I have the following thymeleaf login.html form and I am trying to check if username and password match the ones in the database, but when I click on Login it redirects to http://localhost:8080/login?error=true without processing it in the login() method.
Here is the HTML file:
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head>
<title>Login Form</title>
<meta charset="UTF-8">
<title>Login</title>
<link href="https://fonts.googleapis.com/css?family=Open+Sans:400,700" rel="stylesheet">
<link rel="stylesheet" href="css/style.css">
</head>
<body class="align">
<div class="grid">
<form th:action="@{/login}" method="post" th:object="${loginForm}" class="form login">
<br/>
<div class="form__field">
<label for="username"><svg class="icon"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="#user"></use></svg><span class="hidden">Username</span></label>
<input id="username" type="text" name="username" class="form__input" placeholder="Username" autofocus="autofocus" required>
</div>
<div class="form__field">
<label for="password"><svg class="icon"><use xmlns:xlink="http://www.w3.org/1999/xlink" xlink:href="#lock"></use></svg><span class="hidden">Password</span></label>
<input id="password" type="password" name="password" class="form__input" placeholder="Password" required>
</div>
<div th:if="${error}">
<div class="alert alert-info">Username or Password are wrong</div>
</div>
<div class="form__field">
<input type="submit" value="Login">
</div>
</form>
</body>
</html>
Security configurations:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**").permitAll()
.antMatchers("/", "index").permitAll()
.antMatchers("/signup").permitAll()
.anyRequest().authenticated()
.and()
.csrf().disable()
.formLogin().permitAll()
.loginPage("/login")
.failureUrl("/login?error=true")
.usernameParameter("username")
.passwordParameter("password")
.and()
.logout().permitAll()
.logoutRequestMatcher(new AntPathRequestMatcher("/logout"))
.logoutSuccessUrl("/login")
.and()
.exceptionHandling()
.accessDeniedPage("/access-denied");
}
Controller method login() for POST mapping:
@RequestMapping(value="login", method=RequestMethod.POST)
public String login(@Valid @ModelAttribute(name="loginForm") LoginForm loginForm, Model model, BindingResult result) {
String username = loginForm.getUsername();
String password = loginForm.getPassword();
String page = "";
Boolean exists;
exists = userService.usernameExists(username);
if(exists) {
User u = userService.findByUsername(username);
if(u.getPassword().contentEquals(password)) {
if(u.getRole().getName().equalsIgnoreCase("user")) {
page = "userpage";
} else {
page = "adminpage";
}
}
} else {
model.addAttribute("error", true);
page = "login";
}
if (result.hasErrors()) {
page = "login";
}
return page;
}
This is the LoginForm class:
public class LoginForm {
@NotBlank
private String username;
@NotBlank
private String password;
public LoginForm() {}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getPassword() {
return password;
}
public void setPassword(String password) {
this.password = password;
}
}
Is there any problem with what I've written so far which might cause the form not to processed?
Thank you in advance!