Can not understand why I can't login?

I have tried the password and users but cannot login
package config; import org.springframework.context.annotation.Configuration;   import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;   import org.springframework.security.config.annotation.web.builders.HttpSecurity;   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;   @Configuration   public class WebConfigur extends WebSecurityConfigurerAdapter {      @Override    protected void configure(HttpSecurity http) throws Exception {        http.formLogin();        http.authorizeRequests()                .antMatchers("/devs/*").hasAnyRole("boss", "dev")                .antMatchers("/boss/*").hasRole("boss")                .antMatchers("/").permitAll();    }    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth            .inMemoryAuthentication()            .withUser("emma")                .password("emma")                .roles("boss", "dev")            .and().withUser("chris")                .password("chris")                .roles("dev");    } }

//HelloController
package com.web.webapp.controller; import org.springframework.web.bind.annotation.RestController; import org.springframework.web.bind.annotation.RequestMapping; @RestController public class HelloController { @RequestMapping("/") public String index() { return "index"; } @RequestMapping("/blog") public String home() { return "blog"; } @RequestMapping("/persons") public String hello() { return "persons"; } }

<!DOCTYPE html> <html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta name="viewport" content="width=device-width, initial-scale=1" /> <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> <meta name="description" content=""> <meta name="author" content=""> <link rel="icon" href="../../favicon.ico" /> <title>Navbar Template for Bootstrap</title> <!-- Bootstrap core CSS --> <link href="../static/greet.css" rel="stylesheet" th:href="@{/greet.css}" /> </head> <body> <div class="container"> <!-- Static navbar --> <nav class="navbar navbar-default"> <div class="container-fluid"> <div class="navbar-header"> <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar" aria-expanded="false" aria-controls="navbar"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="#" th:text="${username}">Project name</a> </div> <div id="navbar" class="navbar-collapse collapse"> <ul class="nav navbar-nav"> <li><a th:href="@{index}">Index</a></li> <li><a th:href="@{blog}">blog</a></li> <li><a th:href="@{persons}">Persons</a></li> </ul> </li> </ul> <ul class="nav navbar-nav navbar-right"> <li class="active"><a href="./">Default <span class="sr-only">(current)</span></a></li> </ul> </div> <!--/.nav-collapse --> </div> <!--/.container-fluid --> </nav> <!-- Main component for a primary marketing message or call to action --> <div class="jumbotron"> <!--Usage of models we wrote in WepAppController th:text="'Welcome to basic Bootstrap with Spring Boot created by ' + ${username} --> </div> </div> <!-- /container --> <div class ="titeln"><h2>The godfather</h2></div> <div class = "p"> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec ultrices ligula ex, id lacinia dui consequat elementum. Nullam eu odio facilisis, aliquam sapien id, congue dui. Vivamus commodo lectus lorem, vel accumsan sem interdum vel. Sed scelerisque facilisis sem dictum euismod. In sed nibh imperdiet erat vehicula tincidunt nec eget dui. Integer blandit consectetur lorem consectetur finibus. Mauris interdum velit vel gravida congue. In vitae metus eget est dapibus tincidunt. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec non rhoncus quam, eget bibendum diam. Ut dapibus est eu erat hendrerit, in varius tellus condimentum. Vivamus suscipit tincidunt nibh, elementum tincidunt nunc malesuada et. Aliquam at dolor suscipit, aliquam enim in, vestibulum nunc. Nunc vehicula, dolor id malesuada laoreet, risus ante sagittis tellus, quis fermentum dolor diam id massa. Aenean accumsan tellus et est elementum, eu tincidunt sem imperdiet. Praesent ornare est quis nunc feugiat gravida.</p> </div> <div class = "p1"> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec ultrices ligula ex, id lacinia dui consequat elementum. Nullam eu odio facilisis, aliquam sapien id, congue dui. Vivamus commodo lectus lorem, vel accumsan sem interdum vel. Sed scelerisque facilisis sem dictum euismod. In sed nibh imperdiet erat vehicula tincidunt nec eget dui. Integer blandit consectetur lorem consectetur finibus. Mauris interdum velit vel gravida congue. In vitae metus eget est dapibus tincidunt. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec non rhoncus quam, eget bibendum diam. Ut dapibus est eu erat hendrerit, in varius tellus condimentum. Vivamus suscipit tincidunt nibh, elementum tincidunt nunc malesuada et. Aliquam at dolor suscipit, aliquam enim in, vestibulum nunc. Nunc vehicula, dolor id malesuada laoreet, risus ante sagittis tellus, quis fermentum dolor diam id massa. Aenean accumsan tellus et est elementum, eu tincidunt sem imperdiet. Praesent ornare est quis nunc feugiat gravida.</p> </div> <div class = "p2"> <p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec ultrices ligula ex, id lacinia dui consequat elementum. Nullam eu odio facilisis, aliquam sapien id, congue dui. Vivamus commodo lectus lorem, vel accumsan sem interdum vel. Sed scelerisque facilisis sem dictum euismod. In sed nibh imperdiet erat vehicula tincidunt nec eget dui. Integer blandit consectetur lorem consectetur finibus. Mauris interdum velit vel gravida congue. In vitae metus eget est dapibus tincidunt. Lorem ipsum dolor sit amet, consectetur adipiscing elit. Donec non rhoncus quam, eget bibendum diam. Ut dapibus est eu erat hendrerit, in varius tellus condimentum. Vivamus suscipit tincidunt nibh, elementum tincidunt nunc malesuada et. Aliquam at dolor suscipit, aliquam enim in, vestibulum nunc. Nunc vehicula, dolor id malesuada laoreet, risus ante sagittis tellus, quis fermentum dolor diam id massa. Aenean accumsan tellus et est elementum, eu tincidunt sem imperdiet. Praesent ornare est quis nunc feugiat gravida.</p> </div> </body> </html>

