This article mainly explains how to customize form login in spring security. Spring security provides a form login by default, but it can't be used in actual projects. This article mainly explains how to customize form login

  1. Create a spring Security Project

   1.1 using IDEA

   pom.xml will be added automatically

    <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

  2. Extend WebSecurityConfigurerAdapter

  WebSecurityConfigurerAdapter is provided by spring security for us to extend our own configuration

  to implement WebSecurityConfigurerAdapter, you often need to override:

    1,configure(AuthenticationManagerBuilder auth);

    2,configure(WebSecurity web);

    3,configure(HttpSecurity http);

   2.1 the default websecurity configureradapter provides us with some basic configurations as follows

    protected void configure(HttpSecurity http) throws Exception {
        logger.debug("Using default configure(HttpSecurity). If subclassed this will potentially override subclass configure(HttpSecurity).");

        http
            .authorizeRequests()
                .anyRequest().authenticated()
                .and()
            .formLogin().and()
            .httpBasic();
    }

   2.2 create a custom websecurity configurer

**                                        **

    @Configuration
    @Slf4j
    public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {

            http.csrf().disable()
                .formLogin()
                .loginPage("/mylogin.html")
                .and()
                .authorizeRequests().anyRequest().authenticated();

        }
    }    

  2.3 mylogin.html

    <!DOCTYPE html>
    <html lang="en">
      <head>
         <meta charset="UTF-8">
         <title>Title</title>
      </head>
      <body>
        <h1>Standard landing page</h1>
        <h3>Form login</h3>

     <form action="/login" method="post">
       <table>
        <tr>
            <td>User name:</td>
            <td><input type="text" name="username"/></td>
        </tr>

        <tr>
            <td>Password:</td>
            <td><input type="password" name="password"/></td>
        </tr>

        <tr>
            <td colspan="2">
                <button type="submit">Sign in</button>
            </td>
        </tr>
       </table>
      </form>
    </body>
    </html>

  3. Visit the custom login page (note that there are too many redirects)

  start the project and access it directly

    http://localhost:8080

  you will find that there are too many redirections in the browser. What's the reason?

*  this is because we have configured loginPage("/mylogin.html") above, but this path is not allowed to be accessed. That is to say, when the path is redirected to / mylogin.html, the error will still be caused by the need to authenticate the redirected path / mylogin.html*

  4. Allow access to ant matchers ("/ mylogin. HTML"). Permitall ()

  only add. antMatchers("/mylogin.html").permitAll() to the configuration to allow this path

        http.csrf().disable()
                .formLogin()
                .loginPage("/mylogin.html")
                .and()
                .authorizeRequests()
                .antMatchers("/mylogin.html").permitAll()
                .anyRequest().authenticated();

  visit again and our custom form will be displayed (ignore style...)

  at this time, we enter the user name, user password: console printing

    Using generated security password: 6bf253eb-c785-42b6-b147-b0fe2971586e

  discovery jumps to the / mylogin.html page again. This is because when we configure the loginPage("/mylogin.html"), the filter that processes form login no longer intercepts / login (the default is / login). The intercepted login request address becomes the same mylogin.html as loginPage

  at this time, if you change the action address to / mylogin.html, you can log in again

    <form action="/mylogin.html" method="post">
 

  5. Configure the custom login interface path loginprocessing URL

  because loginPage is configured above, the corresponding login interface path will become mylogin.html configured by loginPage. However, when we do not want to use this as the interface path, we can modify it through the following configuration

  configure the path to process the login request through the loginprocessing URL class

     http.csrf().disable()
                .formLogin()
                .loginPage("/mylogin.html")
                .loginProcessingUrl("/auth/login")
                .and()
                .authorizeRequests()
                .antMatchers("/mylogin.html").permitAll()
                .anyRequest().authenticated();

Remember to correspond to action

    <form action="/auth/login" method="post">

  now we have finished the configuration and precautions of spring security custom login page

6. summary

**This article mainly explains how to customize form login in spring security. It's not very simple, but there are some points to pay attention to. 1. Extend WebSecurityConfigurerAdapter2. Configure loginPage page path 3. Allow loginPage page path access 4. Configure login request path loginProcessingUrl**