Spring security login always lands in an error page with no message

Question

I\'m using a login form for a small project in Spring but I have a small problem which is that every time I log in using a sign in form I get an error redirection.

T

Answer 1

I guess the question is answered, I faced this error today and I had a different situation. I thought it would help some other new spring coders as I had to google for a while.

It is necessary to add the attribute name to username or password text fields. After adding the attribute name="username" and name="password" in corresponding input types, you must be able to login.

Spring uses the name parameter to do the matching of username and password. so its a must! this may seem simple, but this is how it works

Answer 2

create a controller and handle default request (i.e get '/' ), if you are using the default authentication for first time

Answer 3

In my case there were some other requests that caused this to happen (one of them was 404 when loading css resource). After fixing them this error disappeared.

EDIT

To resolve the issue properly you should exclude /error page from spring security filters. Check Spring security redirects to page with status code 999 for details

Answer 4

The answer suited in my case, too, has been that shared by 123.

The following piece of advice at https://www.baeldung.com/spring-security-login came in handy as well:

One reason to override most of the defaults in Spring Security is to hide the fact that the application is secured with Spring Security and minimize the information a potential attacker knows about the application.

The following at https://docs.spring.io/spring-security/site/docs/4.2.12.RELEASE/apidocs/org/springframework/security/config/annotation/web/configurers/AbstractAuthenticationFilterConfigurer.html is also useful to refer to:

defaultSuccessUrl(String defaultSuccessUrl) Specifies where users will go after authenticating successfully if they have not visited a secured page prior to authenticating.

defaultSuccessUrl(String defaultSuccessUrl, boolean alwaysUse) Specifies where users will go after authenticating successfully if they have not visited a secured page prior to authenticating or alwaysUse is true.

Answer 5

Maybe this is about that, there is no RequestMapping with Param error. Possible solution

@RequestMapping(value={"/", "/login"}, method = RequestMethod.GET)
    public ModelAndView login(@RequestParam(value = "error", required = false)){
        ModelAndView modelAndView = new ModelAndView();
        if (error != null) {
          modelAndView.setViewName("error page");
        } else modelAndView.setViewName("login");

        return modelAndView;
    }

Edit1

Might be also caused by not having all following folders in your project "/static/**", "/js/**", "/css/**", "/img/**", "/json/**", delete this configure or add all folders.

Answer 6

You can add the always-use-default-target param to the success URL.

.defaultSuccessUrl("/home",true)

This means that if the login is successful you will always be sent to /home.

I think the undesirable behaviour is caused by the error page being queued for some reason, and then when the login is successful you get "returned" to that.

This isn't the ideal solution but providing you don't want to go to the previous page after logging in, then it works to prevent your described behaviour.