Spring Security Redirecting to / - Nineya|java/go/python

DEBUG o.s.security.web.FilterChainProxy : Securing POST /login DEBUG s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext INFO c.e.s.config.MyUserDetailsService : 用户名name DEBUG o.s.s.a.dao.DaoAuthenticationProvider : Authenticated user DEBUG o.s.s.web.DefaultRedirectStrategy : Redirecting to / DEBUG s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request DEBUG o.s.security.web.FilterChainProxy : Securing POST / DEBUG s.s.w.c.SecurityContextPersistenceFilter : Set SecurityContextHolder to empty SecurityContext DEBUG o.s.s.w.a.AnonymousAuthenticationFilter : Set SecurityContextHolder to anonymous SecurityContext DEBUG o.s.s.w.session.SessionManagementFilter : Request requested invalid session id 220BC602C8CE04AF4155B1B2DC39E9D4 DEBUG o.s.s.w.a.i.FilterSecurityInterceptor : Failed to authorize filter invocation [POST /] with attributes [authenticated] DEBUG s.s.w.c.SecurityContextPersistenceFilter : Cleared SecurityContextHolder to complete request

The log is like this: After logging in, the authenticated user is redirected, resulting in inability to conduct business

public class LoginFilter extends UsernamePasswordAuthenticationFilter {

public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";

@Override
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException {

    String requestMethod = request.getMethod();
    if (!"POST".equals(requestMethod)) {
        throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
    }

    String contentType = request.getContentType();
    if(!contentType.equalsIgnoreCase(MediaType.APPLICATION_JSON_VALUE)) {

        throw new AuthenticationServiceException("Authentication contentType not supported :" + contentType);
    }

    ObjectMapper mapper = new ObjectMapper();
    UsernamePasswordAuthenticationToken authRequest;

    try (InputStream is = request.getInputStream()) {
        JsonNode jsonNode = mapper.readTree(is);
        String username = jsonNode.get(SPRING_SECURITY_FORM_USERNAME_KEY).asText();
        String password = jsonNode.get(SPRING_SECURITY_FORM_PASSWORD_KEY).asText();
        authRequest = new UsernamePasswordAuthenticationToken(username, password);
    } catch (IOException e) {
        throw new BadCredentialsException("Could not obtain JSON from request", e);
    }

    authRequest.setDetails(authenticationDetailsSource.buildDetails(request));

    return this.getAuthenticationManager().authenticate(authRequest);
}

} Login Filter

Comment From: marcusdacoregio

Hi @yingtao377, I don't have a clear picture of the problem yet.

Isn't the expected behavior to redirect the user after login? Or is the user redirected to an error endpoint?

My guess is that you are not saving the SecurityContext after authenticating the user, can you take a look at this and check if it is related to your scenario? https://docs.spring.io/spring-security/reference/5.8/migration/servlet/session-management.html#_require_explicit_saving_of_securitycontextrepository

Comment From: spring-projects-issues

If you would like us to look at this issue, please provide the requested information. If the information is not provided within the next 7 days this issue will be closed.

Comment From: spring-projects-issues

Closing due to lack of requested feedback. If you would like us to look at this issue, please provide the requested information and we will re-open the issue.