Spring Security Form表单认证
Spring Security中,常见的认证方式可以分为HTTP层面和表单层面,如下:
- HTTP基本认证
- Form表单认证
- HTTP摘要认证
Spring Security Form表单实现实例:
1、pom依赖
1 <!-- 引入 security--> 2 <dependency> 3 <groupId>org.springframework.boot</groupId> 4 <artifactId>spring-boot-starter-security</artifactId> 5 </dependency>
2、配置类
登录成功时,defaultSuccessUrl配置页面,successForwardUrl通过接口重定向到页面。
1 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
2 import org.springframework.security.config.annotation.web.builders.WebSecurity;
3 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
4 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
5
6 /**
7 * @author:
8 * @date: 2023/1/6
9 * @description:
10 */
11 @EnableWebSecurity
12 public class SecurityConfig extends WebSecurityConfigurerAdapter {
13
14 /**
15 * configure
16 *
17 * @param [web]
18 * @return void
19 * @description 配置请求哪些资源时,不需要认证
20 *
21 */
22 @Override
23 public void configure(WebSecurity web) throws Exception {
24 super.configure(web);
25 web.ignoring()
26 .antMatchers("/js/**", "/css/**");
27 }
28
29 /**
30 * configure
31 *
32 * @param [http]
33 * @return void
34 * @description
35 * 使用defaultSuccessUrl,可以不配置successForwardUrl
36 */
37 @Override
38 protected void configure(HttpSecurity http) throws Exception {
39 // 配置表单认证方式
40 http.authorizeRequests()
41 //任何请求都需要被认证,必须登录后才能访问
42 .anyRequest()
43 .authenticated()
44 .and()
45 // 开启表单认证
46 .formLogin()
47 //登录页面配置
48 .loginPage("/login.html")
49 .permitAll()
50 //登录成功后,指定跳转到首页(true)
51 // .defaultSuccessUrl("/index.html", true)
52 //post请求的登录接口
53 .loginProcessingUrl("/login")
54 .successForwardUrl("/success")
55 //登录失败,用户名或密码错误
56 .failureUrl("/error.html")
57 //登录时,携带的用户名和密码的表单的键 login.html中的表单
58 .usernameParameter("username")
59 .passwordParameter("password")
60 .and()
61 //注销接口
62 .logout()
63 //url
64 .logoutUrl("/logout")
65 //注销成功后跳转的页面
66 .logoutSuccessUrl("/login.html")
67 .permitAll()
68 //删除自定义的cookie
69 .deleteCookies("myCookie")
70 .and()
71 //关闭csrf防护功能(跨站请求伪造),否则登录不成功
72 .csrf()
73 .disable();
74 }
75 }
3、control
1 import org.springframework.stereotype.Controller;
2 import org.springframework.web.bind.annotation.GetMapping;
3 import org.springframework.web.bind.annotation.RequestMapping;
4 import org.springframework.web.bind.annotation.ResponseBody;
5
6 /**
7 * @description:
8 */
9 @Controller
10 public class SecurityController {
11
12 @GetMapping("hello")
13 @ResponseBody
14 public String hello(){
15 return "hello security";
16 }
17
18 @RequestMapping("success")
19 public String success(){
20 return "redirect:index.html";
21 }
22 }
4、html代码
login.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <meta name="viewport" content="width=device-width, initial-scale=1.0"> 6 <title>Document</title> 7 </head> 8 <body> 9 <div class="main"> 10 <form class="login-form" method="post" action="/login"> 11 用户名: <input type="text" autocomplete="off" 12 placeholder="用户名" name="username" required/><br> 13 密码: <input type="password" 14 autocomplete="off" placeholder="登录密码" name="password" required/><br> 15 <button type="submit" class="enter-btn">登录</button> 16 </form> 17 </div> 18 </body> 19 </html>
index.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title>首页</title> 6 </head> 7 <body> 8 <h3>Spring Security首页,欢迎!</h3> 9 10 </body> 11 </html>
error.html
1 <!DOCTYPE html> 2 <html lang="en"> 3 <head> 4 <meta charset="UTF-8"> 5 <title>Title</title> 6 </head> 7 <body> 8 <h3>登录失败!!!</h3> 9 </body> 10 </html>
5、表单登录
默认用户名:user
密码:项目启动后,控制台打印。
6、项目目录结构
标签:web,Form,Spring,springframework,表单,html,import,org,Security From: https://www.cnblogs.com/moreforests/p/17084243.html