Issue
This Content is from Stack Overflow. Question asked by Feroz Siddiqui
I have trying to implement social login with form logic in spring security 5 below is my security config file:
@Configuration
@EnableWebSecurity
public class SecurityConfig {
Logger logger = LoggerFactory.getLogger(getClass());
@Autowired
private CustomOAuth2UserService oauth2UserService;
@Bean
public DaoAuthenticationProvider authProvider() throws Exception {
CustomAuthProvider authProvider = new CustomAuthProvider();
authProvider.setUserDetailsService(userDetailsService());
authProvider.setPasswordEncoder(NoOpPasswordEncoder.getInstance());
return authProvider;
}
@Bean
@Order(1)
SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf().disable()
// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
//.and()
.authorizeHttpRequests()
.mvcMatchers("/favicon.ico", "/signup", "/signup/**", "/assets", "/assets/**", "/cdn.jsdelivr.net",
"/cdn.jsdelivr.net/**", "/login", "/login/**", "/login/oauth2/code/google", "/oauth2",
"/oauth2/**")
.permitAll().anyRequest().authenticated().and().formLogin(form -> form.loginPage("/login").permitAll())
.authenticationManager(new ProviderManager(List.of(authProvider())))
.logout().logoutUrl("/logout").deleteCookies("JSESSIONID").invalidateHttpSession(true);
;
return http.build();
}
@Bean
@Order(Ordered.HIGHEST_PRECEDENCE)
SecurityFilterChain securityFilterChain2(HttpSecurity http) throws Exception {
http.csrf()
.disable()
// .csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse())
// .and()
.authorizeHttpRequests()
.mvcMatchers("/favicon.ico", "/signup", "/signup/**", "/assets", "/assets/**", "/cdn.jsdelivr.net",
"/cdn.jsdelivr.net/**", "/login", "/login/**", "/login/oauth2/code/google", "/oauth2",
"/oauth2/**")
.permitAll().anyRequest().authenticated().and()
.oauth2Login().loginPage("/login")
.userInfoEndpoint().userService(oauth2UserService).and()
.and()
.logout().logoutSuccessHandler(new LogoutSuccessHandler() {
@Override
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
SecurityContext context = SecurityContextHolder.getContext();
SecurityContextHolder.clearContext();
context.setAuthentication(null);
logger.info("onLogoutSuccess::::: {}");
}
}).logoutUrl("/logout").deleteCookies("JSESSIONID").invalidateHttpSession(true);
;
return http.build();
}
@Bean
public UserDetailsService userDetailsService() {
return new CustomUserDetailService();
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
Please let me know what is wrong with the configuration.
Solution
This question is not yet answered, be the first one who answer using the comment. Later the confirmed answer will be published as the solution.
This Question and Answer are collected from stackoverflow and tested by JTuto community, is licensed under the terms of CC BY-SA 2.5. - CC BY-SA 3.0. - CC BY-SA 4.0.