如何使用 Spring Security 自定义登录页面? [英] How to use Spring Security to custom login page?

问题描述

我在我的应用程序中使用 Spring Security，这里是对用户进行身份验证的安全部分，但登录页面由 Spring Security 提供:

@EnableWebSecurity公共类 SecurityConfig 扩展了 WebSecurityConfigurerAdapter {公共无效配置(HttpSecurity httpSecurity)抛出异常{http安全.authorizeRequests().antMatchers("/home*").hasRole("USER").和().formLogin();@自动连线public void configureGlobal(AuthenticationManagerBuilder auth) 抛出异常 {授权.inMemoryAuthentication().withUser("用户").password("密码").roles("用户")}}

我想使用下面的登录页面而不是 Spring 的登录页面:

login.html:

<头><title>WebApp</title><meta charset='utf-8'/><script src="https://code.jquery.com/jquery-1.11.3.min.js"></script><link rel="stylesheet" type="text/css" href="css/bootstrap.css"/><link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css"/><link rel="stylesheet" href="css/login.css"/><身体><div class="登录页面"><img src='img/taxi_.jpg' style='width: 180px;左边距:自动；右边距:自动；显示:块；填充顶部:20px；填充底部:20px;'/><div class="heading"><center>仪表板</center>

<div class="form"><form action ="home.html" class="register-form"><input type="text" placeholder="name"/><input type="password" placeholder="password"/><input type="text" placeholder="email address"/><按钮>创建</按钮><p class="message">已经注册?<a href="#">登录</a></p></表单><form action="home.html" class="login-form"><input type="text" placeholder="username"/><input type="password" placeholder="password"/><button id="button_login">登录</button><p class="message">未注册?<a href="#">创建一个帐户</a></p></表单>

如何使用我的自定义登录页面来代替 Spring Security 的登录页面?

解决方案

参见 Spring 安全参考:

<块引用>

虽然自动生成的登录页面便于快速启动和运行，但大多数应用程序都希望提供自己的登录页面.为此，我们可以更新我们的配置，如下所示:

protected void configure(HttpSecurity http) throws Exception {http.authorizeRequests().anyRequest().authenticated().和().formLogin().loginPage("/登录") 1.permitAll();2}

1 更新后的配置指定了登录页面的位置.
2 我们必须授予所有用户(即未经身份验证的用户)访问我们的登录页面的权限.formLogin().permitAll() 方法允许向所有用户授予与基于表单的登录相关联的所有 URL 的访问权限.

您修改后的代码:

public void configure(HttpSecurity httpSecurity) 抛出异常 {http安全.authorizeRequests().antMatchers("/home*").hasRole("USER").和().formLogin().loginPage("/login.html").permitAll();}

I am using Spring Security to my application and here is the security part which authenticates the user but the login page is given by Spring Security:

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    public void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
            .authorizeRequests()
                .antMatchers("/home*").hasRole("USER")
                .and()
            .formLogin();

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth
            .inMemoryAuthentication()
                 .withUser("user")
                 .password("password")
                 .roles("USER")
    }
}

Instead of Spring's login page I want to use my login page which is below:

login.html:

<html lang='en'>
    <head>
        <title>WebApp</title>
        <meta charset='utf-8' />

        <script src="https://code.jquery.com/jquery-1.11.3.min.js"></script>
             <link rel="stylesheet" type="text/css" href="css/bootstrap.css" />
             <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.2/css/bootstrap.min.css" />
             <link rel="stylesheet" href="css/login.css" />  
    </head>

    <body>
        <div class="login-page">
            <img src='img/taxi_.jpg' style='width: 180px; margin-left: auto; margin-right: auto; display: block; padding-top: 20px; padding-bottom:20px;' />

            <div class="heading">
                <center>Dashboard</center>
            </div>
            <div class="form">
                <form action ="home.html" class="register-form">
                    <input type="text" placeholder="name"/>
                    <input type="password" placeholder="password"/>
                    <input type="text" placeholder="email address"/>
                    <button>create</button>
                    <p class="message">Already registered? <a href="#">Sign In</a></p>
               </form>
               <form action="home.html" class="login-form">
                    <input type="text" placeholder="username"/>
                    <input type="password" placeholder="password"/>
                    <button id="button_login">login</button>
                    <p class="message">Not registered? <a href="#">Create an account</a></p>
               </form>
            </div>
        </div>
    </body>
</html>

How can I use my custom login page to be shown instead of Spring Security's login page?

解决方案

See Spring Security Reference:

While the automatically generated log in page is convenient to get up and running quickly, most applications will want to provide their own log in page. To do so we can update our configuration as seen below:

protected void configure(HttpSecurity http) throws Exception {
  http
      .authorizeRequests()
          .anyRequest().authenticated()
          .and()
      .formLogin()
          .loginPage("/login") 1
          .permitAll();        2
}

1 The updated configuration specifies the location of the log in page.
2 We must grant all users (i.e. unauthenticated users) access to our log in page. The formLogin().permitAll() method allows granting access to all users for all URLs associated with form based log in.

Your modified code:

public void configure(HttpSecurity httpSecurity) throws Exception {
    httpSecurity
        .authorizeRequests()
            .antMatchers("/home*").hasRole("USER")
            .and()
        .formLogin()
            .loginPage("/login.html")
            .permitAll();
}

这篇关于如何使用 Spring Security 自定义登录页面?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！