Access denied after login.

RameshMF / registration-login-springboot-security-thymeleaf

registration-login-module using springboot, spring mvc, spring security and thymeleaf

https://www.javaguides.net/2018/10/user-registration-module-using-springboot-springmvc-springsecurity-hibernate5-thymeleaf-mysql.html

242 stars 178 forks source link

Access denied after login. #11

Open PrimaryKey opened 1 year ago

PrimaryKey commented 1 year ago

Hello,

After login, access is denied. The URL bar says

http://localhost:8080/?continue

It seems that the redirection .defaultSuccessUrl("/users") in the class SpringSecurity does not work.

The browser window says:

"Access to localhost was denied. You are not authorized to access this page. HTTP ERROR 403"

But if I enter the endpoint manually:

http://localhost:8080/users

everything works perfectly. I have no idea and would need some help.

yongruifang commented 3 months ago

try .defaultSuccessUrl("/users", true)

TahmazliSanan commented 3 months ago

1) Modify route of index page on AuthController: @GetMapping("/") public String home(){ return "index"; }

2) Then modify filterChain() method as below: @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { http.csrf(AbstractHttpConfigurer::disable) .authorizeHttpRequests((authorize) -> authorize.requestMatchers("/register/**").permitAll() .requestMatchers("/").permitAll() .requestMatchers("/users").hasAuthority("ROLE_ADMIN") ).formLogin( form -> form .loginPage("/login") .loginProcessingUrl("/login") .defaultSuccessUrl("/users") .permitAll() ).logout( logout -> logout .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) .permitAll() ); return http.build(); }

I solved this problem using this way. Also you must upgrade version of dependencies on pom.xml