What URL are you browsing to. What happens when you do that? What were you expecting to happen?

I go from http://localhost:8080/login to http://localhost:8080/login?error when I type in the user name emma and password emma.
I want to go to http://localhost:8080/index

The password() method should take an encoded password, not a plain password.

When adding encryption:
   @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {        auth            .inMemoryAuthentication()            .withUser("emma")                .password("emma")                .roles("boss", "dev")            .and().withUser("chris")                .password("chris")                .roles("dev");                .passwordEncoder(new BCryptPasswordEncoder();    } }

Multiple markers at this line
- Syntax error on token ".", delete this token
- Syntax error, insert ")" to complete Expression
- The method passwordEncoder(BCryptPasswordEncoder) is undefined for the type
WebConfigur


Uploaded my code to github  if it makes it easier to see the problem.

github

Look at the end of line 10.

Well, your latest problem is caused by the fact that you didn't write valid Java code: You didn't using a closing parenthesis for the passwordEncoder() method.

However, calling passwordEncoder() won't fix your original problem.

This issue is caused by Spring 5 using a default password encoder, whereas Spring 4 just stored passwords as plaintext by default. The password() method expects you to pass it a password in encoded form, not in plaintext form. So what you need to do is get the encoder that Spring is already using, and use it to encode the password that you pass to the password() method.

Try this:
var passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder(); auth  .inMemoryAuthentication()    .withUser("emma")      .password(passwordEncoder.encode("emma"))      .roles("boss", "dev")    .and().withUser("chris")      .password(passwordEncoder.encode("chris"))      .roles("dev");

Thank you for the explanation and  I made the change you told me to and did not get any visible error but when I started the project I got this error trace:
Failed to execute goal org.apache.maven.plugins:maven-compiler-plugin:3.8.1:compile (default-compile) on project webapp: Compilation failure
[ERROR] /Users//Downloads/webapp/src/main/java/config/WebConfigur.java:[24,9] cannot find symbol
[ERROR]   symbol:   class var
[ERROR]   location: class config.WebConfigur
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException

var is a special identifier that was added in Java 10. If your compiler reports that it can't find the symbol var, it means that you're on an older Java version. The solution is to use the formal type name instead of the identifier var.

Replace var with PasswordEncoder.

Alright I understand and It is fixed. This is the code:

package config; import org.springframework.context.annotation.Configuration;   import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;   import org.springframework.security.config.annotation.web.builders.HttpSecurity;   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder;   @Configuration   public class WebConfigur extends WebSecurityConfigurerAdapter {      @Override    protected void configure(HttpSecurity http) throws Exception {        http.formLogin();        http.authorizeRequests()                .antMatchers("/devs/*").hasAnyRole("boss", "dev")                .antMatchers("/boss/*").hasRole("boss")                .antMatchers("/").permitAll();    }    @Override    protected void configure(AuthenticationManagerBuilder auth) throws Exception {     PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();         auth      .inMemoryAuthentication()        .withUser("emma")          .password(passwordEncoder.encode("emma"))          .roles("boss", "dev")        .and().withUser("chris")          .password(passwordEncoder.encode("chris"))          .roles("dev");    } }

Shouldn't I be authorized to login when typing emma for password and user? It does not work

Hi Martin,
So, when you log on as emma , you got a 403 Forbidden error?
Is your method or class annotated with either @Secured(ROLE_BOSS) or @Secured (ROLE_DEV) ?
But putting this annotation, it means the class or method can only permit BOSS or DEV to access.

I get to the spring default login form and i can only login with the generated password. Do I have to create a login html file too or can the default password be replaced without creating a login form.

I go from http://localhost:8080/login to http://localhost:8080/login?error when I type in the user name emma and password emma.
I want to go to http://localhost:8080/index

Hi Martin,
You may want to have a controller like this:

@Controller public class HomeController{  @GettMapping("/index")   public String index(){      return "index";   } }

Thank you Himai. It is changed.

martin codey wrote:I get to the spring default login form and i can only login with the generated password.

What generated password are you referring to? Why is that a problem? What do you want instead?