导入pom.xml依赖,这个是SpringBoot自己的拦截器
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
启动,在网页查看
username系统默认用户名是user,password在启动的那里查看,每次的密码都不一样
自定义密码:
在application.properties或者自定义的application.yml里面写入
#访问项目需要的账号密码
spring.security.user.name=自定义用户名
spring.security.user.password=自定义密码
自定义登陆页面:
自定义一个类SecurityConfiguration继承WebSecurityConfigurerAdapter,可以建立一个工具包(util)进行存放
package com.yyy.demo.util;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
super.configure(auth);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
//一个地址下的页面,地址和页面进行匹配
.antMatchers("/hello/hello","/login.html").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
//指定登录页的路径
//Controller层的指定路径
.loginPage("/hello/hello")
//指定自定义form表单请求的路径
.loginProcessingUrl("/authentication/form")
//成功登陆后跳转页面
.failureUrl("/hello/login?error")
//成功登陆后跳转页面
.defaultSuccessUrl("/hello/success")
//许可所有人进行验证登录
.permitAll();
//用不到,先停用
http .csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
}
定义Controller层的LoginController类
package com.yyy.demo.Controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
@RequestMapping("/hello")
public class LoginController {
@RequestMapping("/hello")
public String hello() {
//这边我们,默认是返到templates下的login.html
return "login";
}
@RequestMapping("/success")
@ResponseBody
public String success() {
return "登陆成功";
}
@RequestMapping("/login")
@ResponseBody
public String login() {
return "登陆失败";
}
}
html页面
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.w3.org/1999/xhtml">
<head>
<meta charset="UTF-8">
<title>登陆验证</title>
</head>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<center>
自定义表单验证:
<form name="f" action="/authentication/form" method="post">
用户名:
<input type="text" name="username" placeholder="name"><br/>
密码:
<input type="password" name="password" placeholder="password"><br/>
<input name="submit" type="submit" value="提交">
<input name="reset" type="reset" value="重置">
</form>
</center>
</body>
</html>
注意 :
工具包里面那个类(SecurityConfiguration)的.loginProcessingUrl("/authentication/form")
和html页面的action="/authentication/form"
里面的/authentication/form
可以修改,但是必须相同。
不一样,无法提交进行验证登录。