Spring security - Change /login default path

Question

We want to add spring to security to our spring boot application

The problem is that we have already /login path used already

So currently we can't load spring security default login page which redirect to /login path

We want to keep the spring default login form, just to change the path it uses,

Meaning, using the default behavior/implementation, only the default (form and process) paths need to be changed (without need to create html)

We didn't find any relevant property or code (or answer) to override it

I see in DefaultLoginPageGeneratingFilter the default

 public static final String DEFAULT_LOGIN_PAGE_URL = "/login";

EDIT

Tried the setLoginPageUrl method suggested by @jannis

@Component
public class LoginFormFilter extends DefaultLoginPageGeneratingFilter {
    @PostConstruct
    private void init() {
        setLoginPageUrl("/api/login");
    }
    @Override
    public String getLoginPageUrl() {
        return "/api/login";
    } 
}

But still getting the default login page

Also failed to override using loginPage method

@Override
protected void configure(HttpSecurity http) throws Exception {
 ....formLogin().loginPage("/api/login");

Answer 1

The main issue in overriding default login url is in FormLoginConfigurer because that class is final and all useful configuration methods are final or private. Respectively, I propose to create additional configurer for setting properties in DefaultLoginPageGeneratingFilter class.

public class AdditionalFormLoginConfigurer extends AbstractHttpConfigurer<AdditionalFormLoginConfigurer, HttpSecurity> {

    private String loginPageUrl;
    private String loginProcessingUrl;

    @Override
    public void init(HttpSecurity http) throws Exception {
        DefaultLoginPageGeneratingFilter loginPageGeneratingFilter = http.getSharedObject(DefaultLoginPageGeneratingFilter.class);
        if (loginPageGeneratingFilter == null) {
            return;
        }

        loginPageGeneratingFilter.setFormLoginEnabled(true);
        loginPageGeneratingFilter.setUsernameParameter("username");
        loginPageGeneratingFilter.setPasswordParameter("password");
        loginPageGeneratingFilter.setLoginPageUrl(loginPageUrl);
        loginPageGeneratingFilter.setLogoutSuccessUrl(loginPageUrl + "?logout");
        loginPageGeneratingFilter.setFailureUrl(loginPageUrl + "?error");
        loginPageGeneratingFilter.setAuthenticationUrl(loginProcessingUrl);
    }

    public AdditionalFormLoginConfigurer loginPage(String loginPageUrl) {
        this.loginPageUrl = loginPageUrl;
        return this;
    }

    public AdditionalFormLoginConfigurer loginProcessingUrl(String loginProcessingUrl) {
        this.loginProcessingUrl = loginProcessingUrl;
        return this;
    }
}

And register the class above in the config like this:

private static final String LOGIN_PAGE_URL = "/custom_login_url";
private static final String LOGIN_PROCESSING_URL = "/perform_login";

@Override
protected void configure(HttpSecurity http) throws Exception {
    ...
    .formLogin()
        .loginPage(LOGIN_PAGE_URL)
        .loginProcessingUrl(LOGIN_PROCESSING_URL)
        .permitAll()
    .and()
        .apply(new AdditionalFormLoginConfigurer())
        .loginPage(LOGIN_PAGE_URL)
        .loginProcessingUrl(LOGIN_PROCESSING_URL)
    ...
}