Issue
I'd like to secure all pages in "/static/secure" in Spring Boot utilizing Spring Security, but I do not wish to utilize a view.
I have created a login form, with method="POST", and have setup Java-Based configuration class to go to /static/secure/main.html on success.
I wish I could approach from a specific problem standpoint, unfortunately everything I can find for guidance on how to authenticate uses Thymeleaf, or a view. I really just want it to navigate to /static/secure/main.html upon successful login, not call a view. Does anyone know how to configure Spring Boot to just go to a regular HTML page upon authentication?
I am attempting to just use Spring Security to handle login, then the rest of the app will be Angular once we're in, hitting REST API endpoints as needed - so I don't really want the "view" concept, nor Thymeleaf in the mix.
Any help would be much appreciated!
Thank you, Dan
Solution
Successful authentication redirects to the page the user initially tried to open. So as long as you secured your /static/secure folder, accessing /static/secure/main.html will trigger authentication and then automatically redirect to that page on success.
You configuration overall will look something like this:
@Configuration
@EnableWebMvc
public class SpringMvcConfiguration implements WebMvcConfigurer {
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
registry.addResourceHandler("/static/**")
.addResourceLocations("/static/");
}
}
(Given you serve your Angular pages from /static/... URLs and the pages themselves go from /src/webapp/static folder in your Maven project.)
In your Spring Security configuration:
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/static/secure/**").authenticated()
.and()
// ...
}
Answered By - Alexey Veleshko
Answer Checked By - Dawn Plyler (JavaFixing Volunteer)