Other authorized configuration
security configuration class, for all paths were unified authorization configuration. But we also need to let some of the content is not logged visitors have access to, such as js, css and other static files, as well as some promotional pages and so on. These paths can be individually configured:
Let's try some, trying to project page springboot General on the resource folder below the templates folder. The static resource files are generally placed under the folder static folder. Let's build a test.css file,
Just write about content, startup items to see results:
Can be seen in the case are not logged accessible. You can also get a simple ad pages to see the effect, not the demo here. About authorization, here are some conclusions:
Successful login processor
Now we have a successful login time to jump directly to the default page. Sometimes Login operational requirements to record it and then jump a log, or log After the successful implementation of a number of other logic to jump again, we can add a successful login processor LoginSuccessHandler, this class needs to implement AuthenticationSuccessHandler interface and implement onAuthenticationSuccess method:
Next you need to configure the class, accessories successfully processor:
Restart login you can see, the console successfully printed a statement:
But this time does not jump to the default page, the default page configuration at this time and no use, we need to manually jump successfully processor:
This time to log on it. defaultSuccessUrl configuration can also be deleted. Not only security processor can be configured to log in successfully, you can also configure the login fails, you can call failureHandler in http.formLogin () () configuration. Failed on landing processor needs to achieve AuthenticationFailureHandler buckle, and realize onAuthenticationFailure method. However, the actual cause of the login failure of many, such as indiscriminate enter the account number and so on, so in addition to special circumstances, in general, not to deal with failure.
In addition there are some other processing login, such as insufficient permissions handling, manual handling and so on exit, will focus on the lack of authority behind the processor.
Code Address: https://gitee.com/blueses/spring-boot-security 04