ErrorController while using WebSecurityConfigurerAdapter

Question

I have this class where I am trying to configure WebSecurityConfigurerAdapter. This code gives me permission to / , /home and /signup without needing to get authenticated. My question is how to implement ErrorController while using HttpSecurity Bacially if I get the This application has no explicit mapping for /error i dont want spring boot to prompt the login page first then to display the ErrorController. I want just to execetue ErrorController

public class WebConfigAdapter extends WebSecurityConfigurerAdapter {


    @Bean
    public BCryptPasswordEncoder bCryptPasswordEncoder(){

        return new BCryptPasswordEncoder();
    }

    @Override
    public void configure(HttpSecurity httpSecurity) throws Exception {

        httpSecurity.authorizeRequests()
                .antMatchers("/","/home","/signup").permitAll()
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                .permitAll();

        httpSecurity.csrf().disable();

    }
}

My ErrorController

@Controller
public class ErrorControllerH implements ErrorController {


    @Override
    @RequestMapping("/error")
    public String getErrorPath() {
        return "redirect:/";
    }
}

It may not be possible as any such endpoint first will interpreted by spring security (because you have provided to validate anyRequest except `/`, `/home` and `/signup`). If you have very few pages which needs security then you may define the authentication for those only and allowing others. — code_mechanic, Apr 06 '21 at 09:03

score 0 · Answer 1 · answered Apr 07 '21 at 00:17

0

What did you do by using antmatchers().permitall? You could imagine as a whitelist so everybody can access declared paths of your endpoint without getting in touch with Spring Security. So any user cann access this paths without authentication.

.antMatchers("/","/home","/signup", "/error").permitAll()

should trigger your ErrorController without getting HTTP status code 401 unauthorized. I try this out with @RestController and it works fine...

answered Apr 07 '21 at 00:17

E.Y.309

33
5

I have tried that , i know i can trigger my ErrorController when i enter /error in the url. The point is to trigger ErrorController when there is no mapping for a specific url that user will enter. – Thymeleaf Apr 07 '21 at 09:48
I hope this one can help you: https://stackoverflow.com/questions/25356781/spring-boot-remove-whitelabel-error-page Otherwise I dont know or don't understand what you mean. – E.Y.309 Apr 07 '21 at 18:37

ErrorController while using WebSecurityConfigurerAdapter

1 Answers1