Spring Security中的自定义用户登录页面
程序员文章站
2024-03-19 15:46:10
...
在Spring Security中的用户认证增加数据库的基础上进行修改。
SecurityConfig.java
package com.rixin.springsecuritydemo1.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
}
@Bean
PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//自定义用户登录页面
http.formLogin()
.loginPage("/login.html") //登录页面设置
.loginProcessingUrl("/user/login") //登录访问路径
.defaultSuccessUrl("/test/index").permitAll() //登录成功后的跳转路径
.and().authorizeRequests() //定义哪些url被保护,哪些不被保护
.antMatchers("/","/test/hello","/user/login").permitAll() //访问这些路径不需要认证
.anyRequest().authenticated()
.and().csrf().disable(); //关闭csrf防护
}
}
resources目录下建立static目录放入页面login.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form action="/user/login" method="post">
username:<input type="text" name="username"/>
password:<input type="password" name="password"/>
<input type="submit" value="login"/>
</form>
</body>
</html>
TestController.java
package com.rixin.springsecuritydemo1.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/test")
public class TestController {
@GetMapping("hello")
public String add() {
return "hello security";
}
@GetMapping("index")
public String index() {
return "hello index";
}
}