Beispiel für ein benutzerdefiniertes Anmeldeformular in Spring Security

Beispiel für eine benutzerdefinierte Anmeldeformularanmerkung für Spring Security

In diesem Tutorial konvertieren wir das vorherigeSpring Security custom login form (XML)-Projekt in ein reines annotationsbasiertes Projekt.

Verwendete Technologien:

Feder 3.2.8.FREIGABE
Federsicherheit 3.2.3.FREIGABE
Eclipse 4.2
JDK 1.6
Maven 3
Tomcat 7 (Servlet 3.x)

Note
In diesem Beispiel werden die letztenSpring Security hello world annotation example wiederverwendet. Erweitern Sie sie, um ein benutzerdefiniertes Anmeldeformular zu unterstützen.

1. Projekt Demo

2. Verzeichnisaufbau

Überprüfen Sie die endgültige Verzeichnisstruktur dieses Lernprogramms.

spring-security-custom-login-annotation-directory

3. Spring-Sicherheitskonfiguration

Spring Security Konfiguration über Annotationen.

SecurityConfig.java

package com.example.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication()
                   .withUser("example").password("123456").roles("USER");
    }

    //.csrf() is optional, enabled by default, if using WebSecurityConfigurerAdapter constructor
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
        .antMatchers("/admin/**").access("hasRole('ROLE_USER')")
        .and()
            .formLogin().loginPage("/login").failureUrl("/login?error")
            .usernameParameter("username").passwordParameter("password")
        .and()
            .logout().logoutSuccessUrl("/login?logout")
        .and()
            .csrf();
    }
}

Das Äquivalent der Spring Security XML-Datei:

4. Benutzerdefiniertes Anmeldeformular

4.1 Page to display the custom login form. Wenn der CSRF-Schutz aktiviert ist, müssen Sie${_csrf.token} sowohl im Anmelde- als auch im Abmeldeformular hinzufügen.

<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>


Login Page




    Spring Security Custom Login Form (Annotation)

    

        Login with Username and Password

        
            ${error}
        
        
            ${msg}
        

        

            
            
                User:
                
            
            
                Password:

4.2 Page to display the welcome message, default page.

hello.jsp

<%@page session="false"%>


    Title : ${title}
    Message : ${message}

4.3 This page is password protected, only authenticated user is allowed to access.

admin.jsp + logout

<%@taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@page session="true"%>


    Title : ${title}
    Message : ${message}

    

        
    
        
    

    

    
        
            Welcome : ${pageContext.request.userPrincipal.name} |  Logout

5. Spring MVC Controller

Eine einfache Steuerung.

HelloController.java

package com.example.web.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;

@Controller
public class HelloController {

    @RequestMapping(value = { "/", "/welcome**" }, method = RequestMethod.GET)
    public ModelAndView welcomePage() {

        ModelAndView model = new ModelAndView();
        model.addObject("title", "Spring Security Custom Login Form");
        model.addObject("message", "This is welcome page!");
        model.setViewName("hello");
        return model;

    }

    @RequestMapping(value = "/admin**", method = RequestMethod.GET)
    public ModelAndView adminPage() {

        ModelAndView model = new ModelAndView();
        model.addObject("title", "Spring Security Custom Login Form");
        model.addObject("message", "This is protected page!");
        model.setViewName("admin");

        return model;

    }

    //Spring Security see this :
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ModelAndView login(
        @RequestParam(value = "error", required = false) String error,
        @RequestParam(value = "logout", required = false) String logout) {

        ModelAndView model = new ModelAndView();
        if (error != null) {
            model.addObject("error", "Invalid username and password!");
        }

        if (logout != null) {
            model.addObject("msg", "You've been logged out successfully.");
        }
        model.setViewName("login");

        return model;

    }

}

6. Initialisiererklassen

Mit den folgenden Initializer-Klassen wird dieses Projekt zu einem reinen annotationsbasierten Projekt.

6.1 Initializer class to enable the Spring Security configuration.

SpringSecurityInitializer.java

package com.example.config.core;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;
public class SpringSecurityInitializer extends AbstractSecurityWebApplicationInitializer {

}

6.2 Initializer class to enable the Spring MVC.

SpringMvcInitializer.java

package com.example.config.core;

import org.springframework.web.servlet.support.AbstractAnnotationConfigDispatcherServletInitializer;
import com.example.config.AppConfig;

public class SpringMvcInitializer
    extends AbstractAnnotationConfigDispatcherServletInitializer {

    @Override
    protected Class[] getRootConfigClasses() {
        return new Class[] { AppConfig.class };
    }

    @Override
    protected Class[] getServletConfigClasses() {
        return null;
    }

    @Override
    protected String[] getServletMappings() {
        return new String[] { "/" };
    }

}

AppConfig.java

package com.example.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
import org.springframework.web.servlet.view.JstlView;

@EnableWebMvc
@Configuration
@ComponentScan({ "com.example.web.*" })
@Import({ SecurityConfig.class })
public class AppConfig {

    @Bean
    public InternalResourceViewResolver viewResolver() {
        InternalResourceViewResolver viewResolver
                           = new InternalResourceViewResolver();
        viewResolver.setViewClass(JstlView.class);
        viewResolver.setPrefix("/WEB-INF/pages/");
        viewResolver.setSuffix(".jsp");
        return viewResolver;
    }

}