1
1
.
.
3
3
.
.
2
2
A
A
u
u
t
t
o
o
m
m
a
a
t
t
i
i
c
c
-
-
L
L
o
o
g
g
i
i
n
n
F
F
o
o
r
r
m
m
-
-
C
C
u
u
s
s
t
t
o
o
m
m
I
I
n
n
f
f
o
o
[
[
G
G
]
]
This tutorial shows how to allow User to provide Username and Password through Custom Login Form.
Which HTML Page to use as Custom Login Form is defined in
SecurityConfig.java which must extend WebSecurityConfigurerAdapter and @Override configure() Method.
And since we are now providing our own Implementation we need to add additional configuration to allow access to
Endpoints httpSecurity.authorizeRequests().antMatchers("/Hello").hasRole("USER").
SecurityConfig.java
public class SecurityConfig extends WebSecurity ConfigurerAdapter {
@Override protected void configure(HttpSecurity httpSecurity) throws Exception {
httpSecurity.formLogin().loginPage("/MyLogin").loginProcessingUrl("/login");
...
Application Schema [Results]
Spring Boot Starters
GROUP
DEPENDENCY
DESCRIPTION
Web
Spring Web
Enables @RequestMapping and Tomcat
Security
Spring Security
Enables Spring Security
Template Engines
Thyemeleaf
Enables Controller to return reference to HTML Page MyLogin.html
MyLogin.html
http://localhost:8080/MyLogin
Tomcat
MyController
http://localhost:8080/Hello
hello()
myLogin()
SecurityConfig
P
P
r
r
o
o
c
c
e
e
d
d
u
u
r
r
e
e
Create Project: springboot_security_loginform_custom (add Spring Boot Starters from the table)
Edit File: application.properties (add Role, User, Password)
Create Package: controllers (inside main package)
Create Class: MyController.java (inside controllers package)
Create Package: config (inside main package)
Create Class: SecurityConfig.java (inside config package)
Create HTML File: MyLogin.html (inside directory resources/templates)
application.properties
# SECURITY
spring.security.user.name = myuser
spring.security.user.password = mypassword
spring.security.user.roles = USER
MyController.java
package com.ivoronline.springboot_security_loginform_custom.controllers;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ResponseBody;
@Controller
public class MyController {
@RequestMapping("/MyLogin")
public String myLogin() {
return "MyLogin";
}
@ResponseBody
@RequestMapping("/Hello")
public String hello() {
return "Hello from Controller";
}
}
SecurityConfig.java
package com.ivoronline.springboot_security_loginform_custom.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception {
//CUSTOM LOGIN FORM
httpSecurity.formLogin()
.loginPage("/MyLogin")
.loginProcessingUrl("/login");
//DISABLE CSRF
httpSecurity.csrf().disable();
//SPECIFY ACCESS TO ENDPOINTS
httpSecurity.authorizeRequests()
.antMatchers("/Hello").hasRole("USER");
}
}
MyLogin.html
<title> MY LOGIN </title>
<style type="text/css">
div { display:flex; flex-direction:column; align-items:center; border: solid 1pt; margin: 10pt 50pt;
background-color: aliceblue }
</style>
<div>
<h2> MY LOGIN </h2>
<form method="POST" action="/login">
<p> <input type="text" name="username" placeholder="username" /> </p>
<p> <input type="text" name="password" placeholder="password" /> </p>
<p> <input type="submit" name="addAuthor" value="Log In" style="width:100%" /> </p>
</form>
</div>
R
R
e
e
s
s
u
u
l
l
t
t
s
s
http://localhost:8080/Hello
You get redirected to http://localhost:8080/MyLogin
Username: myuser
Password: mypassword
Log in
You get redirected back to http://localhost:8080/Hello
http://localhost:8080/MyLogin
Redirects to http://localhost:8080/Hello
Application Structure