I have a basic spring security filter chain with form login. And whenever I try to bypass the login screen it just redirects back to it.
Specifically, trying to access public still redirects back to the login page.
@Bean
public SecurityFilterChain securityFilterChain (HttpSecurity sec) throws Exception
{
sec.csrf().disable()
.authorizeHttpRequests()
.requestMatchers("home/normal")
.hasRole("NORMAL")
.requestMatchers("home/admin")
.hasRole("ADMIN")
.requestMatchers("/home/public", "/home/add")
.permitAll()
.anyRequest()
.authenticated()
.and()
.formLogin();
return sec.build();
}
I believe this could happen not because of the /home/public
nor /home/add
when you request a page from the server, browsers will request the favicon as well so they issue /favicon.ico
request against the server so make sure to allow it as well
So update your code as follows:
...
.requestMatchers("/home/public", "/home/add", "/favicon.ico")
.permitAll()
You can open the dev tools in the browser and check the network tab if there are any XHR requests against a server that needed to be allowed also.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments