Forum:

Spring

Can not understand why I can't login?

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

I have tried the password and users but cannot login

package config;

import org.springframework.context.annotation.Configuration;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
@Configuration  
public class WebConfigur extends WebSecurityConfigurerAdapter {

@Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin();

http.authorizeRequests()
                .antMatchers("/devs/*").hasAnyRole("boss", "dev")
                .antMatchers("/boss/*").hasRole("boss")
                .antMatchers("/").permitAll();
    }

@Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
            .withUser("emma")
                .password("emma")
                .roles("boss", "dev")
            .and().withUser("chris")
                .password("chris")
                .roles("dev");
    }
}

//HelloController

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml"
	xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1" />

<meta name="description" content="">
<meta name="author" content="">
<link rel="icon" href="../../favicon.ico" />

<title>Navbar Template for Bootstrap</title>

<link href="../static/greet.css" rel="stylesheet"
	th:href="@{/greet.css}" />
</head>
<body>
	<div class="container">
		
		<nav class="navbar navbar-default">
			<div class="container-fluid">
				<div class="navbar-header">
					<button type="button" class="navbar-toggle collapsed"
						data-toggle="collapse" data-target="#navbar" aria-expanded="false"
						aria-controls="navbar">
						<span class="sr-only">Toggle navigation</span> <span
							class="icon-bar"></span> <span class="icon-bar"></span> <span
							class="icon-bar"></span>
					</button>
					<a class="navbar-brand" href="#" th:text="${username}">Project
						name</a>
				</div>
				<div id="navbar" class="navbar-collapse collapse">
					<ul class="nav navbar-nav">
				<li><a th:href="@{index}">Index</a></li>
						<li><a th:href="@{blog}">blog</a></li>
							<li><a th:href="@{persons}">Persons</a></li>

</ul>
					</li>
					</ul>
					<ul class="nav navbar-nav navbar-right">
						<li class="active"><a href="./">Default <span
								class="sr-only">(current)</span></a></li>
					</ul>
				
				</div>
				
			</div>
			
		</nav>
		
		<div class="jumbotron">

</div>
	</div>
	
	<div class ="titeln"><h2>The godfather</h2></div>
	<div class = "p">
	<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit.
						Donec ultrices ligula ex, id lacinia dui consequat elementum.
						Nullam eu odio facilisis, aliquam sapien id, congue dui. Vivamus
						commodo lectus lorem, vel accumsan sem interdum vel. Sed
						scelerisque facilisis sem dictum euismod. In sed nibh imperdiet
						erat vehicula tincidunt nec eget dui. Integer blandit consectetur
						lorem consectetur finibus. Mauris interdum velit vel gravida
						congue. In vitae metus eget est dapibus tincidunt. Lorem ipsum
						dolor sit amet, consectetur adipiscing elit. Donec non rhoncus
						quam, eget bibendum diam. Ut dapibus est eu erat hendrerit, in
						varius tellus condimentum. Vivamus suscipit tincidunt nibh,
						elementum tincidunt nunc malesuada et. Aliquam at dolor suscipit,
						aliquam enim in, vestibulum nunc. Nunc vehicula, dolor id
						malesuada laoreet, risus ante sagittis tellus, quis fermentum
						dolor diam id massa. Aenean accumsan tellus et est elementum, eu
						tincidunt sem imperdiet. Praesent ornare est quis nunc feugiat
						gravida.</p>
						</div>
						<div class = "p1">
	<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit.
						Donec ultrices ligula ex, id lacinia dui consequat elementum.
						Nullam eu odio facilisis, aliquam sapien id, congue dui. Vivamus
						commodo lectus lorem, vel accumsan sem interdum vel. Sed
						scelerisque facilisis sem dictum euismod. In sed nibh imperdiet
						erat vehicula tincidunt nec eget dui. Integer blandit consectetur
						lorem consectetur finibus. Mauris interdum velit vel gravida
						congue. In vitae metus eget est dapibus tincidunt. Lorem ipsum
						dolor sit amet, consectetur adipiscing elit. Donec non rhoncus
						quam, eget bibendum diam. Ut dapibus est eu erat hendrerit, in
						varius tellus condimentum. Vivamus suscipit tincidunt nibh,
						elementum tincidunt nunc malesuada et. Aliquam at dolor suscipit,
						aliquam enim in, vestibulum nunc. Nunc vehicula, dolor id
						malesuada laoreet, risus ante sagittis tellus, quis fermentum
						dolor diam id massa. Aenean accumsan tellus et est elementum, eu
						tincidunt sem imperdiet. Praesent ornare est quis nunc feugiat
						gravida.</p>
						</div>
						<div class = "p2">
	<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit.
						Donec ultrices ligula ex, id lacinia dui consequat elementum.
						Nullam eu odio facilisis, aliquam sapien id, congue dui. Vivamus
						commodo lectus lorem, vel accumsan sem interdum vel. Sed
						scelerisque facilisis sem dictum euismod. In sed nibh imperdiet
						erat vehicula tincidunt nec eget dui. Integer blandit consectetur
						lorem consectetur finibus. Mauris interdum velit vel gravida
						congue. In vitae metus eget est dapibus tincidunt. Lorem ipsum
						dolor sit amet, consectetur adipiscing elit. Donec non rhoncus
						quam, eget bibendum diam. Ut dapibus est eu erat hendrerit, in
						varius tellus condimentum. Vivamus suscipit tincidunt nibh,
						elementum tincidunt nunc malesuada et. Aliquam at dolor suscipit,
						aliquam enim in, vestibulum nunc. Nunc vehicula, dolor id
						malesuada laoreet, risus ante sagittis tellus, quis fermentum
						dolor diam id massa. Aenean accumsan tellus et est elementum, eu
						tincidunt sem imperdiet. Praesent ornare est quis nunc feugiat
						gravida.</p>
						</div>
</body>
</html>

