java spring引导和spring安全定制登录页面和控制器
我想通过自定义控制器和登录页面对登录和注销进行更多控制
我的安全配置代码目前如下所示:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SpringDataJpaUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(this.userDetailsService)
.passwordEncoder(Manager.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/built/**", "/main.css", "/login.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/loginSecure")
.defaultSuccessUrl("/index", true)
.permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.csrf().disable()
.logout()
.permitAll();
}
}
我的控制器中的登录配置:
@RequestMapping(value = "/login")
public String login() {
return "login";
}
我的控制器中的登录安全映射:
@RequestMapping(value="/loginSecure", method = RequestMethod.POST)
public String login(@RequestAttribute("username") String userName, @RequestAttribute("password") String password) {
//does the authentication
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
userName,
password
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
return "index";
}
我的登录。html:
<form class="login100-form validate-form" action="/loginSecure" method="post">
<span class="login100-form-title p-b-26">
Welcome
</span>
<span class="login100-form-title p-b-48">
<i class="zmdi zmdi-font"></i>
</span>
<div class="wrap-input100 validate-input" data-validate = "Valid email is: a@b.c">
<input class="input100" type="text" id="username" name="username"/>
<span class="focus-input100" data-placeholder="Email/Username"></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Enter password">
<span class="btn-show-pass">
<i class="zmdi zmdi-eye"></i>
</span>
<input class="input100" type="password" id="password" name="password"/>
<span class="focus-input100" data-placeholder="Password"></span>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn"></div>
<button class="login100-form-btn">
Login
</button>
</div>
</div>
</form>
当我提交表单时,在chrome开发工具中,它作为loginSecure提交?使用url编码,但它只是重定向回登录。又是html。
编辑:从登录中删除了额外的表单。html并添加了csfr()。禁用安全配置。将loginProcessUrl添加到httpSecurity,并修复了它。以上代码有效
# 1 楼答案
如果创建自定义登录html和自定义身份验证程序,则需要将其添加到HttpSecurity配置->。loginProcessingUrl(“/loginSecure”)
这里有一个很好的例子->https://www.boraji.com/spring-security-4-custom-login-from-example