0

I am using java config to apply spring security and i am able to apply security on particular urls but i want the default login page of spring security whenever anyone hits urls other than url which is not secured. Here is my code of SecurityConfig:

import javax.sql.DataSource;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.bind.annotation.RequestMethod;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter
{

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }

    @Override
     protected void configure(HttpSecurity http) throws Exception {
         http
            .authorizeRequests()
                .antMatchers("/myproject/userCont/user").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/myproject/login/form")
                .loginProcessingUrl("/login")
                .failureUrl("/login/form?error")
                .permitAll();
}

so when i hit /myproject/userCont/user with GET method it works correctly but when I hit the same url with POST method or other urls spring security do not shows default login page.

Can any one help me?

MS Ibrahim
  • 1,789
  • 1
  • 16
  • 28
Qasim
  • 9,058
  • 8
  • 36
  • 50

1 Answers1

0

doGet and doPost in Servlets

You should go through the above link to get a clear idea about GET and POST methods.

To remove spring security for /myproject/userCont/user url ur code should look like:

@Override
     protected void configure(HttpSecurity http) throws Exception {
         http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/myproject/login/form")
                .loginProcessingUrl("/login")
                .failureUrl("/login/form?error")
                .permitAll();
}

Further more, You should not convert your urls into POST method as this will change the entire behaviour of your web page.

When we are in xml file

Inside the configuration element, you can restrict access to particular URLs with one or more elements. Each element specifies a URL pattern and a set of access attributes required to access the URLs. Remember that you must always include a wildcard at the end of a URL pattern. Failing to do so will make the URL pattern unable to match a URL that has request parameters.

 <security:http auto-config="true" >  
 <security:intercept-url pattern="/index*" access="ROLE_USER" />
 <security:intercept-url pattern="/Transit*" access="ROLE_USER" />
 <security:form-login login-page="/login.htm" default-target-url="/index.htm"  
  authentication-failure-url="/loginerror.htm" />  
 <security:logout logout-success-url="/logout.htm" />
 </security:http>

When ever we are going to describe a url without any security, Then we should remove the particular url from the above lines of code under security configured xml file. for example if we dont need any security for index page then the above coding should look like this.

<security:http auto-config="true" >  
     <security:intercept-url pattern="/Transit*" access="ROLE_USER" />
     <security:form-login login-page="/login.htm" default-target-url="/index.htm"  
      authentication-failure-url="/loginerror.htm" />  
     <security:logout logout-success-url="/logout.htm" />
     </security:http>
Community
  • 1
  • 1
MS Ibrahim
  • 1,789
  • 1
  • 16
  • 28
  • @Qasim do u think that this answer is suitable for your question – MS Ibrahim May 14 '15 at 09:11
  • Thanks for replying @MS Ibrahim but this was not my question i want to allow or disallow urls via java config only as i am using spring boot and dont want to use security.xml file – Qasim May 14 '15 at 09:15