Spring Boot Admin Server information
-
Version:
4.1.0
-
Spring Boot version:
4.1.0
-
Configured Security:
Basic Auth with Spring Security. Custom Login Form.
-
Webflux or Servlet application:
Servlet. Apache Tomcat
Client information
-
Spring Boot versions:
4.1.0
-
Used discovery mechanism:
Self Registration
-
Webflux or Servlet application:
Servlet
Description
After upgrading from Spring Boot Admin 4.0.4 to 4.1.0, the Spring Boot Admin login page renders correctly, but clicking the Login button does nothing. There is no form submission, no network activity, and no Spring Security authentication attempt. The SBA login form is displayed. Clicking the Login button has no effect. The browser does not submit the form and no request is sent.
I think this happens when the application configures Spring Security to use the SBA login page, for example /sba/login.
@Configuration
@EnableWebSecurity
class SecurityConfiguration {
@Bean
SecurityFilterChain securityFilterChain(HttpSecurity http, AdminServerProperties adminServer)
throws Exception {
String adminContextPath = adminServer.getContextPath();
return http
.authorizeHttpRequests(registry -> registry
.requestMatchers(adminContextPath + "/assets/**").permitAll()
.requestMatchers(adminContextPath + "/login").permitAll()
.requestMatchers(adminContextPath + "/**").authenticated()
.anyRequest().authenticated()
)
.formLogin(form -> form
.loginPage(adminContextPath + "/login")
)
.build();
}
}Going back to 4.0.4 without any other changes fixes the problem.
I did some very modest analysis and it looks like in 4.1.0, the login button is rendered as <button type="button"> but it's not specified that this is a submit button. In 4.0.4, the button did not force type="button", so the browser default was submit, and the login form worked.
I have a weird workaround in place to overwrite login with:
<script>
document.addEventListener("DOMContentLoaded", () => {
console.info("Changing the login button type to submit");
document.querySelector("button[type=button]").setAttribute("type", "submit")
});
</script>But I am happy to submit a pull request if you consider this is a legitimate issue.
Thank you!
Spring Boot Admin Server information
Version:
4.1.0
Spring Boot version:
4.1.0
Configured Security:
Basic Auth with Spring Security. Custom Login Form.
Webflux or Servlet application:
Servlet. Apache Tomcat
Client information
Spring Boot versions:
4.1.0
Used discovery mechanism:
Self Registration
Webflux or Servlet application:
Servlet
Description
After upgrading from Spring Boot Admin 4.0.4 to 4.1.0, the Spring Boot Admin login page renders correctly, but clicking the Login button does nothing. There is no form submission, no network activity, and no Spring Security authentication attempt. The SBA login form is displayed. Clicking the Login button has no effect. The browser does not submit the form and no request is sent.
I think this happens when the application configures Spring Security to use the SBA login page, for example
/sba/login.Going back to 4.0.4 without any other changes fixes the problem.
I did some very modest analysis and it looks like in 4.1.0, the login button is rendered as
<button type="button">but it's not specified that this is a submit button. In 4.0.4, the button did not force type="button", so the browser default was submit, and the login form worked.I have a weird workaround in place to overwrite login with:
But I am happy to submit a pull request if you consider this is a legitimate issue.
Thank you!