So before configuring the servers context path in application.yml like so
server:
context-path: /kmi
My spring security configuration works as expected. That configuration looks like this.
@Configuration
@EnableWebSecurity
class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/authentication/**").permitAll()
.antMatchers("/**").hasRole("USER")
.anyRequest()
.authenticated()
.and()
.formLogin()
.loginPage('/authentication/login')
.permitAll()
.and()
.logout()
.logoutUrl("/authentication/logoutRedirect")
.invalidateHttpSession(true)
.logoutSuccessUrl("/authentication/login")
.permitAll()
}
// plus LDAP configuration below this, but I do not believe that is relevant
In UrlMappings I am performing this redirection.
"/"(controller:'authentication')
The Authentication controller looks like...
def index() {
if( SecurityContextHolder.getContext().getAuthentication().getPrincipal()) {
def user = SecurityContextHolder.getContext().getAuthentication().getPrincipal()
def username = user.getUsername()
def userDetails = UserService.getUserDetailsByUserId( username )
session.currentUser = userDetails
session.setMaxInactiveInterval(1800)
redirect(controller:"knowledgeAsset", action:"index")
}
}
def login() {}
// logoutRedirect submits a form for csrf, and goes back to login page
def logoutRedirect() {}
The issue is that when I change the server context path in application.yml, this breaks, and I suspect it might be an issue with what spring security is using as its context path, but I am lost.
Specifically, the login page appears, I enter my credentials and am authenticated on the backend, but I am not redirected as I get an authorization_failure exception.
Aucun commentaire:
Enregistrer un commentaire