SpringBoot 整合 SpringSecurity——自定义登录页面
SpringBoot 整合 SpringSecurity——自定义登录页面
-
编写一个自己的登录页面
login.html
<html lang="en"> <head> <meta charset="UTF-8"> <title>登录页面</title> </head> <body> <form> 用户名:<input type="text" name="username"/><br> 密码:<input type="password" name="password"><br> <input type="submit" value="提交"> </form> </body></html>
-
修改配置类 SpringSecurityConfig 中主要是设置哪个页面是登录页面。配置类需要继承 WebSecurityConfigurerAdapter ,并重写 configure 方法.
successForwardurl():
登录成功后跳转地址loginPage():
登录页面loginProcessingurl:
登录页面表单提交地址,此地址可以不真实存在。antMatchers():
匹配内容permitAll():
允许
package cn.edu.hziee.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;@Configurationpublic class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { //自定义表单登录页面 http.formLogin() //自定义的登录页面 .loginPage("/login.html") //处理登录处理的请求地址 .loginProcessingUrl("/login") //登录成功后返回的页面 .successForwardUrl("/tomain"); //权限配置 http.authorizeRequests() //放行登录页面 .antMatchers("/login.html").permitAll() //其他资源均需登录后访问 .anyRequest().authenticated(); http.csrf().disable(); }}
LoginController
package cn.edu.hziee.controller;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.RequestMapping;@Controllerpublic class LoginController { @RequestMapping("/tomain") public String toMain(){ return "redirect:/tosuccess"; } @RequestMapping("/tosuccess") public String toSuccess(){ return "/success.html"; }}
-
运行结果
SpringSecurityConfig 使用 and() 来实现链式编程
package cn.edu.hziee.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;@Configurationpublic class SpringSecurityConfig extends WebSecurityConfigurerAdapter { @Bean public PasswordEncoder passwordEncoder(){ return new BCryptPasswordEncoder(); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() .loginPage("/login.html") .loginProcessingUrl("/login") .successForwardUrl("/tomain") .and() .authorizeRequests() .antMatchers("/login.html").permitAll() .anyRequest().authenticated(); http.csrf().disable(); }}
上一篇:SpringBoot 整合 SpringSecurity——数据库实现