Spring Security5 学习2 - 自定义登陆登出页面

Spring Security（2）自定义登陆和登出页面

以下是需要的依赖：

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.2.6.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example.spring.security</groupId>
    <artifactId>demo</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>demo</name>
    <description>Demo project for Spring Boot Security</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-devtools</artifactId>
            <scope>runtime</scope>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

我们需要编写自己的登陆页面和登出页面

<!-- 登陆页面 -->
<!DOCTYPE html>
<html lang="en" xmlns:th="https://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <form name="f" th:action="@{/loginPage}" method="post">
        <fieldset>
            <legend>Custom Login</legend>
            <div th:if="${param.error}">
                <p style="color: red">
                    Invalid username and password
                </p>
            </div>
            <div th:if="${param.logout}">
                <p style="color: green">
                    You have been logged out
                </p>
            </div>
            <label for="username">
                UserName
            </label>
            <input id="username" name="username" type="text" />
            <label for="password">
                Password
            </label>
            <input type="password" name="password" id="password" />
            <div class="form-action">
                <button type="submit" class="ctn">Log in</button>
            </div>
        </fieldset>
    </form>
</body>
</html>

<!-- 登出页面 -->
<!DOCTYPE html>
<html lang="en" xmlns:th="https://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>Custom Logout</title>
</head>
<body>
    <h2>Custom Logout Page</h2>
    <form th:action="@{/logoutPage}" method="post">
        <input type="submit" value="Log out" />
    </form>
</body>
</html>

接下来需要在控制器中对路由地址进行配置：

package com.example.spring.security.demo;

import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class HomeController {

    @GetMapping(value = "/loginPage")
    public String login() {
        return "login_page";
    }

    @GetMapping(value = "/logoutPage")
    public String logout() {
        return "logout_page";
    }

    @GetMapping(value = {"/", "/home"})
    public String home() {
        return "index";
    }
}

配置完成之后，需要创建一个Spring Security 安全框架的配置文件：

package com.example.spring.security.demo;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().anyRequest()
                .authenticated().and().formLogin().
                loginPage("/loginPage").permitAll()
                .and().logout().logoutUrl("/logoutPage")
                .logoutSuccessUrl("/loginPage?logout").permitAll();
    }
}

其中，这段代码的意义是，认证所有的请求，并且自定义登录页面，登陆的路由为 /loginPage 认证之后通过所有的请求，并且自定义登出路由，登出路由为 /logoutPage，登陆成功后跳转回 /loginPage?logout。

以下为截图：