Spring Security forces log in screen even with permit all specification

Cooler166

I have a basic spring security filter chain with form login. And whenever I try to bypass the login screen it just redirects back to it.

Specifically, trying to access public still redirects back to the login page.

    @Bean
    public SecurityFilterChain securityFilterChain (HttpSecurity sec) throws Exception
    {
        sec.csrf().disable()
                .authorizeHttpRequests()
                .requestMatchers("home/normal")
                .hasRole("NORMAL")
                .requestMatchers("home/admin")
                .hasRole("ADMIN")
                .requestMatchers("/home/public", "/home/add")
                .permitAll()
                .anyRequest()
                .authenticated()
                .and()
                .formLogin();
        return sec.build();
    }

Youans

I believe this could happen not because of the /home/public nor /home/add when you request a page from the server, browsers will request the favicon as well so they issue /favicon.ico request against the server so make sure to allow it as well

So update your code as follows:

...
.requestMatchers("/home/public", "/home/add", "/favicon.ico")
.permitAll()

You can open the dev tools in the browser and check the network tab if there are any XHR requests against a server that needed to be allowed also.

Collected from the Internet

Please contact [email protected] to delete if infringement.

edited at2023-06-3

Comments

0 comments

TOP Ranking

Article

Spring Security forces log in screen even with permit all specification

Spring Security forces log in screen even with permit all specification

Failed to listen on localhost:8000 (reason: Cannot assign requested address)

pump.io port in URL

How to import an asset in swift using Bundle.main.path() in a react-native native module

Loopback Error: connect ECONNREFUSED 127.0.0.1:3306 (MAMP)

Compiler error CS0246 (type or namespace not found) on using Ninject in ASP.NET vNext

BigQuery - concatenate ignoring NULL

Spring Boot JPA PostgreSQL Web App - Internal Authentication Error

ggplotly no applicable method for 'plotly_build' applied to an object of class "NULL" if statements

ngClass error (Can't bind ngClass since it isn't a known property of div) in Angular 11.0.3

How to remove the extra space from right in a webview?

Change dd-mm-yyyy date format of dataframe date column to yyyy-mm-dd

Jquery different data trapped from direct mousedown event and simulation via $(this).trigger('mousedown');

maven-jaxb2-plugin cannot generate classes due to two declarations cause a collision in ObjectFactory class

java.lang.NullPointerException: Cannot read the array length because "<local3>" is null

How to use merge windows unallocated space into Ubuntu using GParted?

flutter: dropdown item programmatically unselect problem

Pandas - check if dataframe has negative value in any column

Nuget add packages gives access denied errors

Can't pre-populate phone number and message body in SMS link on iPhones when SMS app is not running in the background

Generate random UUIDv4 with Elm

Client secret not provided in request error with Keycloak