I created an form to log in in Spring Security. Registration is working fine but there is something wrong with loggin in. When I try to log in there is an log: 2025-01-19T23:46:34.220+01:00 WARN 388 --- [TrippiApp] [nio-8080-exec-4] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.springframework.web.HttpRequestMethodNotSupportedException: Request method 'POST' is not supported]
Login into default loging page is available so I assume there is something wrong with SecurityFilterChain
@Configuration
@EnableWebSecurity
public class SecurityConfig {
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http.csrf(csrf -> csrf.disable()).authorizeHttpRequests(requests -> requests
.dispatcherTypeMatchers().permitAll()
.requestMatchers("/CSS/**").permitAll()
.requestMatchers("/login /register /search").hasAnyRole("USER", "ADMIN")
.anyRequest().authenticated()
)
.formLogin(login -> login
.loginPage("/login")
.loginProcessingUrl("/userAuth")
.defaultSuccessUrl("/register")
.failureForwardUrl("/login?error")
.permitAll())
.logout(logout -> logout.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.permitAll());
return http.build();
}
}
@Controller
public class AuthorisationController {
private UserService userService;
public AuthorisationController(UserService userService) {
this.userService = userService;
}
@GetMapping("/login")
public String login() {
return "login";
}
<!DOCTYPE html>
<html xmlns:th="http://thymeleaf.org"
xmlns:layout="http://www.ultraq.net.nz/thymeleaf/layout"
layout:decorate="~{layout}">
<head>
<link rel="stylesheet" type="text/css" href="/CSS/style.css" />
<meta charset="UTF-8" />
<title>Register</title>
</head>
<body>
<div class="navbar">
<div class="button"><a href="" class="nav-btn">Konto</a></div>
<div class="button"><a href="" class="nav-btn">Szukaj</a></div>
<div class="button"><a href="" class="nav-btn">Wiadomości</a></div>
<div class="button"><a href="" class="nav-btn">Logowanie</a></div>
<div class="button"><a href="" class="nav-btn">Rejestracja</a></div>
<div class="button"><a href="" class="nav-btn">Wyloguj</a></div>
</div>
<div class="main">
<div class="sidebar">
<h2>Użytkownik</h2>
</div>
<div class="mainpage">
<h2>Logowanie</h2>
<div th:if="${param.error}" class="alert alert-success">
Zły nick lub hasło!
</div>
<div th:if="${param.logout}" class="alert alert-success">
Wylogowałeś się!
</div>
<div class="register">
<form method="POST" role="form" th:action="@{/login}">
<div class="info">
Nick:
<input
id="nickName"
type="text"
name="nickName"
placeholder="Podaj nick"
class="form-in"
/>
</div>
<div class="info">
Hasło:
<input
id="password"
type="password"
name="password"
placeholder="Podaj hasło"
class="form-in"
/>
</div>
<button value ="Log in" type="submit" class="btn-send">Zaloguj</button>
</form>
</div>
</div>
</div>
</body>
</html>
I have tried to toggle in filter parameters but so far with no results.
This happens because you specified the loginProcessingUrl to be /userAuth, and not /login. You're then sending the form to /login, through
<form method="POST" role="form" th:action="@{/login}">
but Spring already configured a controller at /userAuth for you, because you explicitly specified that.
One solution would be to also change the th:action to send the requests at @{/userAuth}.
Another workaround would be to change the loginProcessingUrl to /login. However, you can also simply remove the statement that manually configures the login processing URL. Not specifying any loginProcessingUrl automatically makes Spring configure it as the /login endpoint.