I am developing a Spring Server which allows the access using a login page.
This login page has a background image that is not displaying the first time. If I access typing a valid user & password and I come back to the login page, the background image is now displayed.
So, I think that it could be some security issue.
This is the LoginPage code:
<!DOCTYPE html>
<html>
<head>
<title>Login PalmasLab</title>
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap.min.css">
<link rel="stylesheet" href="//netdna.bootstrapcdn.com/bootstrap/3.1.0/css/bootstrap-theme.min.css">
<style>
body
{
background: url('/img/login_background3.png');
background-size: 100%;
background-repeat: no-repeat;
}
</style>
</head>
<body onload='document.f.username.focus();'>
<div class="container theme-showcase" role="main">
<div class="jumbotron" id="title_jumbotron">
<form name='f' action='/' method='POST'>
<table>
<tr><td> <h4 >PalmasLab <small >Login</small></h4></td></tr>
<tr><td> <input class="form-control" type='text'placeholder="Nome de Usuario" name='username' value='' ></td></tr>
<tr><td><input class="form-control" type='password' placeholder="Senha" name='password' style="margin-top:2px;" /></td></tr>
<tr><td><input class="btn btn-success btn-sm" name="submit" type="submit" value="Entra" style="width:100%; margin-top:5px;"/></td></tr>
</table>
</form>
</div>
</div>
</body></html>
And this is my Application.java code:
@EntityScan(basePackages= "palmaslab.mapas.repository")
@EnableJpaRepositories(basePackages= "palmaslab.mapas.repository"/*.PostoSaudeRepository.class*/)
@Configuration
@EnableAutoConfiguration
@ComponentScan(basePackages="palmaslab.mapas.controller")
@Import({palmaslab.mapas.security.SecurityConfiguration.class})
//@Import({palmaslab.mapas.security.OAuth2SecurityConfiguration.class})
@EnableWebMvc
@PropertySource("application.properties")
public class Application extends /*WebMvcConfigurerAdapter*/ RepositoryRestMvcConfiguration{
private static final String[] CLASSPATH_RESOURCE_LOCATIONS = {
"classpath:/META-INF/resources/", "classpath:/resources/",
"classpath:/static/", "classpath:/public/" };
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
@Bean
public LocalContainerEntityManagerFactoryBean entityManagerFactory(
DataSource dataSource, JpaVendorAdapter jpaVendorAdapter) {
LocalContainerEntityManagerFactoryBean lef = new LocalContainerEntityManagerFactoryBean();
lef.setDataSource(dataSource);
lef.setJpaVendorAdapter(jpaVendorAdapter);
lef.setPackagesToScan("palmaslab.mapas.controller");
return lef;
}
@Bean
public JpaVendorAdapter jpaVendorAdapter() {
HibernateJpaVendorAdapter hibernateJpaVendorAdapter = new HibernateJpaVendorAdapter();
hibernateJpaVendorAdapter.setShowSql(false);
hibernateJpaVendorAdapter.setGenerateDdl(true); //Auto creating scheme when true
hibernateJpaVendorAdapter.setDatabase(Database.H2);//Database type
return hibernateJpaVendorAdapter;
}
@Bean
public SpringTemplateEngine templateEngine() {
SpringTemplateEngine engine = new SpringTemplateEngine();
Set<IDialect> dialects = new HashSet<IDialect>();
dialects.add(new SpringSecurityDialect());
dialects.add(new LayoutDialect());
engine.setAdditionalDialects(dialects);
LinkedHashSet<ITemplateResolver> templateResolvers = new LinkedHashSet<ITemplateResolver>(2);
templateResolvers.add(templateResolverServlet());
templateResolvers.add(layoutTemplateResolverServlet());
engine.setTemplateResolvers(templateResolvers);
return engine;
}
@Bean
public ServletContextTemplateResolver layoutTemplateResolverServlet() {
ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver();
templateResolver.setPrefix("/WEB-INF/layout/");
templateResolver.setSuffix("");
templateResolver.setTemplateMode("LEGACYHTML5");
templateResolver.setOrder(1);
templateResolver.setCacheable(false);
return templateResolver;
}
@Bean
public ServletContextTemplateResolver templateResolverServlet() {
ServletContextTemplateResolver templateResolver = new ServletContextTemplateResolver();
templateResolver.setPrefix("/WEB-INF/view/");
// System.out.println("templateResolver.getName()"+templateResolver.getName());
templateResolver.setSuffix(".html");
templateResolver.setTemplateMode("LEGACYHTML5");
// templateResolver.setTemplateMode("HTML5");
templateResolver.setOrder(2);
templateResolver.setCacheable(false);
return templateResolver;
}
@Bean
public ViewResolver MobileResolver() {
ThymeleafViewResolver resolver = new ThymeleafViewResolver();
resolver.setTemplateEngine(templateEngine());
resolver.setOrder(0);
String [] exclusions = new String [1];
exclusions[0] = "mobile*";
resolver.setViewNames(exclusions);
// resolver.setCharacterEncoding("ISO-8859-1");
resolver.setCharacterEncoding("UTF-8");
resolver.setContentType("application/json");
resolver.setCache(false);
return resolver;
}
@Bean
public ViewResolver thymeleafViewResolver() {
ThymeleafViewResolver resolver = new ThymeleafViewResolver();
