SpringSecurity自定义登录页面-简单入门
springboot 2.3.4 + thymeleaf
1.搭建springboot项目
添加依赖,先依赖web,thymeleaf和security
项目整体结构
具体代码
4个html页面
home.html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" >
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>Welcome!</h1>
<p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
</body>
</html>
hello.html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>hello , n你好</h1>
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
<form th:action="@{/logout}" method="post">
<input type="submit" value="Sign Out"/>
</form>
</body>
</html>
loginpage.html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>登录页面</title>
</head>
<body>
<div th:if="${param.error}">
Invalid username and password.
</div>
<div th:if="${param.logout}">
You have been logged out.
</div>
<form th:action="@{/login}" method="post">
<div><label> User Name : <input type="text" name="username"/> </label></div>
<div><label> Password: <input type="password" name="password"/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>
success.html
<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>登录成功</h1>
</body>
</html>
mvc配置文件
package com.security.springbootsecurity.conf;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
public class MvcConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
//添加视图控制,访问/资源的时候,映射到home页面
//个人理解,不需要在controller中定义跳转
registry.addViewController("/home").setViewName("home");
registry.addViewController("/").setViewName("home");
registry.addViewController("/hello").setViewName("hello");
//.loginPage("/login")
registry.addViewController("/login").setViewName("loginpage");
registry.addViewController("/success").setViewName("success");
}
}
security的配置文件
package com.security.springbootsecurity.conf;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/", "/home").permitAll() // / 和 /home 资源直接放过,不需要认证授权
.anyRequest().authenticated() // 其他资源访问时,需要验证授权
.and()
.formLogin()
.loginPage("/login") // 指定自定义的登录页面,此处为mvc配置映射的名字,与页面名无关
.permitAll()
.and()
.logout()
.permitAll();
}
}
application.yml
默认情况下,用户名是user,密码是随机生成的
可以在properties文件中硬编码出来
对登录的用户名/密码进行配置,有三种不同的方式:
- 在 application.properties 中进行配置
- 通过 Java 代码配置在内存中
- 通过 Java 从数据库中加载
server:
port: 20000
servlet:
context-path: /security
# 配置security的认证密码
spring:
security:
user:
name: admin
password: 123456
到此整个项目结束
当访问localhost:20000/security时,因为在nvc的配置文件中配置了映射,所以直接打开home页面
当点击链接的时候会进入自定义的认证页面,因为配置的除了
"/", "/home" 无需认证外,其他访问资源都要认证,
输入admin 123456,访问hello页面
退出
如果直接访问success页面,localhost:20000/security/success,也会进行认证
如有不对之处,望见谅,提醒,感谢!
此文参照https://blog.csdn.net/qq_22172133/article/details/86503223
详细可查看这篇博客