第三章 Enhancing the User Experience（Login）

[size=large]Implementing a custom login page[/size]

[color=blue]Implementing the login controller[/color]

@Controller
public class LoginLogoutController extends BaseController {

    @RequestMapping(method = RequestMethod.GET, value = "/login.do")
    public void home() {
    }
}

[color=blue]Adding the login JSP[/color]

there are 2 important elements of the login form that must be correct in order for the appropriate actions to occur:

The form action must match the action configured in the UsernamePasswordAuthenticationFilter servlet filter. By default, this form action is j_spring_security_check.

The form fields for username and password must match the servlet specifications. By default j_username and j_password are the form field names.

All this leaves us with a fairly simple JSP:

<?xml version="1.0" encoding="ISO-8859-1" ?>
<%@ page language="java" contentType="text/html; charset=ISO-8859-1"
pageEncoding="ISO-8859-1"%>
<jsp:include page="common/header.jsp">
<jsp:param name="pageTitle" value="Login"/>
</jsp:include>
<h1>Please Log In to Your Account</h1>
<p>
Please use the form below to log in to your account.
</p>
<form action="j_spring_security_check" method="post">
<label for="j_username">Login</label>:
<input id="j_username" name="j_username" size="20" maxlength="50"
type="text"/>
<br />
<label for="j_password">Password</label>:
<input id="j_password" name="j_password" size="20" maxlength="50"
type="password"/>
<br />
<input type="submit" value="Login"/>
</form>
<jsp:include page="common/footer.jsp"/>

[color=red]Be aware that you must use a form POST, otherwise the login request will be rejected by the UsernamePasswordAuthenticationFilter.[/color]

[color=blue]Configuring Spring Security to use our Spring MVC login page[/color]

<http auto-config="true" use-expressions="true">
		<intercept-url pattern="/login.do" access="permitAll"/>
		<intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
		<form-login login-page="/login.do" />
</http>