Mobile versionWenn ich Debug in application.properties aktiviere, wird der folgende Text kontinuierlich gedruckt
Code: Select all
2025-11-14T22:15:24.172+01:00 DEBUG 15420 --- [app] [io-8080-exec-10] o.s.s.a.dao.DaoAuthenticationProvider : Failed to find user 'mike'
2025-11-14T22:15:24.173+01:00 DEBUG 15420 --- [app] [io-8080-exec-10] o.s.s.authentication.ProviderManager : Authentication failed with provider DaoAuthenticationProvider since Bad credentials
Hier ist meine Sicherheitskonfiguration
Code: Select all
package com.labo.app.security;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
import com.labo.app.service.MyUserDetailService;
@Configuration
public class SecurityConfig {
private final MyUserDetailService myUserDetailService;
public SecurityConfig(MyUserDetailService myUserDetailService) {
this.myUserDetailService = myUserDetailService;
}
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
httpSecurity
.csrf(csrf -> csrf
.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
.ignoringRequestMatchers("/logout") // Disable CSRF for logout
)
.authorizeHttpRequests(authorize -> {
authorize.requestMatchers("/css/**", "/js/**", "/images/**").permitAll();
authorize.requestMatchers("/login", "/error/**", "/logout", "/", "/home", "/test-db").permitAll();
authorize.requestMatchers("/admin/**").hasRole("ADMIN");
authorize.requestMatchers("/user/**").hasRole("USER");
authorize.anyRequest().authenticated();
})
.formLogin(formLogin -> formLogin
.loginPage("/login")
.loginProcessingUrl("/login")
.defaultSuccessUrl("/", true) // Make sure this matches your form action
.failureUrl("/login?error") // This should trigger on failure
.permitAll()
)
.logout(logout -> logout
.logoutRequestMatcher(request -> "/logout".equals(request.getRequestURI()) && "GET".equalsIgnoreCase(request.getMethod())) // Allow GET for logout
.logoutSuccessUrl("/login?logout")
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll()
)
.exceptionHandling(exceptions -> exceptions
.authenticationEntryPoint(new LoginUrlAuthenticationEntryPoint("/login"))
)
.sessionManagement(session -> session
.maximumSessions(1)
.expiredUrl("/login?expired=true")
);
return httpSecurity.build();
}
@Bean
public UserDetailsService userDetailService() {
return myUserDetailService;
}
@Bean
public AuthenticationManager authenticationManager(HttpSecurity http) throws Exception {
AuthenticationManagerBuilder authenticationManagerBuilder =
http.getSharedObject(AuthenticationManagerBuilder.class);
authenticationManagerBuilder
.userDetailsService(myUserDetailService)
.passwordEncoder(bCryptPasswordEncoder());
return authenticationManagerBuilder.build();
}
@Bean
public BCryptPasswordEncoder bCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
}
Code: Select all
@GetMapping("/login")
public String loginPage(@RequestParam(value = "error", required = false) String error,
@RequestParam(value = "logout", required = false) String logout,
Model model) {
if (error != null) {
model.addAttribute("error", "Invalid username and password!");
}
if (logout != null) {
model.addAttribute("message", "You have been logged out successfully.");
}
return "login";
}
Code: Select all
Login Page
[url=/]Home[/url] |
[url=/login]Login[/url]
Login
[b]Error:[/b]
Username:
Password:
Login
alert("[[${error}]]"); // Thymeleaf inline expression
