Spring Boot Oauth Custom Login Form

1
votes

I followed the spring tutorial "SSO with OAuth2: Angular JS and Spring Security Part V".

I converted the "authserver"-project from maven to gradle after that the custom login form doesn't work anymore.

Are the wro tasks in the pom.xml needed for the login form to work?

I also tried this tutorial but it didn't work in my scenario either: http://docs.spring.io/spring-security/site/docs/3.2.x/guides/form.html

I hope that you can help me.

Logfile:

2016-05-18 11:14:53.667 DEBUG 22312 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /login at position 5 of 14 in additional filter chain; firing Filter: 'LogoutFilter' 2016-05-18 11:14:53.667 DEBUG 22312 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /logout 2016-05-18 11:14:53.667 DEBUG 22312 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /login at position 6 of 14 in additional filter chain; firing Filter: 'UsernamePasswordAuthenticationFilter' 2016-05-18 11:14:53.667 DEBUG 22312 --- [nio-9999-exec-9] o.s.s.w.u.matcher.AntPathRequestMatcher : Request 'GET /login' doesn't match 'POST /login 2016-05-18 11:14:53.667 DEBUG 22312 --- [nio-9999-exec-9] o.s.security.web.FilterChainProxy : /login at position 7 of 14 in additional filter chain; firing Filter: 'DefaultLoginPageGeneratingFilter' 2016-05-18 11:14:53.667 DEBUG 22312 --- [nio-9999-exec-9] w.c.HttpSessionSecurityContextRepository : SecurityContext is empty or contents are anonymous - context will not be stored in HttpSession.

Code in the OAuth2ServerConfiguration: 

   @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin().loginPage("/login").permitAll()
            .and().requestMatchers()
                .antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access")
            .and().authorizeRequests()
                .anyRequest().authenticated();
    }

MainAuthserverApplication.java: @ComponentScan @SessionAttributes("authorizationRequest") @EnableAutoConfiguration() @EnableConfigurationProperties({AuthProperties.class}) public class MainAuthserverApplication extends WebMvcConfigurerAdapter {

@Override
public void addViewControllers(ViewControllerRegistry registry) {
    registry.addViewController("/login").setViewName("login");
    registry.setOrder(Ordered.HIGHEST_PRECEDENCE);
    registry.addViewController("/oauth/confirm_access").setViewName("authorize");
}
1
springsecurityloginspring-bootoauth2

1 Answers

0
votes

I already fixed the problem myself:

It seems that these two methods have to be in the same class: 

@Configuration
@Order(-20)
protected static class LoginConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationManager authenticationManager;

    @Override
    protected void configure(HttpSecurity http) throws Exception {


        // @formatter:off
        http.formLogin().loginPage("/login").permitAll().and().requestMatchers()
            .antMatchers("/login", "/oauth/authorize", "/oauth/confirm_access").and().authorizeRequests()
            .anyRequest().authenticated();
        // @formatter:on
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.parentAuthenticationManager(authenticationManager);
    }
}