使用SpringSecurity时,需要自定义登录页,否则框架或自动给你生成一个简陋的登录页面。配置如下:
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception
{
http.formLogin().loginPage("loginView").loginProcessingUrl("/login")
}
配置自定义登录页时,需要指定登录API接口,否则会默认以登录页为登录API接口
protected final void updateAuthenticationDefaults() {
if (this.loginProcessingUrl == null) {
loginProcessingUrl(this.loginPage);
}
if (this.failureHandler == null) {
failureUrl(this.loginPage + "?error");
}
LogoutConfigurer<B> logoutConfigurer = getBuilder().getConfigurer(LogoutConfigurer.class);
if (logoutConfigurer != null && !logoutConfigurer.isCustomLogoutSuccess()) {
logoutConfigurer.logoutSuccessUrl(this.loginPage + "?logout");
}
}
设置登录页的方法注释也大致提到了这一点。
Specifies the URL to send users to if login is required. If used with EnableWebSecurity a default login page will be generated when thisattribute is not specified.
If a URL is specified or this is not being used in conjunction with EnableWebSecurity, users are required to process the specified URL togenerate a login page. In general, the login page should create a form that submitsa request with the following requirements to work with UsernamePasswordAuthenticationFilter:
•It must be an HTTP POST
•It must be submitted to loginProcessingUrl(String)
•It should include the username as an HTTP parameter by the name of usernameParameter(String)
•It should include the password as an HTTP parameter by the name of passwordParameter(String)
Example login.jsp
Login pages can be rendered with any technology you choose so long as the rulesabove are followed. Below is an example login.jsp that can be used as a quick startwhen using JSP's or as a baseline to translate into another view technology.
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。