本文详细介绍了如何在Spring Security中配置自定义登录页、启用HttpBasic认证、Remember-me功能及退出登录设置,包括配置代码示例和HTML模板。
-
添加自定义的登录页
(1) 示例
login.html
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> ... <div id="content"> <a th:href="@{/spitter/register}"> Register </a> <br/> <br/> <form name='f' th:action='@{/login}' method='POST'> <table align="center"> <tr> <td>User:</td> <td> <input type='text' name='username' value=''/> </td> </tr> <tr> <td>Password:</td> <td> <input type='password' name='password'/> </td> </tr> <tr> <td colspan='2'> <input id="remember_me" name="remember-me" type="checkbox"/> <label for="remember_me" class="inline">Remember me</label> </td> </tr> <tr> <td colspan='2'> <input name="submit" type="submit" value="Login"/> </td> </tr> </table> </form> </div> ... </html>SecurityConfig.java
@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login") .and() .authorizeRequests() .antMatchers("/").authenticated() .antMatchers("/spitter/me").authenticated() .antMatchers(HttpMethod.POST, "/spittles").authenticated() .anyRequest().permitAll() .and() .requiresChannel() .anyRequest().requiresInsecure(); } ... }(2) 在configure(HttpSecurity)中调用formLogin()即可对登录页面进行各种配置;
loginPage()指定了登录页的视图名称,再由视图解析器解析到对应的视图中
(3) login.html中,表单form要提交到相对于上下文的 /login 页面上
-
启用Http Basic认证
示例
SecurityConfig.java
@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login") .and() .httpBasic() .realmName("Spittr") .and() .authorizeRequests() .antMatchers("/").authenticated() .antMatchers("/spitter/me").authenticated() .antMatchers(HttpMethod.POST, "/spittles").authenticated() .anyRequest().permitAll() .and() .requiresChannel() .anyRequest().requiresInsecure(); } ... }在configure(HttpSecurity)中添加 .httpBasic().realmName(“Spittr”) 即可开启Http Basic认证,同样使用and进行连接
-
启用Remember-me功能
(1) SpringSecurity使得添加Remember-me功能非常简单,直接在configure(HttpSecurity)中添加.rememberMe()即可
(2) 默认情况下,这个功能是通过在cookie中存储一个token完成的。这个token包含用户名、密码、过期时间和一个私钥,过期时间和私钥可以进行设置。写入cookie之前,这四个属性会经过MD5哈希
SecurityConfig.java
@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login") .and() .httpBasic() .realmName("Spittr") .and() .rememberMe() .tokenRepository(new InMemoryTokenRepositoryImpl()) .tokenValiditySeconds(2419200) //设置过期时间 .key("spittrKey") //设置私钥名称 .and() .authorizeRequests() .antMatchers("/").authenticated() .antMatchers("/spitter/me").authenticated() .antMatchers(HttpMethod.POST, "/spittles").authenticated() .anyRequest().permitAll() .and() .requiresChannel() .anyRequest().requiresInsecure(); } ... }(4) 对应的,html中__必须包括一个名为remember-me的参数__与之对应
login.html
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> ... <div id="content"> <a th:href="@{/spitter/register}"> Register </a> <br/> <br/> <form name='f' th:action='@{/login}' method='POST'> <table align="center"> <tr> <td>User:</td> <td> <input type='text' name='username' value=''/> </td> </tr> <tr> <td>Password:</td> <td> <input type='password' name='password'/> </td> </tr> <tr> <td colspan='2'> <input id="remember_me" name="remember-me" type="checkbox"/> <label for="remember_me" class="inline">Remember me</label> </td> </tr> <tr> <td colspan='2'> <input name="submit" type="submit" value="Login"/> </td> </tr> </table> </form> </div> ... </html> -
退出
(1) 默认情况下,退出功能是SpringSecurity Filter实现的,这个Filter会拦截/logout的请求
(2) 退出的设置也是在 configure(HttpSecurity)方法中,调用logout()方法,同样使用and()连接不同的配置
SecurityConfig.java
@Configuration @EnableWebMvcSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .formLogin() .loginPage("/login") .and() .httpBasic() .realmName("Spittr") .and() .rememberMe() .tokenRepository(new InMemoryTokenRepositoryImpl()) .tokenValiditySeconds(2419200) //设置过期时间 .key("spittrKey") //设置私钥名称 .and() .logout() .logoutSuccessUrl("/") .logoutUrl("/logout") .and() .authorizeRequests() .antMatchers("/").authenticated() .antMatchers("/spitter/me").authenticated() .antMatchers(HttpMethod.POST, "/spittles").authenticated() .anyRequest().permitAll() .and() .requiresChannel() .anyRequest().requiresInsecure(); } ... }(3) logoutSuccessUrl用于设置退出登录后重定向的url;
logoutUrl用于设置Filter的拦截路径(默认拦截"/logout"的请求)
chapter09_保护Web应用_4_认证用户
最新推荐文章于 2025-08-17 11:45:32 发布
扫一扫
2
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
