I developed an application that uses Spring Security's default login page. However I want to implement my own login page. I will put a login.html instead of a jsp page. I want to use JQuery for it. I examined many examples but couldn't achieve. I am new to Spring and Spring Security, I use Spring Security 3. Any ideas which steps I should follow?
Form-based login is one form of Username/password authentication that Spring Security provides support for. This is provided through an Html form. Whenever a user requests a protected resource, Spring Security checks for the authentication of the request.
Spring security secures all HTTP endpoints by default. A user has to login in a default HTTP form. To enable Spring Boot security, we add spring-boot-starter-security to the dependencies.
There are four requirements for a custom login page in Spring Security:
j_username
which will contain the name used for the authentication credentials.j_password
which will contain the password used for the authentication credentials.POST
ed matches the url defined in the login-processing-url
attribute of the form-login
element in your Spring Security configuration.login-page
attribute of the form-login
element in your Spring Security configuration.Login.html
<body> <form action="/j_spring_security_check" method="POST"> <label for="username">User Name:</label> <input id="username" name="j_username" type="text"/> <label for="password">Password:</label> <input id="password" name="j_password" type="password"/> <input type="submit" value="Log In"/> </form> </body>
Spring Security Configuration File
<http use-expressions="true"> <intercept-url pattern="/login*" access="isAnonymous()"/> <intercept-url pattern="/**" access="isFullyAuthenticated()"/> <form-login login-page="/login.html" login-processing-url="/j_spring_security_check.action" authentication-failure-url="/login_error.html" default-target-url="/home.html" always-use-default-target="true"/> </http>
I have been working for a couple of days on implementing spring security in my project and the configuration that finally did it was the following:
spring-security.xml
<security:http auto-config="true" disable-url-rewriting="true" use-expressions="true"> <security:form-login login-page="/login.html" login-processing-url="/j_spring_security_check.action" default-target-url="/index.html" always-use-default-target="true" authentication-failure-url="/login.html?error=true" /> <security:intercept-url pattern="/login*" access="isAnonymous()" /> <security:intercept-url pattern="/**" access="hasRole('ROLE_USER')" /> </security:http> <security:authentication-manager> <security:authentication-provider> <security:jdbc-user-service data-source-ref="dataSource" users-by-username-query="select username, password, enabled from smartcaldb.users where username=?" authorities-by-username-query="select u.username, r.authority from smartcaldb.users u, smartcaldb.roles r where u.userid = r.userid and u.username =?" /> </security:authentication-provider> </security:authentication-manager>
spring-config.xml
<mvc:annotation-driven /> <context:component-scan base-package="com.smartcal.**" /> <!-- setup database connectivity bean --> <bean id="dataSource" class="org.apache.commons.dbcp2.BasicDataSource" destroy-method="close"> <property name="driverClassName" value="${jdbc.driverClassName}" /> <property name="url" value="${jdbc.url}" /> <property name="username" value="${jdbc.username}" /> <property name="password" value="${jdbc.password}" /> </bean> <context:property-placeholder location="/WEB-INF/jdbc.properties" /> <bean id="jdbcTemplate" class="org.springframework.jdbc.core.JdbcTemplate"> <constructor-arg ref="dataSource"/> </bean>
web.xml
<welcome-file-list> <welcome-file>index.html</welcome-file> </welcome-file-list> <context-param> <param-name>contextConfigLocation</param-name> <param-value> /WEB-INF/spring-config.xml /WEB-INF/spring-security.xml </param-value> </context-param> <listener> <listener-class>org.springframework.web.context.request.RequestContextListener</listener-class> </listener> <listener> <listener-class>org.springframework.web.context.ContextLoaderListener</listener-class> </listener> <servlet> <servlet-name>dispatcher</servlet-name> <servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class> <load-on-startup>1</load-on-startup> </servlet> <servlet-mapping> <servlet-name>dispatcher</servlet-name> <url-pattern>/login</url-pattern> <url-pattern>/</url-pattern> </servlet-mapping> <filter> <filter-name>springSecurityFilterChain</filter-name> <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class> <init-param> <param-name>contextAttribute</param-name> <param-value>org.springframework.web.context.WebApplicationContext.ROOT</param-value> </init-param> </filter> <filter-mapping> <filter-name>springSecurityFilterChain</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> <error-page> <error-code>403</error-code> <location>/403</location> </error-page>
login.html
<body> <form action="/smartcal/j_spring_security_check.action" method="POST"> <label for="username">User Name:</label> <input id="username" name="j_username" type="text" /> <label for="password">Password:</label> <input id="password" name="j_password" type="password" /> <input type="submit" value="Log In" /> </form> </body>
for logout use url - "/{yourAppPathInTheContainer}/j_spring_security_logout"
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With