Table of contents
Configure a custom login form page
Configure the jump page method for successful login
Configure the redirection page method for login failures
Front-end form parameter acquisition
CustomWebSecurityConfigurerAdapter configuration class code example
-
Environmental preparation
- Create a springboot project
- Introduce the spring security framework
- Introduce thymeleaf template engine
-
Configure a custom login form page
- 1- Customize login.html page
- The 2-Controller layer displays the front controller of the login.html page
- 3-CustomWebSecurityConfigurerAdapter configuration class settings
- Set the request in the configuration class to require login authentication
- Set request release in configuration class
- The url of the custom login page needs to be released in the custom configuration class, so that users can access the login page anonymously
- Otherwise, all requests require login authentication, and they all need to jump to the login page, and the login page also needs to jump to the login page, which creates an endless loop
- The static resource access of the custom login page needs to be released in the custom configuration class, so that users can access static resources anonymously
- 4-Test
- All requests except /showLogin will automatically jump to the custom login page, requiring the user to log in and authenticate first
-
Configure the jump page method for successful login
- 1- Customize the home.html page, and jump to the home.html page after successful login
- The 2-Controller layer displays the front controller of the home.html page
- 3-CustomWebSecurityConfigurerAdapter configuration class settings
- 4-Test
- After clicking Login Now, the page is refreshed and redirected to the login page. Why?
- Reason: The spring security framework enables csrf by default
- Turn off csrf in the configuration class
- Without closing csrf, adding the csrf.token parameter on the login.html page can also solve the problem
- Start the project, visit http://localhost:8080 , use account: admin and password: 123456 to log in, the login is successful, and the page jumps successfully
-
Configure the redirection page method for login failures
- 1- Customize the error_page.html page, and jump to the error_page.html page after login failure
- The 2-Controller layer displays the front controller of the home.html page
- 3-CustomWebSecurityConfigurerAdapter configuration class settings
- 4-Test
- Start the project, visit http://localhost:8080 , use account: admin and password: 123123 to log in, the password is wrong, jump to the default login exception page
- The password is wrong, and the page is still on the default login page after a flash; what's going on?
- Reason: The /errPage route requires login authentication
- Solution: Release the /errPage route in the configuration class to allow users to access anonymously
-
Front-end form parameter acquisition
- If the front-end user defines the login page, the name attribute of the DOM element of the user name and password is not set to username and password, what will happen?
- Can spring security still obtain parameters normally for login authentication? that's definitely not possible
- Get the token by modifying the login.html form
-
CustomWebSecurityConfigurerAdapter configuration class code example
