Hi I'm trying to implement a spring boot web application using JSP as view engine. I'm following this tutorial as a basic: http://www.mkyong.com/spring-security/spring-security-hello-world-annotation-example/ I know that the tutorial didn't use spring boot. Anyway, I managed to implement a basic login thing. But the problem is that when I try to logout, it does not work and show me "White label error page" with the message saying "This application has no explicit mapping for /error, so you are seeing this as a fallback." and does not show any other specific messages.
Say for example, when I tried to login to "admin" page which is protected page. The login page appeared and I can successfully logged in. But when I clicked logout, the above error occurs and did not show any error on console as well. When I went to the previous url "/admin", it still showed that it was logged in with the previous user.
Since it doesn't show any error on console and on the web page, I have no clue to debug the issue. I'm very new to Spring web application, so please explain me what's wrong and how to fix the issue.
This is my main Application.java file
@ComponentScan
@EnableAutoConfiguration
public class Application extends SpringBootServletInitializer {
private static final Logger LOGGER = LoggerFactory.getLogger(Application.class.getName());
@Override
protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
return application.sources(Application.class);
}
public static void main(String[] args) {
LOGGER.info("Starting Main Application...");
SpringApplication.run(Application.class, args);
LOGGER.info("Access URLs: http://127.0.0.1:8080\n");
}
}
This is my application.properties file
spring.mvc.view.prefix= /WEB-INF/jsp/
spring.mvc.view.suffix= .jsp
This is my SecurityConfig.java file
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("ADMIN");
auth.inMemoryAuthentication().withUser("user").password("user").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/admin/**").access("hasRole('ADMIN')")
.antMatchers("/user/**").access("hasRole('ADMIN') or hasRole('USER')")
.antMatchers("/index").permitAll()
.antMatchers("/").permitAll()
.and()
.formLogin()
.and()
.logout()
.logoutSuccessUrl("/");
}
}
This is my MainController.java
@Controller
public class MainController {
private static final Logger LOGGER = LoggerFactory.getLogger(MainController.class);
@RequestMapping({"/index", "/"})
public String index(Model model) {
model.addAttribute("title", "Spring Web Application example");
model.addAttribute("message", " This is Spring Web Application example using Spring boot, JSP");
LOGGER.debug("Inside MainController.index() method");
return "index";
}
@RequestMapping(value = "/admin**", method = RequestMethod.GET)
public String adminPage(Model model) {
model.addAttribute("title", "Spring Security Web Application example");
model.addAttribute("message", "This is a protected page");
model.addAttribute("h2", "only user with ADMIN role should be able to access this page!");
return "admin";
}
@RequestMapping(value = "/user**", method = RequestMethod.GET)
public String userPage(Model model) {
model.addAttribute("title", "Spring Security Web Application example");
model.addAttribute("message", "This is a protected page");
model.addAttribute("h2", "only user with either USER or ADMIN role should be able to access this page!");
return "user";
}
}
I excluded the jsp files and pom file, if you would like to see the whole project, please have a look at my github repository https://github.com/agthumoe/spring-boot-security
Thanks
