SpringSecurity自定义登录页面-简单入门

  • 时间:
  • 来源:互联网
  • 文章标签:

SpringSecurity自定义登录页面-简单入门

springboot 2.3.4  +  thymeleaf

1.搭建springboot项目

添加依赖,先依赖web,thymeleaf和security

项目整体结构

具体代码

4个html页面

home.html

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org" >
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>

    <h1>Welcome!</h1>
    ​
    <p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
</body>
</html>

hello.html

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
    <h1>hello , n你好</h1>

    <h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
    <form th:action="@{/logout}" method="post">
        <input type="submit" value="Sign Out"/>
    </form>
</body>
</html>

login.html

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>登录页面</title>
</head>
<body>


    <div th:if="${param.error}">
        Invalid username and password.
    </div>
    <div th:if="${param.logout}">
        You have been logged out.
    </div>
    <form th:action="@{/login}" method="post">
        <div><label> User Name : <input type="text" name="username"/> </label></div>
        <div><label> Password: <input type="password" name="password"/> </label></div>
        <div><input type="submit" value="Sign In"/></div>
    </form>
</body>
</html

success.html

<!DOCTYPE html>
<html lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>

<h1>登录成功</h1>
</body>
</html>

mvc配置文件

package com.security.springbootsecurity.conf;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

@Configuration
public class MvcConfig implements WebMvcConfigurer {

    @Override
    public void addViewControllers(ViewControllerRegistry registry) {

        //添加视图控制,访问/资源的时候,映射到home页面
        //个人理解,不需要在controller中定义跳转
        registry.addViewController("/home").setViewName("home");
        registry.addViewController("/").setViewName("home");
        registry.addViewController("/hello").setViewName("hello");
        //.loginPage("/login")
        registry.addViewController("/login").setViewName("loginpage");
        registry.addViewController("/success").setViewName("success");
    }
}

security的配置文件

package com.security.springbootsecurity.conf;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;


@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/", "/home").permitAll()  // / 和 /home 资源直接放过,不需要认证授权
                .anyRequest().authenticated()       // 其他资源访问时,需要验证授权
                .and()
                .formLogin()
                .loginPage("/login") // 指定自定义的登录页面,此处为mvc配置映射的名字,与页面名无关
                .permitAll()
                .and()
                .logout()
                .permitAll();
    }
}

application.yml

默认情况下,用户名是user,密码是随机生成的

可以在properties文件中硬编码出来

对登录的用户名/密码进行配置,有三种不同的方式:

  • 在 application.properties 中进行配置
  • 通过 Java 代码配置在内存中
  • 通过 Java 从数据库中加载
server:
  port: 20000
  servlet:
    context-path: /security

# 配置security的认证密码
spring:
  security:
    user:
      name: admin
      password: 123456

到此整个项目结束

当访问localhost:20000/security时,因为在nvc的配置文件中配置了映射,所以直接打开home页面

当点击链接的时候会进入自定义的认证页面,因为配置的除了

"/", "/home" 无需认证外,其他访问资源都要认证,

输入admin  123456,访问hello页面

退出

如果直接访问success页面,localhost:20000/security/success,也会进行认证

 

如有不对之处,望见谅,提醒,感谢!

此文参照https://blog.csdn.net/qq_22172133/article/details/86503223

详细可查看这篇博客

本文链接http://www.taodudu.cc/news/show-1781839.html