书接上文,我们已经连接了数据库,用数据库的账号密码进行了登录。
但是呢,我们少了一个登录的页面,显得不是那么美观。
随便在网上搜索一个html的登录页面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
<style>
* {
margin: 0;
padding: 0;
}
html {
height: 100%;
}
body {
height: 100%;
}
.container {
height: 100%;
background-image: linear-gradient(to right, #999999, #330867);
}
.login-wrapper {
background-color: bisque;
width: 358px;
height: 588px;
border-radius: 15px;
padding: 0 50px;
position: relative;
left: 50%;
top: 50%;
transform: translate(-50%,-50%);
}
.header {
font-size: 38px;
font-weight: bold;
text-align: center;
line-height: 200px;
}
.input-item {
display: block;
width: 100%;
margin-bottom: 20px;
border: 0;
padding: 10px;
border-bottom: 1px solid rgb(128,125,125);
font-size: 15px;
outline: none;
}
.input-item::placeholder {
text-transform: uppercase;
}
.btn {
text-align: center;
padding: 10px;
width: 100%;
margin-top: 40px;
background-image: linear-gradient(to right,#a6c1ee, #fbc2eb);
color: #fff;
}
.msg {
text-align: center;
line-height: 88px;
}
a {
text-decoration-line: none;
color: #abc1ee;
}
</style>
</head>
<body>
<div class="container">
<div class="login-wrapper">
<div class="header">Login</div>
<div class="form-wrapper">
<input type="text" name="username" placeholder="username" class="input-item">
<input type="password" name="password" placeholder="password" class="input-item">
<div class="btn">Login</div>
</div>
<div class="msg">
Don't have account?
<a href="#">Sign up</a>
</div>
</div>
</div>
</body>
</html>复制到static目录下,
简单修改一下
<body>
<div class="container">
<div class="login-wrapper">
<div class="header">Login</div>
<div class="form-wrapper">
<form action="/doLogin" method="post">
<input type="text" name="username" placeholder="username" class="input-item">
<input type="password" name="password" placeholder="password" class="input-item">
<button type="submit" class="btn">登录</button>
</form>
</div>
<div class="msg">
没有账号
<a href="#">Sign up</a>
</div>
</div>
</div>
</body>下面是security的配置类
package org.ikun.security_demo;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//开始认证
//设置登录,注销,表单登录不用拦截,其他请求要拦截
http.authorizeRequests().antMatchers("/","/login.html").anonymous()
//所有的请求,类似于shiro中的 /**
.anyRequest()
//必须要认证之后才能访问,类似于shiro的authc
.authenticated()
.and()
//开始配置登录表单
.formLogin()
//配置登录页面,如果访问了一个需要登录以后才能访问的页面,那么就会自动登录到这个页面
.loginPage("/login.html")
//配置处理登录请求的接口,其实就是配置了过滤器里的拦截规则,将来的登录请求就会在过滤器中被处理
.loginProcessingUrl("/doLogin")
//配置登录表单中用户名的 key
.usernameParameter("username")
//配置登录表单中的密码 默认也是username 和 password
.passwordParameter("password")
//配置登录成功后访问的接口
.defaultSuccessUrl("/hello")
//登录失败后访问的接口
.failureUrl("/login.html")
//关闭默认的csrf认证
.and().csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
//设置静态资源不要拦截
web.ignoring().antMatchers("/js/**","/css/**","/images/**");
}
}
整个的目录结构如下
运行效果如图
登录成功后访问/hello接口,登录失败回到登录页面