SpringBoot 整合 SpringSecurity——自定义登录页面
-
编写一个自己的登录页面
login.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>登录页面</title> </head> <body> <form> 用户名:<input type="text" name="username"/><br> 密码:<input type="password" name="password"><br> <input type="submit" value="提交"> </form> </body> </html>
-
修改配置类 SpringSecurityConfig 中主要是设置哪个页面是登录页面。配置类需要继承 WebSecurityConfigurerAdapter ,并重写 configure 方法.
successForwardurl():
登录成功后跳转地址loginPage():
登录页面loginProcessingurl:
登录页面表单提交地址,此地址可以不真实存在。antMatchers():
匹配内容permitAll():
允许
package cn.edu.hziee.config; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration public class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { //自定义表单登录页面 http.formLogin() //自定义的登录页面 .loginPage("/login.html") //处理登录处理的请求地址 .loginProcessingUrl("/login") //登录成功后返回的页面 .successForwardUrl("/tomain"); //权限配置 http.authorizeRequests() //放行登录页面 .antMatchers("/login.html").permitAll() //其他资源均需登录后访问 .anyRequest().authenticated(); http.csrf().disable(); } }
LoginController
package cn.edu.hziee.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @Controller public class LoginController { @RequestMapping("/tomain") public String toMain(){ return "redirect:/tosuccess"; } @RequestMapping("/tosuccess") public String toSuccess(){ return "/success.html"; } }
-
运行结果
SpringSecurityConfig 使用 and() 来实现链式编程
package cn.edu.hziee.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html")
.loginProcessingUrl("/login")
.successForwardUrl("/tomain")
.and()
.authorizeRequests()
.antMatchers("/login.html").permitAll()
.anyRequest().authenticated();
http.csrf().disable();
}
}