i've created a simple login with spring boot and spring security and i'm having a few issues with the fact that if a user logs in it works fine but if the user goes to the same login page again he isn't redirected to the home page and the session exists:( how should i deal with this? do i need to specific the form login page in security config?
Security Config Class:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/showReg", "/", "/registerUser","/login")
.permitAll().antMatchers("/displayUpload","home.html").hasRole("USER").anyRequest().authenticated();
}
@Bean(name = BeanIds.AUTHENTICATION_MANAGER)
@Override
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
Login POST Controller:
@RequestMapping(value = "/login", method = RequestMethod.POST)
public String login(@RequestParam("email") String email, @RequestParam("password") String password, Model model) {
try {
boolean loginResponse = securityService.login(email, password);
if (loginResponse) {
User user = userRepository.findByEmail(email);
return "home";
} else {
model.addAttribute("msg", "Invalid username or password.Please try again!");
}
} catch (Exception e) {
model.addAttribute("msg", "Invalid username or password.Please try again!");
e.printStackTrace();
}
return "login";
}
@RequestMapping(value = "/", method = RequestMethod.GET)
public String getLogin() {
return "login";
}
Comments
Post a Comment