SpringBootSecurity learning (03) Web version Login to add custom login page

Others 2019-09-29 16:06:07 views: null

Custom login page

Front Whether using the default configuration or custom configuration class, springboot-security comes with the login page is used, the login page comes in this version, although the design is very good, but in the actual development, we usually still use own login page. Let's write a very simple login page:

file

This page only fill in the username and password of the place, then that is a form submission form, nothing else. pay attention! ! Here despite the introduction of thymeleaf page template, but not using any of labels attribute thymeleaf, using native html tag. Continue below, and then define the path to the login page:

file

Login to add this page to complete.

Modify the configuration class

In the configuration class to add custom login page is very simple, define the login page link:

file

After configuration, start the project, access the login page, you can see an error like this:

file

Display redirected too many times. The original front of our authorization configuration when all self-defined paths without logging in, will be redirected to the login page to log path is now customizable, so it has been self-redirection. Log path itself does not need to be configured to be able to authorize access only reasonable path. Configuration is very simple, only need to add a method to permitAll:

file

Now restart the project, access can access the login, enter the account can be a normal visit!

csrf Configuration

The above configuration pages and modify the class after a good, enter account login, but found login has been unsuccessful, you will always jump to the login page. This is what causes it? The above mentioned page using native html tag, without the use of property thymeleaf template. Let me talk about this case native, why login is not successful, because CSRF Spring Security is enabled by default, so the need to request information CSRF token included in its official documents, provided the label is embedded in a hidden form in the past token obtaining information, the principle is, using hidden tags Spring Security tag provided, i.e., $ {_ csrf.parameterName}, $ {_ csrf.token}, the background page rendering process, this label value corresponding solutions parsed, in this way, our form form, you embed the token information needed by Spring Security when you submit the login request follow-up, no abnormal CSRF token will not appear. Practices are as follows:

file

This time login, you can find success. In springboot2.1.x version, there is a second better solution is to use form tag attributes thymeleaf template:

file

In the form tag, use th: action attribute, it will default to add a hidden input tag of similar effect, and the first solution in the form and view the source code, you can see:

file

In addition, there is a solution is to be resolved through close CSRF, this can solve the problem in almost any scenario (above this solution may not be parsed token value in certain template rendering, but you can come by Daemon get token value, then define variables to render themselves to form, this is also possible). Specific approach is to close by modifying the configuration file, I used here is SpringBoot development of the project, the configuration files directly written in a configuration class, closed by .csrf (). Disable (). However, this scheme will usher CSRF attack, not recommended for use in a production environment, if the system is isolated from the outside world to do, this is also possible. Most of the production environment is used by many such programs.

file

The above three solutions can solve the problem of unsuccessful login.

Configure the default page after a successful login

Now, after a successful login security will jump to a default path, this path is to remove the link to log back / login, you can also jump this default configuration:

file

And then change the default page / home path:

file

Now we have a successful login, the jump is / home:

file

Configuring logout

In addition to log in, there comes out security, to exit the system function, the default path is / logout. We can add a check-out operation in the home page:

file

After the exit, of course, is to enter the default login page, but the browser path above, just to show that is to exit the system. Therefore, the path should show that / login logout, but because this path is not authorized, will jump to the login page again, it was / login show, so we have to be authorized to log out?:

file

Now display is normal after the exit path:

file

Code Address: https://gitee.com/blueses/spring-boot-security 03

Guess you like

Origin www.cnblogs.com/guos/p/11607260.html
Recommended
Face Wall Intelligence releases the Eurux-8x22B open source large model - it can be called the "science champion"
Kaiyuan Daily | Google supports Hongmeng to take over; open source Rabbit R1; Android phones supported by Docker; Microsoft’s anxiety and ambition; Haier Electric shuts down the open platform
Ranking
Jianzhi offer interview questions 68-II. The nearest common ancestor of a binary tree (recursive)
jQuery Mobile development 1-UI components
Summary of Kotlin function knowledge
[ZZ] The Naked Truth About Anisotropic Filtering
Diagnosis: record a recovery of abnormal CRASH storage caused the database to be unable to be opened normally
Redis introduction and Linux installation Redis
Experiment 2 Introduction to switches
glances open source command-line system monitoring tools introduced
Use of selector
vue3 handwriting a carousel picture
Daily
More
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)

Code World

© 2018 codetd.com