Clever Geek Handbook

Spring AuthenticationFailureHandler and WebSecurityConfigurerAdapter loginPage ()

Edit: Solved. View my comment after this post

I am currently implementing a web application with Spring-Security. I have implemented a custom AuthenticationFailureHandler

one that checks if the user has tried to log in too often with the wrong credentials (and blocks it for server minutes). But normal failed logins should redirect the user to the login page with a parameter error ( /login?error

). This page displays an error message "The password you entered incorrectly"

AutenticationFailureHandler

looks like this (without uninteresting linse code)

public class CustomAuthenticationHandler implements AuthenticationFailureHandler {
// Some variables 

@Override
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception) throws IOException, ServletException {

// some logic here..

request.setAttribute("param", "error");
response.sendRedirect("/login?error");

}

My WebApplicationSecurity class looks like this:

@Configuration
@EnableWebMvcSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

@Autowired
CustomAuthenticationHandler customAuthenticationHandler;

@Override
protected void configure(HttpSecurity http) throws Exception {

    http.formLogin()
        .loginPage("/login")
        .permitAll()
        .failureHandler(customAuthenticationHandler)
        .and()
        .logout()
        .permitAll();

    http.authorizeRequests()
        .antMatchers("/css/**", "/img/**", "/js/**")
        .permitAll()
        .anyRequest()
        .authenticated();

    http
        .csrf()
        .disable();
}

@Bean
CustomAuthenticationHandler authenticationHandler() {
    return new CustomAuthenticationHandler();
}

@Configuration
protected static class AuthenticationConfiguration extends
        GlobalAuthenticationConfigurerAdapter {

    @Override
    public void init(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
            .withUser("*******")
            .password("*******")
            .roles("USER");
    }
}
}

Now the problem is what is being AuthenticationFailureHandler

redirected to /login?error

, but (I don't know why) another redirect is being done with /login

.

Can you help me solve my problem?

+3


source to share


1 answer


Well I solved it by adding "/ login **" to http.authorizeRequests().antMatchers("/css/**", "/img/**", "/js/**")



+3


source






More articles:


All Articles