Spring-boot web security, I can not tell if you are authenticating or not [closed]

0

I'm trying to implement spring-boot web security on my webApp, but when I enter login and password, it's simply reloading the page, and I can not understand if it's authentication failure, or if it redirects to another page it does not is correct ... finally, follow the code;

pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>

    <groupId>br.com</groupId>
    <artifactId>webapplication</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <packaging>jar</packaging>

    <name>webapplication</name>
    <description>Demo project for Spring Boot</description>

    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.8.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <optional>true</optional>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>com.h2database</groupId>
            <artifactId>h2</artifactId>
            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>com.squareup.retrofit2</groupId>
            <artifactId>retrofit</artifactId>
            <version>2.1.0</version>
        </dependency>
        <dependency>
            <groupId>com.squareup.retrofit2</groupId>
            <artifactId>converter-gson</artifactId>
            <version>2.1.0</version>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
            <plugin>
                <groupId>org.jvnet.jaxb2.maven2</groupId>
                <artifactId>maven-jaxb2-plugin</artifactId>
                <version>0.12.3</version>
                <executions>
                    <execution>
                        <goals>
                            <goal>generate</goal>
                        </goals>
                    </execution>
                </executions>
                <configuration>
                    <schemaLanguage>WSDL</schemaLanguage>
                    <generatePackage>hello.wsdl</generatePackage>
                    <schemas>
                        <schema>
                            <url>http://www.webservicex.com/stockquote.asmx?WSDL</url>
                        </schema>
                    </schemas>
                </configuration>
            </plugin>

        </plugins>
    </build>


</project>

WebSecurityConfig.java

package br.com.webapplication.websecurity;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .csrf().disable()
                .authorizeRequests()
                .antMatchers("/styles/**", "/home").permitAll()
                .antMatchers("/**").hasAnyRole("USER")
                .anyRequest().authenticated()
                .and()
                .formLogin()
                .loginPage("/home")
                .successForwardUrl("/find-inventory")
                .failureForwardUrl("/inventory-overview")
                .permitAll()
                .and()
                .logout()
                .permitAll();


    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .inMemoryAuthentication()
                .withUser("user").password("password").roles("USER");
    }
}

Controller.java

package br.com.webapplication.controllers;

import br.com.webapplication.beans.Inventory;
import br.com.webapplication.beans.Product;
import br.com.webapplication.client.ApiClient;
import br.com.webapplication.client.ApiInterface;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import retrofit2.Call;

import java.io.IOException;
import java.text.DateFormat;
import java.text.ParseException;
import java.text.SimpleDateFormat;
import java.util.ArrayList;
import java.util.Date;
import java.util.List;

@Controller
public class InventoryController {

    ApiInterface service = ApiClient.getApiClient().create(ApiInterface.class);

    @RequestMapping("/home")
    ModelAndView loginPage(Model model) {
        return new ModelAndView("/views/login_page");
    }

    @PostMapping("/find-inventory")
    ModelAndView homePage(Model model) {
        return new ModelAndView("/views/find_inventory_page");
    }

