1

So I am trying to route spring security to my login page using the following config. It did try to route to /login, however I got that error page not found.

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
            .antMatchers("/login").permitAll()
            .anyRequest()
            .authenticated()
            .and()
            .httpBasic()
            .and().formLogin().loginPage("/login");
    }
}

To make sure that the server always serves index.html to display the angular pages, I did the following config:

@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
    registry.addResourceHandler("/**/*.css", "/**/*.html", "/**/*.js")
            .addResourceLocations("classpath:/static/");
    registry.addResourceHandler("/", "/**")
            .addResourceLocations("classpath:/static/index.html")
            .resourceChain(true)
            .addResolver(new PathResourceResolver() {
                @Override
                protected Resource getResource(String resourcePath, Resource location) throws IOException {
                    if (resourcePath.startsWith("/api") || resourcePath.startsWith("/api".substring(1))) {
                        return null;
                    }

                    return location.exists() && location.isReadable() ? location : null;
                }
            });;
}

This time around, the server didn't route to login page. Instead, it pops up a default dialog to input user/password.

iPhoneJavaDev
  • 821
  • 5
  • 33
  • 78

1 Answers1

0

Where do You want from user to provide his credentials login page or index.html?

If you are requesting any page spring will check if he has right to give such resource if not then spring security will redirect the user to authorization point (login page).

In your case, when you requesting index.html then spring checks if you have rights to open such page (you don't - bad configuration) then spring ask you user/password (basic authentification).

To change it: 1. Permit index.html to all users and there by using angular etc. create login form which send credentials through api to server (I'm suggesting OAUTH2 flow here). 2. Remove httpBasic() and implement your own login page then spring redirect you to login

Andrew Sasha
  • 1,254
  • 1
  • 11
  • 21
  • I did change and it's now routing to localhost:8080/login. However, it's not loading css files got error on mime type text/html. – iPhoneJavaDev Feb 28 '19 at 23:44
  • It should help about static resources https://stackoverflow.com/questions/24916894/serving-static-web-resources-in-spring-boot-spring-security-application – Andrew Sasha Mar 01 '19 at 13:11