You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
I'm using Spring Security's default form login to secure a REST Controller endpoint. And the login endpoint is exposed in swagger-ui. Still, the problem is that the only available request body type is application/json. This sends the credentials as json in the request body, resulting in null username/password in UsernamePasswordAuthenticationFilter. So form login does not work.
I can't find a way to configure the request body type to application/x-www-form-urlencoded, so that form login works.
To Reproduce
I'm using SpringBoot 2.7.5 and Spring Security 5.7.4. Other project dependencies:
@RestController
@RequestMapping("foos")
public class FooController {
@GetMapping(value = "/{id}")
public Foo findById(@PathVariable("id") final Long id) {
return new Foo(randomAlphabetic(6));
}
@GetMapping
public List<Foo> findAll() {
return Lists.newArrayList(new Foo(randomAlphabetic(6)));
}
@PostMapping
@ResponseStatus(HttpStatus.CREATED)
public Foo create(@RequestBody final Foo foo) {
return foo;
}
}
Expected behavior
I would have expected that form-login authentication configuration would be detected and the exposed Spring Security's detected login endpoint to be exposed with the option for x-www-form-urlencoded body type to be available.
Even so, the login endpoint is the only one listed in the swagger-ui (which is good - since it detects it consuming application/x-www-form-urlencoded media type), and the Rest endpoints which are consuming application/json are filtered out (which is also correct). But still the only available request body type for login is application/json which is wrong. This appears to be a bug.
Describe the bug
I'm using Spring Security's default form login to secure a REST Controller endpoint. And the login endpoint is exposed in swagger-ui. Still, the problem is that the only available request body type is
application/json
. This sends the credentials as json in the request body, resulting in null username/password inUsernamePasswordAuthenticationFilter
. So form login does not work.I can't find a way to configure the request body type to
application/x-www-form-urlencoded
, so that form login works.To Reproduce
I'm using SpringBoot 2.7.5 and Spring Security 5.7.4. Other project dependencies:
Supplying property:
springdoc.show-login-endpoint=true
Spring security simple config:
A simple controller:
Expected behavior
I would have expected that form-login authentication configuration would be detected and the exposed Spring Security's detected login endpoint to be exposed with the option for x-www-form-urlencoded body type to be available.
Screenshots
https://imgur.com/a/STuVkVZ
Additional context
I have created this issue with sample code, as the previous issue was closed without a clear solution to it: #1714
The text was updated successfully, but these errors were encountered: