[FIXED] Spring Security and problems with Login

Issue

I'm developing a MVC web app with Spring. I have to use Spring security for every created page in my web app. I create a login view:

<form>
    <div class="form-group">
        <label for="role">Ruolo</label>
        <input type="role" class="form-control" id="role" aria-describedby="role" placeholder="Inserisci ruolo">
        <small id="role" class="form-text text-muted">We'll never share your email with anyone else.</small>
    </div>
    <div class="form-group">
        <label for="exampleInputPassword1">Password</label>
        <input type="password" class="form-control" id="exampleInputPassword1" placeholder="Password">
    </div>
    <div class="form-group">
        <label for="exampleInputUsername">Username</label>
        <input type="username" class="form-control" id="exampleInputPassword1" placeholder="Username">
    </div>
    <div class="form-check">
        <input type="checkbox" class="form-check-input" id="exampleCheck1">
        <label class="form-check-label" for="exampleCheck1">Check me out</label>
    </div>
    <button type="submit" class="btn btn-primary">Submit</button>
</form>

a login controller:

@RequestMapping("hi/untitled_war/login/form")
public class LoginController
{
@GetMapping
public String getLogin(Model model)
{
    return "login";
}

This is my SecurityConfigClass:

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder pass(){
    return new BCryptPasswordEncoder();
}

@Bean
public UserDetailsService user(){
    UserBuilder users = User.builder();
    InMemoryUserDetailsManager manager= new InMemoryUserDetailsManager();
//1st user
    manager.createUser(
            users.username("ClientUser").password(new BCryptPasswordEncoder().encode("Abc12"))
                    .roles("Client").build() );
//2nd user
    manager.createUser(
            users.username("OpUser").password(new BCryptPasswordEncoder().encode("Abc123"))
                    .roles("Client","Operator").build() );
 //3rd user
    manager.createUser(
            users.username("aAdmin").password(new BCryptPasswordEncoder().encode("Abc1234"))
                    .roles("Client", "Admin").build() );
return manager;
}

public void configure(final AuthenticationManagerBuilder auth) throws Exception{
    auth.userDetailsService(user()).passwordEncoder(pass());
}
 private static final String[] ADMIN_Matcher={
        "/client/aadd/**", "/client/update/**", "client/delite/**", "cliente/view/**"
};

protected void configure(final HttpSecurity http) throws Exception{
http.authorizeRequests().antMatchers("/untitled_war/hi/**").permitAll()
.antMatchers("/login/**").permitAll()
    .antMatchers("/untitled_war/hi/**")
    .hasAnyRole("Anonimo","USER")
    .antMatchers(ADMIN_Matcher).access("hasRole('Admin')")
    .antMatchers("/client/**").hasRole("Admin")
    .and()
    .formLogin().loginPage("/untitled_war/hi/untitled_war/login")
    .loginProcessingUrl("/login")
    .failureUrl("/login/form?error")
    .usernameParameter("userame").passwordParameter("password")
    .and()
    .exceptionHandling().accessDeniedPage("/login/form?forbidden")
    .and()
    .logout()
    .logoutUrl("/login/form^logout")
    .and()
    .logout().logoutUrl("/login/form^logout");
   // .and().csrf().disable()
}}

And the login doesn't work. I compile all labels into the form model, but after this my app doesn't redirect me to the page for admin role, or to a page for a simple user.

What's wrong here?

Solution

if your views in a folder, such as resources/foldername/login.html

try to return "foldername/login";

instead of return "login";

Answered By - nurmanbetov