resolver.setTemplateEngine(templateEngine());
resolver.setOrder(1);
// resolver.setCharacterEncoding("ISO-8859-1");
resolver.setCharacterEncoding("UTF-8");
resolver.setCache(false);
return resolver;
}
/*@Bean
public InternalResourceViewResolver viewResolver() {
InternalResourceViewResolver resolver = new InternalResourceViewResolver();
resolver.setPrefix("/WEB-INF/view/");
resolver.setSuffix(".jsp");
System.out.println("!!!!!!!!! internal resourceView");
return resolver;
}*/
//-------------------------------------__>>>>>>>>>>>>>>>>DESCOMENTAR !!!!!!!!!!!!!!!!!!!!!!!!!----------
@Bean
public ServletRegistrationBean dispatcherRegistration() {
ServletRegistrationBean registration = new ServletRegistrationBean(dispatcherServlet());
registration.addUrlMappings("/");
registration.setLoadOnStartup(1);
System.out.println("~~~~~~~ Servlet regristated " + registration.getServletName());
return registration;
}
@Override
public void configureDefaultServletHandling(DefaultServletHandlerConfigurer configurer) {
configurer.enable();
}
@Bean
public DispatcherServlet dispatcherServlet() {
return new DispatcherServlet();
}
@Bean
public MultipartConfigElement multipartConfigElement() {
MultipartConfigFactory factory = new MultipartConfigFactory();
factory.setMaxFileSize("9999999KB");
factory.setMaxRequestSize("9999999KB");
return factory.createMultipartConfig();
}
@Bean
public MultipartResolver multipartResolver() {
CommonsMultipartResolver resolver = new CommonsMultipartResolver();
resolver.setMaxUploadSize(999999999);
return resolver;
}
@Bean
public CommonsMultipartResolver filterMultipartResolver() {
CommonsMultipartResolver resolver=new CommonsMultipartResolver();
// resolver.setDefaultEncoding("ISO-8859-1");
resolver.setDefaultEncoding("UTF-8");
resolver.setMaxUploadSize(999999999);
resolver.setMaxInMemorySize(999999999);
return resolver;
}
/*
@Bean
public MultipartResolver multipartResolver() {
return new StandardServletMultipartResolver();
}*/
@Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory factory = new TomcatEmbeddedServletContainerFactory();
factory.setPort(8080);
factory.setSessionTimeout(5, TimeUnit.MINUTES);
//factory.addErrorPages(new ErrorPage(HttpStatus.404, "/notfound.html"));
return factory;
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
if (!registry.hasMappingForPattern("/webjars/**")) {
registry.addResourceHandler("/webjars/**").addResourceLocations(
"classpath:/META-INF/resources/webjars/");
}
if (!registry.hasMappingForPattern("/locals/**")) {
registry.addResourceHandler("/locals/**").addResourceLocations(
"classpath:/locals");
}
if (!registry.hasMappingForPattern("/**")) {
registry.addResourceHandler("/**").addResourceLocations(
CLASSPATH_RESOURCE_LOCATIONS);
}
}
}
And this is my configuration.java:
@Configuration
//Setup Spring Security to intercept incoming requests to the Controllers
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
private static final AuthenticationSuccessHandler NO_REDIRECT_SUCCESS_HANDLER = new AuthenticationSuccessHandler() {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpStatus.SC_OK);
}
};
private static final AuthenticationSuccessHandler CUSTOMIZED_REDIRECT_SUCCESS_HANDLER = new AuthenticationSuccessHandler() {
public void onAuthenticationSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
for (GrantedAuthority grantedAuthority : authorities) {
if (grantedAuthority.getAuthority().equals("mobile")) {
response.setStatus(HttpStatus.SC_OK);
}
}
}
};
private static final LogoutSuccessHandler JSON_LOGOUT_SUCCESS_HANDLER = new LogoutSuccessHandler() {
public void onLogoutSuccess(HttpServletRequest request,
HttpServletResponse response, Authentication authentication)
throws IOException, ServletException {
response.setStatus(HttpStatus.SC_OK);
response.setContentType("application/json");
response.getWriter().write("{}");
}
};
@Override
protected void configure(final HttpSecurity http) throws Exception {
http.csrf().disable();
http.requestCache().requestCache(new NullRequestCache());
http.formLogin()
.loginPage("/login")
.loginProcessingUrl("/")
.successHandler(new MySimpleUrlAuthenticationSuccessHandler())
// Allow everyone to access the login URL
.permitAll();
http.logout()
.logoutUrl("/home")
.logoutSuccessHandler(JSON_LOGOUT_SUCCESS_HANDLER)
.permitAll();
http.authorizeRequests().anyRequest().authenticated();
http.csrf().disable();
}
@Autowired
protected void registerAuthentication(
final AuthenticationManagerBuilder auth) throws Exception {
// This example creates a simple in-memory UserDetailService that
// is provided by Spring
auth.inMemoryAuthentication()
.withUser("xxx")
.password("xxx")
.authorities("admin","user")
;
}
}
Any solution?
I solved the problem.
I had to enable the resources folder from the SecurityConfiguration to allow the download of any resource without a previous loggin.
The
securityConfigurationfinal code is: