Spring Security(2)自定义登陆和登出页面
以下是需要的依赖:
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example.spring.security</groupId>
<artifactId>demo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>demo</name>
<description>Demo project for Spring Boot Security</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
我们需要编写自己的登陆页面和登出页面
<!-- 登陆页面 -->
<!DOCTYPE html>
<html lang="en" xmlns:th="https://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form name="f" th:action="@{/loginPage}" method="post">
<fieldset>
<legend>Custom Login</legend>
<div th:if="${param.error}">
<p style="color: red">
Invalid username and password
</p>
</div>
<div th:if="${param.logout}">
<p style="color: green">
You have been logged out
</p>
</div>
<label for="username">
UserName
</label>
<input id="username" name="username" type="text" />
<label for="password">
Password
</label>
<input type="password" name="password" id="password" />
<div class="form-action">
<button type="submit" class="ctn">Log in</button>
</div>
</fieldset>
</form>
</body>
</html>
<!-- 登出页面 -->
<!DOCTYPE html>
<html lang="en" xmlns:th="https://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Custom Logout</title>
</head>
<body>
<h2>Custom Logout Page</h2>
<form th:action="@{/logoutPage}" method="post">
<input type="submit" value="Log out" />
</form>
</body>
</html>
接下来需要在控制器中对路由地址进行配置:
package com.example.spring.security.demo;
import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class HomeController {
@GetMapping(value = "/loginPage")
public String login() {
return "login_page";
}
@GetMapping(value = "/logoutPage")
public String logout() {
return "logout_page";
}
@GetMapping(value = {"/", "/home"})
public String home() {
return "index";
}
}
配置完成之后,需要创建一个Spring Security 安全框架的配置文件:
package com.example.spring.security.demo;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest()
.authenticated().and().formLogin().
loginPage("/loginPage").permitAll()
.and().logout().logoutUrl("/logoutPage")
.logoutSuccessUrl("/loginPage?logout").permitAll();
}
}
其中,这段代码的意义是,认证所有的请求,并且自定义登录页面,登陆的路由为 /loginPage
认证之后通过所有的请求,并且自定义登出路由,登出路由为 /logoutPage
,登陆成功后跳转回 /loginPage?logout
。
以下为截图: