SpringBoot 整合 SpringSecurity——自定义登录页面

SpringBoot 整合 SpringSecurity——自定义登录页面

1. 编写一个自己的登录页面

   login.html

   <!DOCTYPE html>
   <html lang="en">
       <head>
           <meta charset="UTF-8">
           <title>登录页面</title>
       </head>
       <body>
           <form>
               用户名：<input type="text" name="username"/><br>
               密码：<input type="password" name="password"><br>
               <input type="submit" value="提交">
           </form>
       </body>
   </html>
   

2. 修改配置类 SpringSecurityConfig 中主要是设置哪个页面是登录页面。配置类需要继承 WebSecurityConfigurerAdapter ,并重写 configure 方法.

   • successForwardurl(): 登录成功后跳转地址
   • loginPage(): 登录页面
   • loginProcessingurl: 登录页面表单提交地址，此地址可以不真实存在。
   • antMatchers():匹配内容
   • permitAll():允许

   package cn.edu.hziee.config;
   
   import org.springframework.context.annotation.Bean;
   import org.springframework.context.annotation.Configuration;
   import org.springframework.security.config.annotation.web.builders.HttpSecurity;
   import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
   import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
   import org.springframework.security.crypto.password.PasswordEncoder;
   
   @Configuration
   public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
   
       @Bean
       public PasswordEncoder passwordEncoder(){
           return new BCryptPasswordEncoder();
       }
   
       @Override
       protected void configure(HttpSecurity http) throws Exception {
           //自定义表单登录页面
           http.formLogin()
                   //自定义的登录页面
                   .loginPage("/login.html")
                   //处理登录处理的请求地址
                   .loginProcessingUrl("/login")
                   //登录成功后返回的页面
                   .successForwardUrl("/tomain");
   
           //权限配置
           http.authorizeRequests()
                   //放行登录页面
                   .antMatchers("/login.html").permitAll()
                   //其他资源均需登录后访问
                   .anyRequest().authenticated();
   
           http.csrf().disable();
       }
   }
   

   LoginController

   package cn.edu.hziee.controller;
   
   import org.springframework.stereotype.Controller;
   import org.springframework.web.bind.annotation.RequestMapping;
   
   @Controller
   public class LoginController {
   
       @RequestMapping("/tomain")
       public String toMain(){
           return "redirect:/tosuccess";
       }
   
       @RequestMapping("/tosuccess")
       public String toSuccess(){
           return "/success.html";
       }
   }
   

3. 运行结果

SpringSecurityConfig 使用 and() 来实现链式编程

package cn.edu.hziee.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
        http.formLogin()
                .loginPage("/login.html")
                .loginProcessingUrl("/login")
                .successForwardUrl("/tomain")
        .and()
                .authorizeRequests()
                        .antMatchers("/login.html").permitAll()
                        .anyRequest().authenticated();

        http.csrf().disable();
    }
}

上一篇：SpringBoot 整合 SpringSecurity——数据库实现