我想通过自定义 Controller 和登录页面更好地控制登录和注销。
我的 SecurityConfiguration 代码当前如下所示:
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Autowired
private SpringDataJpaUserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.userDetailsService(this.userDetailsService)
.passwordEncoder(Manager.PASSWORD_ENCODER);
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/resources/**", "/built/**", "/main.css", "/login.css").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login")
.loginProcessingUrl("/loginSecure")
.defaultSuccessUrl("/index", true)
.permitAll()
.usernameParameter("username").passwordParameter("password")
.and()
.csrf().disable()
.logout()
.permitAll();
}
}
我的 Controller 中的登录配置:
@RequestMapping(value = "/login")
public String login() {
return "login";
}
我的 Controller 中的登录安全映射:
@RequestMapping(value="/loginSecure", method = RequestMethod.POST)
public String login(@RequestAttribute("username") String userName, @RequestAttribute("password") String password) {
//does the authentication
final Authentication authentication = authenticationManager.authenticate(
new UsernamePasswordAuthenticationToken(
userName,
password
)
);
SecurityContextHolder.getContext().setAuthentication(authentication);
return "index";
}
我的登录.html:
<form class="login100-form validate-form" action="/loginSecure" method="post">
<span class="login100-form-title p-b-26">
Welcome
</span>
<span class="login100-form-title p-b-48">
<i class="zmdi zmdi-font"></i>
</span>
<div class="wrap-input100 validate-input" data-validate = "Valid email is: a@b.c">
<input class="input100" type="text" id="username" name="username"/>
<span class="focus-input100" data-placeholder="Email/Username"></span>
</div>
<div class="wrap-input100 validate-input" data-validate="Enter password">
<span class="btn-show-pass">
<i class="zmdi zmdi-eye"></i>
</span>
<input class="input100" type="password" id="password" name="password"/>
<span class="focus-input100" data-placeholder="Password"></span>
</div>
<div class="container-login100-form-btn">
<div class="wrap-login100-form-btn">
<div class="login100-form-bgbtn"></div>
<button class="login100-form-btn">
Login
</button>
</div>
</div>
</form>
当我提交表单时,在 Chrome 开发工具中它会作为登录安全提交? url 已编码,但它只是再次重定向回 login.html。
编辑:从 login.html 中删除了额外的表单,并将 csfr().disable 添加到 securityConfiguration 中。将 loginProcessUrl 添加到 httpSecurity 并修复了该问题。上面的代码有效。
最佳答案
如果您创建自定义登录 html 和自定义身份 validator ,则需要将其添加到 HttpSecurity 配置 -> .loginProcessingUrl("/loginSecure")
这里就是一个很好的例子 -> https://www.boraji.com/spring-security-4-custom-login-from-example
关于java - Spring Boot 和 Spring Security 自定义登录页面和 Controller ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/48978184/