Security for RestApp using Spring Boot

I'm trying to build a RestApp that uses jdbc authentication and tokens, but somehow I can't get it to work.
Pages that need to be secured, are secured and the redirecting to the loginpage works, but when I enter the usercredentials nothing happens...
Any tips to point me towards the solution would be greatly appreciated...

This is my websecurity:

@Configuration @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter {    @Autowired    private @Qualifier("dataSource")    DataSource dataSource;    @Autowired    private ShaPasswordEncoder shaPasswordEncoder;    @Value("${spring.queries.users-query}")    private String usersQuery;    @Value("${spring.queries.roles-query}")    private String rolesQuery;    @Autowired    private LoginSucessHandler loginSucessHandler;    @Autowired    private SessionRegistry sessionRegistry;    @Autowired    private PersistentTokenRepository persistentTokenRepository;    @Override    protected void configure(AuthenticationManagerBuilder auth)            throws Exception {        auth.                jdbcAuthentication()                .usersByUsernameQuery(usersQuery)                .authoritiesByUsernameQuery(rolesQuery)                .dataSource(dataSource)                .passwordEncoder(shaPasswordEncoder);    }    @Override    protected void configure(HttpSecurity http) throws Exception {        http.                authorizeRequests()                .antMatchers("/").permitAll()                .antMatchers("/login").permitAll()                .antMatchers("/admin/**,/newStory/,/newTrip/").hasAuthority("ADMIN")                .antMatchers("/admin/**").hasAuthority("ADMIN")                .anyRequest().permitAll()                .and().csrf().disable()                .formLogin().loginPage("/login").failureUrl("/login?error=true")                .successHandler(loginSucessHandler)                .usernameParameter("username").passwordParameter("password").and()                .logout().invalidateHttpSession(true).deleteCookies("JSESSIONID")                .logoutRequestMatcher(new AntPathRequestMatcher("/logout"))                .logoutSuccessUrl("/login?logout").and().exceptionHandling()                .accessDeniedPage("/access-denied").and()                .csrf().and()                .rememberMe().rememberMeParameter("rememberMe").rememberMeCookieName("rememberMe")                .tokenRepository(persistentTokenRepository).tokenValiditySeconds(1296000).and()                .sessionManagement().maximumSessions(1).sessionRegistry(sessionRegistry);    }    @Override    public void configure(WebSecurity web) throws Exception {        web                .ignoring()                .antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");    } }

My webMvcConfig:

@Configuration public class WebMvcConfig extends WebMvcConfigurerAdapter { @Autowired private @Qualifier("dataSource") DataSource dataSource; @Bean public ShaPasswordEncoder passwordEncoder() { return new ShaPasswordEncoder(256); } @Bean public LoginSucessHandler loginSuccessHandler() { return new LoginSucessHandler(); } @Bean public PersistentTokenRepository persistentTokenRepository() { JdbcTokenRepositoryImpl tokenRepositoryImpl = new JdbcTokenRepositoryImpl(); tokenRepositoryImpl.setDataSource(dataSource); return tokenRepositoryImpl; } @Bean public SessionRegistry sessionRegistry() { return new SessionRegistryImpl(); } @Bean public ServletListenerRegistrationBean<HttpSessionEventPublisher> httpSessionEventPublisher() { return new ServletListenerRegistrationBean<HttpSessionEventPublisher>(new HttpSessionEventPublisher()); } }

My LoginSuccesHandler:

public class LoginSucessHandler extends SavedRequestAwareAuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, Authentication auth) throws IOException, ServletException { String defaultTargetUrl = "/users/" + auth.getName(); String[] ignoreUrl = { "signup", "logout", "error" }; RedirectStrategy redirectStrategy = new DefaultRedirectStrategy(); HttpSession session = request.getSession(); if (session != null) { String redirectUrl = (String) session.getAttribute("url_prior_login"); session.removeAttribute("url_prior_login"); if (ignoreUrl(redirectUrl, ignoreUrl)) { redirectStrategy.sendRedirect(request, response, redirectUrl); } else { redirectStrategy.sendRedirect(request, response, defaultTargetUrl); } } else { redirectStrategy.sendRedirect(request, response, defaultTargetUrl); } } private boolean ignoreUrl(String redirectUrl, String[] ignoreUrl) { if (redirectUrl != null) { for (int i = 0; i < ignoreUrl.length; i++) { if (redirectUrl.contains(ignoreUrl[i])) { return false; } } } else { return false; } return true; } }

My application.properties:

spring.mvc.view.prefix=/WEB-INF/jsp/ spring.mvc.view.suffix=.jsp spring.mvc.date-format=dd/mm/yyyy spring.datasource.url=jdbc:mysql://thor.intecbrussel.intra:3306/Pearl spring.datasource.username=Pearl spring.datasource.password=Pearl-123 spring.datasource.driver-class-name=com.mysql.jdbc.Driver spring.jpa.hibernate.naming.physical-strategy=org.hibernate.boot.model.naming.PhysicalNamingStrategyStandardImpl spring.jpa.hibernate.ddl-auto=update server.port=8090 spring.queries.users-query=select * from users where username=? spring.queries.roles-query=select * from users u inner join roles r on(u.id=r.userId) where u.username=? spring.http.multipart.max-file-size=1MB spring.http.multipart.max-request-size=1MB security.user.role=ADMIN security.user.password=W817Anneleen? security.user.name=Anneleen security.basic.path=/admin/**

Clientside:

@Component class WebSecurityConfig extends WebSecurityConfigurerAdapter {    @Override    protected void configure(HttpSecurity http) throws Exception {        http.                authorizeRequests()                .antMatchers("/").permitAll()                .antMatchers("/login").permitAll()                .antMatchers("/admin/**,/newStory/,/newTrip/").hasAuthority("ADMIN")                .antMatchers("/admin/**").hasAuthority("ADMIN")                .anyRequest().permitAll()                .and().formLogin()                .loginPage("/login").failureUrl("/login?error=true")                .failureForwardUrl("/loginError")                .defaultSuccessUrl("/")                .usernameParameter("username")                .passwordParameter("password")                .and().logout()                .logoutRequestMatcher(new AntPathRequestMatcher("logout"))                .logoutSuccessUrl("/").and().exceptionHandling()                .accessDeniedPage("/loginError");    }    @Override    public void configure(WebSecurity web) throws Exception {        web                .ignoring()                .antMatchers("/resources/**", "/static/**", "/css/**", "/js/**", "/images/**");    } }

Online I red that a lot of people use oauth to secure REST applications, but you have to register for the service?
I couldn't quite figger out how it works.

Any help would be great, Thanks

Apperently I forgot to put a method in my login.jsp, but now done so, I get a 404