[SpringSecurity]web权限方案_用户认证_自定义用户登录页面

Posted 2022-03-03 唐火

在配置类中实现相关的配置

    @Override
    protected void configure(HttpSecurity http) throws Exception 
        http.formLogin()    //自定义自己编写的登陆页面
                .loginPage("/login.html")  //登陆页面设置
                .loginProcessingUrl("/user/login") //登陆访问路径
                .defaultSuccessUrl("/test/index").permitAll() //登陆成功之后，跳转路径
                .and().authorizeRequests()
                .antMatchers("/","/test/hello","/user/login").permitAll() //设置哪些路径可以直接访问，不需要认证
                .anyRequest().authenticated()
                .and().csrf().disable(); //关闭csrf防护
    

创建出相关页面，controller

• login.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>

<form action="/user/login" method="post">
    用户名:<input type = "text" name = "username">
    <br/>
    密码:<input type = "text" name = "password">
    <br/>
    <input type = "submit" value = "login">

</form>

</body>
</html>

特别注意，表单那两个value必须是username和password，阅读UsernamePasswordAuthenticationFilter的源码就知道为什么了！

• controller

package com.atguigu.securitydemo1.controller;


import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class TestController 


    @GetMapping("hello")
    public String hello()
    

        return "hello security";
    

    @GetMapping("index")
    public String index()
    
        return "hello index";
    

测试