Spring Security Form表单认证代码实例
Spring Security Form表单认证
Spring Security中,常见的认证方式可以分为HTTP层面和表单层面,如下:
- Form表单认证
Spring Security Form表单实现实例:
1、pom依赖
1 <!-- 引入 security--> 2 <dependency> 3 <groupId>org.springframework.boot</groupId> 4 <artifactId>spring-boot-starter-security</artifactId> 5 </dependency>
2、配置类
登录成功时,defaultSuccessUrl配置页面,successForwardUrl通过接口重定向到页面。
1 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 2 import org.springframework.security.config.annotation.web.builders.WebSecurity; 3 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; 4 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 5 6 /** 7 * @author: 8 * @date: 2023/1/6 9 * @description: 10 */ 11 @EnableWebSecurity 12 public class SecurityConfig extends WebSecurityConfigurerAdapter { 13 14 /** 15 * configure 16 * 17 * @param [web] 18 * @return void 19 * @description 配置请求哪些资源时,不需要认证 20 * 21 */ 22 @Override 23 public void configure(WebSecurity web) throws Exception { 24 super.configure(web); 25 web.ignoring() 26 .antMatchers("/js/**", "/css/**"); 27 } 28 29 /** 30 * configure 31 * 32 * @param [http] 33 * @return void 34 * @description 35 * 使用defaultSuccessUrl,可以不配置successForwardUrl 36 */ 37 @Override 38 protected void configure(HttpSecurity http) throws Exception { 39 // 配置表单认证方式 40 http.authorizeRequests() 41 //任何请求都需要被认证,必须登录后才能访问 42 .anyRequest() 43 .authenticated() 44 .and() 45 // 开启表单认证 46 .formLogin() 47 //登录页面配置 48 .loginPage("/login.html") 49 .permitAll() 50 //登录成功后,指定跳转到首页(true) 51 // .defaultSuccessUrl("/index.html", true) 52 //post请求的登录接口 53 .loginProcessingUrl("/login") 54 .successForwardUrl("/success") 55 //登录失败,用户名或密码错误 56 .failureUrl("/error.html") 57 //登录时,携带的用户名和密码的表单的键 login.html中的表单 58 .usernameParameter("username") 59 .passwordParameter("password") 60 .and() 61 //注销接口 62 .logout() 63 //url 64 .logoutUrl("/logout") 65 //注销成功后跳转的页面 66 .logoutSuccessUrl("/login.html") 67 .permitAll() 68 //删除自定义的cookie 69 .deleteCookies("myCookie") 70 .and() 71 //关闭csrf防护功能(跨站请求伪造),否则登录不成功 72 .csrf() 73 .disable(); 74 } 75 }
3、control
1 import org.springframework.stereotype.Controller; 2 import org.springframework.web.bind.annotation.GetMapping; 3 import org.springframework.web.bind.annotation.RequestMapping; 4 import org.springframework.web.bind.annotation.ResponseBody; 5 6 /** 7 * @description: 8 */ 9 @Controller 10 public class SecurityController { 11 12 @GetMapping("hello") 13 @ResponseBody 14 public String hello(){ 15 return "hello security"; 16 } 17 18 @RequestMapping("success") 19 public String success(){ 20 return "redirect:index.html"; 21 } 22 }
4、html代码
login.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 6 <title>Document</title> 7 </head> 8 <body> 9 <div class="main"> 10 <form class="login-form" method="post" action="/login"> 11 用户名: <input type="text" autocomplete="off" 12 placeholder="用户名" name="username" required/><br> 13 密码: <input type="password" 14 autocomplete="off" placeholder="登录密码" name="password" required/><br> 15 <button type="submit" class="enter-btn">登录</button> 16 </form> 17 </div> 18 </body> 19 </html>
index.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title>首页</title> 6 </head> 7 <body> 8 <h3>Spring Security首页,欢迎!</h3> 9 10 </body> 11 </html>
error.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title>Title</title> 6 </head> 7 <body> 8 <h3>登录失败!!!</h3> 9 </body> 10 </html>
5、表单登录
默认用户名:user
密码:项目启动后,控制台打印。
6、项目目录结构
