search

spring-projects / spring-security

Spring Security
http://spring.io/projects/spring-security
Apache License 2.0
8.74k stars 5.86k forks source link

loginProcessingUrl not working help me! #15710

Closed DongJu-Na closed 4 weeks ago

DongJu-Na commented 4 weeks ago

Even though I set loginProcessingUrl in Spring Security settings, I only get redirected with 302 when submitting the form. I would appreciate it if you could let me know where I missed it.

Here are my security settings.

 @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {

        http
                .authorizeHttpRequests((authz)->authz
                    .requestMatchers("/auth-login", "/api/auth/login")
                    .permitAll()
                        .anyRequest().authenticated())
                .formLogin((formLogin)->formLogin
                        .loginPage("/auth-login")
                        .loginProcessingUrl("/api/auth/login")
                        .usernameParameter("userId")
                        .passwordParameter("userPw")
                        .defaultSuccessUrl("/")
                        .permitAll())
                .logout((logout)->logout
                        .logoutSuccessUrl("/auth-login")
                        .invalidateHttpSession(true))

                .csrf(AbstractHttpConfigurer::disable);
        return http.build();
    }

html

  <form action="/api/auth/login" method="post">
                <div class="form-group position-relative has-icon-left mb-4">
                    <input type="text" class="form-control form-control-xl" placeholder="아이디"  id="userId" name="userId" autofocus="autofocus"/>
                    <div class="form-control-icon">
                        <i class="bi bi-person"></i>
                    </div>
                </div>
                <div class="form-group position-relative has-icon-left mb-4">
                    <input type="password" class="form-control form-control-xl" placeholder="비밀번호" id="userPw" name="userPw" />
                    <div class="form-control-icon">
                        <i class="bi bi-shield-lock"></i>
                    </div>
                </div>
                <div class="form-check form-check-lg d-flex align-items-end">
                    <input class="form-check-input me-2" type="checkbox" value="" id="flexCheckDefault">
                    <label class="form-check-label text-gray-600" for="flexCheckDefault">
                        Keep me logged in
                    </label>
                </div>
                <button class="btn btn-primary btn-block btn-lg shadow-lg mt-5" type="submit">Log in</button>
            </form>

gradle

plugins {
    id 'java'
    id 'org.springframework.boot' version '3.3.3'
    id 'io.spring.dependency-management' version '1.1.6'
}

group = 'com.test'
version = '0.0.3-SNAPSHOT'

java {
    toolchain {
        languageVersion = JavaLanguageVersion.of(17)
    }
}

configurations {
    compileOnly {
        extendsFrom annotationProcessor
    }
}

repositories {
    mavenCentral()
}

dependencies {
    implementation 'org.springframework.boot:spring-boot-starter-security'
    implementation 'org.springframework.boot:spring-boot-starter-thymeleaf'
    implementation 'org.springframework.boot:spring-boot-starter-web'
    implementation 'org.mybatis.spring.boot:mybatis-spring-boot-starter:3.0.3'
    implementation 'org.thymeleaf.extras:thymeleaf-extras-springsecurity6'

    runtimeOnly 'com.oracle.database.jdbc:ojdbc8'
    compileOnly 'org.projectlombok:lombok'
    developmentOnly 'org.springframework.boot:spring-boot-devtools'
    annotationProcessor 'org.projectlombok:lombok'
    testImplementation 'org.springframework.boot:spring-boot-starter-test'
    testImplementation 'org.mybatis.spring.boot:mybatis-spring-boot-starter-test:3.0.3'
    testImplementation 'org.springframework.security:spring-security-test'
    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
}

tasks.named('test') {
    useJUnitPlatform()
}
image

The request doesn't go to the controller and I don't know why. Please help!!

marcusdacoregio commented 4 weeks ago

Hi, @DongJu-Na , thanks for reaching out, and sorry you are having trouble.

The request doesn't go to the controller and I don't know why. Please help!!

The loginProcessingUrl changes the URL that the UsernamePasswordAuthenticationFilter will listen to process credentials. The reason the request does not reach the controller is probably because the filter has intercepted it before. If you want the request to reach your controller then you do not need to use formLogin() at all, you can just stick with your login page and your login processing endpoint.

That said, it feels like this is a question that would be better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements. Feel free to update this issue with a link to the re-posted question (so that other people can find it) or add more detail if you feel this is a genuine bug.

DongJu-Na commented 4 weeks ago

Problem solved! After learning more about formLogin, I realized I misunderstood it 😅