1.springSecurity Build-up
Create a new Springboot Web project, I have only selected the web here, after the establishment of the following:
Pom dependency:
<!--Https://mvnrepository.com/artifact/org.apache.tomcat.embed/tomcat-embed-jasper--<!--configuration support jsp-- > <dependency> <groupId>org.apache.tomcat.embed</groupId> <artifactid >tomcat-embed-jasper</artifactId> <version>8.5.12</version> </dependency> <!--Https://mvnrepository.com/artifact/javax.servlet/javax.servlet-api--<dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <version>3.1.0</version> </dependency> <!--https://mvnrepository.com/artifact/javax.s Ervlet/jstl-<dependency> <groupId>javax.servlet</groupId> <artifa Ctid>jstl</artifactid> <version>1.2</version> </dependency> <!--add S Tatic and templates Dependency-- <dependency> <groupId>org.springframework.boot</groupId> <artifactid>spri Ng-boot-starter-web</artifactid> </dependency> <dependency> <groupid>org. Springframework.boot</groupid> <artifactId>spring-boot-starter-test</artifactId> & lt;scope>test</scope> </dependency> <dependency> <GROUPID>ORG.SPRINGFR Amework.boot</groupid> <artifactId>spring-boot-starter-thymeleaf</artifactId> </DEP Endency> <dependency> <!--because I'm using spring boot so I'm introducing spring-boot-starter-security and I'm using spring I o So do not need to fill in the dependent version number-<groupId>org.springframework.boot</groupId> <artifactid>spri Ng-boot-starter-security</artifactid> </dependency>
The above JSP dependency if not used can not add OH
2. Write securityconfiguration to inherit Websecurityconfigureradapter
Websecurityconfigureradapter is the main class in the Security browser login settings Here we inherit after overriding the following three methods:
- Httpsecurity (HTTP request Security handling)
- Authenticationmanagerbuilder (authentication Management Generator)
- Websecurity (web Security)
Import Org.springframework.context.annotation.configuration;import Org.springframework.security.config.annotation.authentication.builders.authenticationmanagerbuilder;import Org.springframework.security.config.annotation.web.builders.httpsecurity;import Org.springframework.security.config.annotation.web.builders.websecurity;import org.springframework.security.config.annotation.web.configuration.websecurityconfigureradapter;@ Configurationpublic class Securityconfiguration extends Websecurityconfigureradapter {@Override protected void conf Igure (Authenticationmanagerbuilder auth) throws Exception {super.configure (auth); } @Override protected void Configure (Httpsecurity http) throws Exception {http. authorizerequ ESTs (). Antmatchers ("/hello", "/login.html"). Permitall (). Anyrequest (). Authenticated () . and (). Formlogin ()//Specify the path to the login page. LoginPage ("/hello") Specifies the path to the custom form form request. Loginprocessingurl ("/authentication/form"). Failureurl ("/login?e Rror "). Defaultsuccessurl ("/success ")//must allow all users to access our login page (for example, unauthenticated users, otherwise the validation process will go into a dead loop) This formlogin (). Permitall () method allows all users to access/login this page based on form login: Permitall (); By default, there is a hiden tag with security-related validation to prevent request forgery. We do not need to disable HTTP at this time. CSRF (). disable (); } @Override public void Configure (Websecurity Web) throws Exception {super.configure (web); }}
Here we specify the login page access method is/hello method, here we write this controller layer:
@Controllerpublic class LoginController { @RequestMapping("/hello") public String hello() { //这边我们,默认是返到templates下的login.html return "login"; }}
Login.html:
<!DOCTYPE html>
The value of the note here is the user name of the form and the Name= "" of the Password input box, which corresponds to the validation inside the security:
Name= "username", name= "password", otherwise unrecognized, in addition action= "/authentication/form" to With. Loginprocessingurl ("/authentication/ Form "), as for the path is not written as/authentication/form (write other paths will be error, not in-depth study, know the small partners can give me a message).
3. Project LaunchWe now launch the project regardless of which URL is entered and will be intercepted back to the login page as follows:
At this point we Username: User (default) password: will be generated at startup time as follows:
This time we log on successfully, otherwise it will be returned to the error page incorrectly
Springsecurity Build a custom login page