spring security 4 自定义登录页面 [英] spring security 4 custom login page
问题描述
我想在 Spring Security 中创建自定义的纯 html/js 登录页面.我使用 Spring Boot 1.2.5.RELEASE我定义了一个应用程序和配置:
I would like to create custom pure html/js login page in Spring Security. I use Spring Boot 1.2.5.RELEASE I defined an application and configuration:
@SpringBootApplication
public class Application {
public static void main(String[] args) {
SpringApplication.run(Application.class, args);
}
}
@Configuration
@EnableWebSecurity
@EnableWebMvcSecurity
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("a").password("a").roles("USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable() // DISABLED CSRF protection to make it easier !
.authorizeRequests()
.antMatchers("/", "/login.html").permit
.anyRequest().authenticated()
.and()
.formLogin()
.loginPage("/login.html")
.permitAll()
.and()
.logout()
.permitAll()
.logoutUrl("/logout")
.logoutSuccessUrl("/");
}
@Override
@Bean
public AuthenticationManager authenticationManagerBean() throws Exception {
return super.authenticationManagerBean();
}
}
我的登录页面看起来像这样(从默认页面复制!)
My login page looks like that (copied from default page!)
<html><head><title>Login Page</title></head><body onload='document.f.username.focus();'>
<h3>Login with Username and Password</h3><form name='f' action='/login' method='POST'>
<table>
<tr><td>User:</td><td><input type='text' name='username' value=''></td></tr>
<tr><td>Password:</td><td><input type='password' name='password'/></td></tr>
<tr><td colspan='2'><input name="submit" type="submit" value="Login"/></td> </tr>
</table>
</form></body></html>
但我还有:AUTHORIZATION_FAILURE
But I still have: AUTHORIZATION_FAILURE
是否可以创建pute html登录页面(没有jsp、thymeleaf等)?我的代码做错了什么?
Is it possible to create pute html login page (without jsp, thymeleaf, etc.) ? What do I do wrong in my code ?
推荐答案
您将登录页面配置为 /login.html(使用 loginPage("/login.html")).这也将更改您需要发布登录凭据的位置.文档指出:
You configured your login page to be at /login.html (using loginPage("/login.html")). This will also change the location to which you need to post the credentials to login. The documentation states:
如果/authenticate"被传递给这个方法[loginPage(String)],它会将默认值更新为如下图:
If "/authenticate" was passed to this method [
loginPage(String)] it update the defaults as shown below:
- /authenticate GET - 登录表单
- /authenticate POST - 处理凭据,如果有效则对用户进行身份验证
- /authenticate?error GET - 重定向到此处进行失败的身份验证尝试
- /authenticate?logout GET - 成功注销后重定向到这里
为了使登录工作,您需要使 login.html 将凭据发布到 /login.html 而不是 /login>.
In order to make the login work, you need to make login.html post the credentials to /login.html instead of /login.
这篇关于spring security 4 自定义登录页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
