spring security(三)——个性化用户认证流程(一)
2018-10-30 本文已影响0人
寻找大海的鱼
自定义登录页面
(一)自己建立登录界面
在resources文件再建立一个resources文件夹,然后在该文件夹下建立signIn.html,代码如下
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<h2>标准登录界面</h2>
<h3>表单登录</h3>
<form action="/authentication/form" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2"><button type="submit">登录</button></td>
</tr>
</table>
</form>
</body>
</html>
项目结构.png
(二)修改BrowserSecurityConfig类中的configure方法,修改后的BrowserSecurityConfig代码如下
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @program: spring_security
* @description:
* @author: 一条懒咸鱼
* @create:2018-30-19:01
**/
@Configuration
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public PasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/signIn.html")
.loginProcessingUrl("/authentication/form")
//http.httpBasic()
.and()
.authorizeRequests()
//.antMatchers("/authentication/require").permitAll()
.antMatchers("/signIn.html").permitAll()
.anyRequest() //除了signIn.html,其他都要身份验证
.authenticated()
.and()
.csrf().disable(); //关闭csrf
}
}
(三)测试
浏览器URL输入localhost:8080
自定义登录.png
输入
用户名admin
密码123456
登陆成功
登陆成功.png