Ska-rmavbild-2020-07-23-kl.-01.05.19.png

Stephan van Hulst

Saloon Keeper

Posts: 14692

330

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

What URL are you browsing to. What happens when you do that? What were you expecting to happen?

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

I go from http://localhost:8080/login to http://localhost:8080/login?error when I type in the user name emma and password emma.
I want to go to http://localhost:8080/index

Stephan van Hulst

Saloon Keeper

Posts: 14692

330

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

The password() method should take an encoded password, not a plain password.

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

When adding encryption:

Multiple markers at this line
- Syntax error on token ".", delete this token
- Syntax error, insert ")" to complete Expression
- The method passwordEncoder(BCryptPasswordEncoder) is undefined for the type
WebConfigur

Uploaded my code to github if it makes it easier to see the problem.

github

Dave Tolls

Rancher

Posts: 4801

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Look at the end of line 10.

Stephan van Hulst

Saloon Keeper

Posts: 14692

330

posted 2 years ago

1
Number of slices to send:

Optional 'thank-you' note:

Send

Well, your latest problem is caused by the fact that you didn't write valid Java code: You didn't using a closing parenthesis for the passwordEncoder() method.

However, calling passwordEncoder() won't fix your original problem.

This issue is caused by Spring 5 using a default password encoder, whereas Spring 4 just stored passwords as plaintext by default. The password() method expects you to pass it a password in encoded form, not in plaintext form. So what you need to do is get the encoder that Spring is already using, and use it to encode the password that you pass to the password() method.

Try this:

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Thank you for the explanation and I made the change you told me to and did not get any visible error but when I started the project I got this error trace:
Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project webapp: Compilation failure
[ERROR] /Users//Downloads/webapp/src/main/java/config/WebConfigur.java:[24,9] cannot find symbol
[ERROR] symbol: class var
[ERROR] location: class config.WebConfigur
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

Stephan van Hulst

Saloon Keeper

Posts: 14692

330

posted 2 years ago

1
Number of slices to send:

Optional 'thank-you' note:

Send

var is a special identifier that was added in Java 10. If your compiler reports that it can't find the symbol var, it means that you're on an older Java version. The solution is to use the formal type name instead of the identifier var.

Replace var with PasswordEncoder.

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Alright I understand and It is fixed. This is the code:

package config;
 
import org.springframework.context.annotation.Configuration;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;  
@Configuration  
public class WebConfigur extends WebSecurityConfigurerAdapter {  
 
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.formLogin();
 
        http.authorizeRequests()
                .antMatchers("/devs/*").hasAnyRole("boss", "dev")
                .antMatchers("/boss/*").hasRole("boss")
                .antMatchers("/").permitAll();
    }
 
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    	PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
    	 
    	auth
    	  .inMemoryAuthentication()
    	    .withUser("emma")
    	      .password(passwordEncoder.encode("emma"))
    	      .roles("boss", "dev")
    	    .and().withUser("chris")
    	      .password(passwordEncoder.encode("chris"))
    	      .roles("dev");
    }
}

Shouldn't I be authorized to login when typing emma for password and user? It does not work

Himai Minh

Bartender

Posts: 2266

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Hi Martin,
So, when you log on as emma , you got a 403 Forbidden error?
Is your method or class annotated with either @Secured(ROLE_BOSS) or @Secured (ROLE_DEV) ?
But putting this annotation, it means the class or method can only permit BOSS or DEV to access.

Stephan van Hulst

Saloon Keeper

Posts: 14692

330

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Stephan van Hulst wrote:What URL are you browsing to. What happens when you do that? What were you expecting to happen?

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

I get to the spring default login form and i can only login with the generated password. Do I have to create a login html file too or can the default password be replaced without creating a login form.

I go from http://localhost:8080/login to http://localhost:8080/login?error when I type in the user name emma and password emma.
I want to go to http://localhost:8080/index

Himai Minh

Bartender

Posts: 2266

posted 2 years ago

1
Number of slices to send:

Optional 'thank-you' note:

Send

Hi Martin,
You may want to have a controller like this:

martin codey

Ranch Hand

Posts: 90

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

Thank you Himai. It is changed.

Stephan van Hulst

Saloon Keeper

Posts: 14692

330

posted 2 years ago

Number of slices to send:

Optional 'thank-you' note:

Send

martin codey wrote:I get to the spring default login form and i can only login with the generated password.

What generated password are you referring to? Why is that a problem? What do you want instead?

Consider Paul's rocket mass heater.