegate : Finished Spring Data repository scanning in 68 ms. Found 8 JPA repository interfaces.
2022-05-01 17:35:24.752 INFO 13912 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2022-05-01 17:35:24.755 INFO 13912 --- [ restartedMain] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2022-05-01 17:35:24.756 INFO 13912 --- [ restartedMain] org.apache.catalina.core.StandardEngine : Starting Servlet engine: [Apache Tomcat/9.0.60]
2022-05-01 17:35:24.803 INFO 13912 --- [ restartedMain] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2022-05-01 17:35:24.803 INFO 13912 --- [ restartedMain] w.s.c.ServletWebServerApplicationContext : Root WebApplicationContext: initialization completed in 767 ms
2022-05-01 17:35:24.890 INFO 13912 --- [ restartedMain] o.hibernate.jpa.internal.util.LogHelper : HHH000204: Processing PersistenceUnitInfo [name: default]
2022-05-01 17:35:24.919 INFO 13912 --- [ restartedMain] com.zaxxer.hikari.HikariDataSource : HikariPool-2 - Starting...
2022-05-01 17:35:24.926 INFO 13912 --- [ restartedMain] com.zaxxer.hikari.HikariDataSource : HikariPool-2 - Start completed.
2022-05-01 17:35:24.927 INFO 13912 --- [ restartedMain] org.hibernate.dialect.Dialect : HHH000400: Using dialect: org.hibernate.dialect.MySQL5InnoDBDialect
2022-05-01 17:35:25.188 INFO 13912 --- [ restartedMain] o.h.e.t.j.p.i.JtaPlatformInitiator : HHH000490: Using JtaPlatform implementation: [org.hibernate.engine.transaction.jta.platform.internal.NoJtaPlatform]
2022-05-01 17:35:25.188 INFO 13912 --- [ restartedMain] j.LocalContainerEntityManagerFactoryBean : Initialized JPA EntityManagerFactory for persistence unit 'default'
2022-05-01 17:35:25.532 WARN 13912 --- [ restartedMain] JpaBaseConfiguration$JpaWebConfiguration : spring.jpa.open-in-view is enabled by default. Therefore, database queries may be performed during view rendering. Explicitly configure spring.jpa.open-in-view to disable this warning
2022-05-01 17:35:25.585 INFO 13912 --- [ restartedMain] o.s.b.a.w.s.WelcomePageHandlerMapping : Adding welcome page template: index
2022-05-01 17:35:25.663 DEBUG 13912 --- [ restartedMain] edFilterInvocationSecurityMetadataSource : Adding web access control expression [authenticated] for any request
2022-05-01 17:35:25.663 INFO 13912 --- [ restartedMain] o.s.s.web.DefaultSecurityFilterChain : Will not secure any request
2022-05-01 17:35:25.680 INFO 13912 --- [ restartedMain] o.s.b.d.a.OptionalLiveReloadServer : LiveReload server is running on port 35729
2022-05-01 17:35:25.698 INFO 13912 --- [ restartedMain] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2022-05-01 17:35:25.698 INFO 13912 --- [ restartedMain] c.e.s.application.SocialFootballApp : Started SocialFootballApp in 1.733 seconds (JVM running for 18.133)
2022-05-01 17:35:25.703 INFO 13912 --- [ restartedMain] .ConditionEvaluationDeltaLoggingListener : Condition evaluation unchanged
2022-05-01 17:35:29.177 INFO 13912 --- [nio-8080-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet'
2022-05-01 17:35:29.177 INFO 13912 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet'
2022-05-01 17:35:29.181 INFO 13912 --- [nio-8080-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 4 ms
2022-05-01 17:35:29.181 DEBUG 13912 --- [nio-8080-exec-1] o.s.security.web.FilterChainProxy : Securing POST /login
2022-05-01 17:35:29.181 DEBUG 13912 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-05-01 17:35:29.603 DEBUG 13912 --- [nio-8080-exec-1] o.s.s.a.dao.DaoAuthenticationProvider : Failed to find user 'user'
2022-05-01 17:35:29.611 DEBUG 13912 --- [nio-8080-exec-1] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?error
2022-05-01 17:35:29.619 DEBUG 13912 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:29.620 DEBUG 13912 --- [nio-8080-exec-1] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:29.620 DEBUG 13912 --- [nio-8080-exec-1] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-05-01 17:35:29.626 DEBUG 13912 --- [nio-8080-exec-2] o.s.security.web.FilterChainProxy : Securing GET /login?error
2022-05-01 17:35:29.626 DEBUG 13912 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-05-01 17:35:29.631 DEBUG 13912 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:29.631 DEBUG 13912 --- [nio-8080-exec-2] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:29.631 DEBUG 13912 --- [nio-8080-exec-2] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-05-01 17:35:35.464 DEBUG 13912 --- [nio-8080-exec-9] o.s.security.web.FilterChainProxy : Securing POST /login
2022-05-01 17:35:35.464 DEBUG 13912 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-05-01 17:35:35.669 DEBUG 13912 --- [nio-8080-exec-9] o.s.s.a.dao.DaoAuthenticationProvider : Failed to find user 'admin'
2022-05-01 17:35:35.669 DEBUG 13912 --- [nio-8080-exec-9] o.s.s.web.DefaultRedirectStrategy : Redirecting to /login?error
2022-05-01 17:35:35.669 DEBUG 13912 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:35.669 DEBUG 13912 --- [nio-8080-exec-9] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:35.669 DEBUG 13912 --- [nio-8080-exec-9] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
2022-05-01 17:35:35.675 DEBUG 13912 --- [nio-8080-exec-3] o.s.security.web.FilterChainProxy : Securing GET /login?error
2022-05-01 17:35:35.675 DEBUG 13912 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext
2022-05-01 17:35:35.675 DEBUG 13912 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:35.675 DEBUG 13912 --- [nio-8080-exec-3] w.c.HttpSessionSecurityContextRepository : Did not store empty SecurityContext
2022-05-01 17:35:35.675 DEBUG 13912 --- [nio-8080-exec-3] s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|