    @RequestMapping("/inventory-overview")
    ModelAndView inventoryOverview(Model model, @RequestParam("store") String store, @RequestParam("date") String date) {
        List<Inventory> inventoryList = new ArrayList<Inventory>();
        Inventory inventory1 = new Inventory("000001","DESCRIÇÃO DO PRODUTO",10);
        Inventory inventory2 = new Inventory("000002","DESCRIÇÃO DO PRODUTO",20);
        Inventory inventory3 = new Inventory("000003","DESCRIÇÃO DO PRODUTO",30);
        Inventory inventory4 = new Inventory("000004","DESCRIÇÃO DO PRODUTO",40);
        Inventory inventory5 = new Inventory("000005","DESCRIÇÃO DO PRODUTO",50);
        Inventory inventory6 = new Inventory("000006","DESCRIÇÃO DO PRODUTO",60);
        Inventory inventory7 = new Inventory("000007","DESCRIÇÃO DO PRODUTO",70);
        Inventory inventory8 = new Inventory("000008","DESCRIÇÃO DO PRODUTO",80);
        Inventory inventory9 = new Inventory("000009","DESCRIÇÃO DO PRODUTO",90);
        Inventory inventory10 = new Inventory("000010","DESCRIÇÃO DO PRODUTO",100);
        Inventory inventory11 = new Inventory("000011","DESCRIÇÃO DO PRODUTO",110);
        Inventory inventory12 = new Inventory("000012","DESCRIÇÃO DO PRODUTO",120);
        Inventory inventory13 = new Inventory("000013","DESCRIÇÃO DO PRODUTO",130);
        Inventory inventory14 = new Inventory("000014","DESCRIÇÃO DO PRODUTO",140);
        Inventory inventory15 = new Inventory("000015","DESCRIÇÃO DO PRODUTO",150);
        Inventory inventory16 = new Inventory("000016","DESCRIÇÃO DO PRODUTO",160);
        Inventory inventory17 = new Inventory("000017","DESCRIÇÃO DO PRODUTO",170);
        Inventory inventory18 = new Inventory("000018","DESCRIÇÃO DO PRODUTO",180);
        Inventory inventory19 = new Inventory("000019","DESCRIÇÃO DO PRODUTO",190);
        Inventory inventory20 = new Inventory("000020","DESCRIÇÃO DO PRODUTO",200);
        inventoryList.add(inventory1);
        inventoryList.add(inventory2);
        inventoryList.add(inventory3);
        inventoryList.add(inventory4);
        inventoryList.add(inventory5);
        inventoryList.add(inventory6);
        inventoryList.add(inventory7);
        inventoryList.add(inventory8);
        inventoryList.add(inventory9);
        inventoryList.add(inventory10);
        inventoryList.add(inventory11);
        inventoryList.add(inventory12);
        inventoryList.add(inventory13);
        inventoryList.add(inventory14);
        inventoryList.add(inventory15);
        inventoryList.add(inventory16);
        inventoryList.add(inventory17);
        inventoryList.add(inventory18);
        inventoryList.add(inventory19);
        inventoryList.add(inventory20);
        Integer total = 0;
        for(Inventory inventory: inventoryList){
            total += inventory.getQuantidade();
        }
        model.addAttribute("store", store);
        model.addAttribute("date", date);
        model.addAttribute("total", total);
        model.addAttribute("inventoryList", inventoryList);
        return new ModelAndView("/views/inventory_overview_page");
    }

}

login_page.html

<!DOCTYPE HTML>
<html xmlns:th="http://www.thymeleaf.org">
    <head>
        <title>Inventário Lojas</title>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
        <meta name="viewport" content="width=device-width, user-scalable=no"/>
        <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta/css/bootstrap.min.css"
              integrity="sha384-/Y6pD6FV/Vv2HJnA6t+vslU6fwYXjCFtcEpHbNJ0lyAFsXTsjBbfaDjzALeQsN6M"
              crossorigin="anonymous"/>
        <link rel="stylesheet/less" type="text/css" href="styles/general.less"/>
        <link rel="stylesheet/less" type="text/css" href="styles/login_page.less"/>
        <link rel="stylesheet" href="//code.jquery.com/ui/1.12.1/themes/base/jquery-ui.css"/>
        <script src="https://cdnjs.cloudflare.com/ajax/libs/less.js/2.7.2/less.min.js"type="text/javascript"/>
        <script src="https://code.jquery.com/jquery-1.12.4.js"></script><scriptsrc="https://code.jquery.com/ui/1.12.1/jquery-ui.js"></script>
    </head>
    <body>
        <form th:action="@{/find-inventory}" method="post">
            <div class="container-fluid">
                <div class="header">
                    <div th:replace="fragments/top_bar :: header"></div>
                </div>
                <div class="headerContent">
                    <div class="loginForm">
                        <div class="image">
                            <img src="images/grupo_avenida_logo.png"/>
                        </div>
                        <div class="loginForm">
                            <div class="data_input">
                                <label>Usuário:</label>
                                <input type="text" name="username"/>
                                <label>Senha:</label>
                                <input type="password" name="password"/>
                            </div>
                            <div class="buttons">
                                <div class="button">
                                    <button type="submit">Entrar</button>
                                </div>
                            </div>
                        </div>
                    </div>
                </div>
            </div>
        </form>
    </body>
</html>

Since I'm trying to "validate" authentication if it happens, I want it redirected to / find-inventory. But if authentication is not done, redirect to "/ inventory-overview".

    
asked by anonymous 17.11.2017 / 13:11

1 answer

1

What was wrong was that the login_page form was not with th:action to "/login" ...

    
17.11.2017 / 14:19