#
Create a custom login page
This tutorial explains how you can create custom login form with Spring 5.
Adding/ creating a custom login page is a common task in Web Application development. This you send the user to a login form with more useful information and can be the entry point into your application.
Supposing you are a secured web application which use the default login page. You can take a look at the tutorial named SPRING SECURITY: Secure Web Application.
I will use this application and I will add a custom login page to it.
This task is very simple and you have to:
create the login page (a normal web page with a submission form inside). Here it is a simple example:
Add the code needed into the Web Controller (WebController.java in my case):
Add security rules into the security configuration (WebSecurityConfig class in my case):
package com.example.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
PasswordEncoder passwordEncoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
String encoded = passwordEncoder.encode("pass1");
System.out.println("encoded="+encoded);
auth.inMemoryAuthentication().passwordEncoder(NoOpPasswordEncoder.getInstance())
.withUser("user").password("u").authorities("USER")
.and()
.withUser("admin").password("a").authorities("USER","ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login1").permitAll()
.antMatchers("/myLogout").permitAll()
.antMatchers("/shared/**").permitAll()
.antMatchers("/no-access/*").denyAll()
.antMatchers("/secured/**").hasAuthority("USER")
.antMatchers("/admin-content/**").hasAuthority("ADMIN")
.and()
.formLogin()
.loginPage("/login1")
.defaultSuccessUrl("/shared/MySpringMvcPage1").failureUrl("/shared/failureAUTH")
.and()
.logout().logoutSuccessUrl("/myLogout").permitAll()
.and().csrf().disable();
}
}
Now when you are not logged in and you want to access a secured page you will see your login page: