# I am using Java 21,
# Spring boot 3.3.4,
# Spring security.
#
***The process is :
form register --> save userEntity credentials and also save a tokenEntity for authentication.
I send mail with the token.
Page with form to enter the token received by mail
and then login.***
**After submitting the form the business logic is ok. User and token are saved in the database.**
**The problem is that after submitting the register form, spring redirects to the authenticate page and immediately the login page.
参见图片:**
**SecurityFilterChain:**
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
//http.csrf(AbstractHttpConfigurer::disable)
http.authorizeHttpRequests(auth -> {
auth.requestMatchers(
antMatcher(LOGIN_MAPPING),
antMatcher("/logout"),
antMatcher("/register"),
antMatcher("/static/css/*"),
antMatcher("/images/*"),
antMatcher("/answer"),
antMatcher("/game"),
antMatcher("/result"),
antMatcher("/activate-account")
).permitAll();
auth.anyRequest().authenticated();
});
http.formLogin(form->form.loginPage(LOGIN_MAPPING)
.permitAll()
.loginProcessingUrl(LOGIN_MAPPING)
.defaultSuccessUrl("/game" ,true))
.logout(LogoutConfigurer::permitAll);
return http.build();
}
**AuthController:**
@Slf4j
@Controller
@RequiredArgsConstructor
public class AuthController {
private final AuthService authService;
private final MyUserService userService;
@GetMapping("/login")
String getLoginPage() {
return "login";
}
@GetMapping("/register")
public String getRegisterPage(Model model){
model.addAttribute("user" , MyUser.builder().build());
return "register";
}
@PostMapping("/register")
String registration(@ModelAttribute MyUser user) {
userService.registerUser(user);
return "redirect:/activate_account";
}
@GetMapping("/activate-account")
public String confirm(Model model) {
return "/activate_account";
}
@PostMapping("/activate-account")
public String confirm(@RequestParam(value = "token") String token, Model model){
authService.activateAccount(token);
return "redirect:login?success";
}
}
**register.html:**
<!doctype html>
<html lang="it" xmlns:th="http://www.thymeleaf.org" xmlns="http://www.w3.org/1999/html">
<head th:replace="/partial/head"></head>
<body>
<div th:replace="/partial/nav"></div>
<div class="container" style="margin-top: 90px;">
<div class="row">
<div class="col-md-4"></div>
<form th:action="@{/register}" method="post" class="card col-md-3">
<div class="card-body">
<h5 class="card-title mb-4">Please register</h5>
<!-- Email input -->
<div class="form-outline mb-4">
<input name="username" type="email" id="username" class="form-control"/>
<label class="form-label" for="username">Email address</label>
</div>
<!-- Password input -->
<div class="form-outline mb-4">
<input name="password" type="password" id="password" class="form-control"/>
<label class="form-label" for="password">Password</label>
</div>
<!-- Submit button -->
<button type="submit" class="btn btn-primary form-control mb-4">Sign on</button>
<!-- Register buttons -->
</div>
</form>
<div class="col-md-4"></div>
</div>
</div>
<div th:replace="/partial/script"></div>
</body>
</html>
</body>
</html>
有人遇到过这个问题吗? 如果是的话,你是怎么解决的?
# **Thank you in advance for any suggestions.**
我尝试消除过滤器中的“
auth.anyRequest().authenticated();
”。
预计不会重定向到登录页面,但总是返回到登录页面。
我想在登录控制器的开头引入一个检查,以识别用户是否已经从注册页面通过,如果是并且他的令牌尚未经过身份验证,则将他重定向到注册页面。 但这不是我想要采用的解决方案,因为它不干净,而且我不喜欢检查每个想要登陆登录页面的用户。
已解决:
@PostMapping("/register")
String registration(@ModelAttribute MyUser user) {
userService.registerUser(user);
return "/activate_account";
}