Spring Boot Security- How to change default login page
This guide will help you to change the default login page provided by the Spring Boot Security. To do that, you need to override the configure(HttpSecurity http)
method of WebSecurityConfigurerAdapter
class.
Similar Posts:
Default configure(HttpSecurity)
The default configuration for the configure(HttpSecurity http)
method is given below:
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.httpBasic();
}
The above configuration ensures that every request requires the user to be authenticated.
Configuring a custom login page
Override configure(HttpSecurity http)
method which instruct Spring Security to use your login page.
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll();
}
Technologies Used
Find the list of all tools/technologies used in this application.
- Spring Tool Suite 3
- JDK 8
- Maven 3
- Spring Boot 2.1.2.RELEASE
- Spring Boot Security 2.1.2.RELEASE
Dependencies Required
Add the following dependencies in your pom.xml.
<dependencies>
<!-- Spring boot security jar -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- Spring boot web jar -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- JSP compiler jar -->
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
</dependencies>
Project Structure
Final project structure of our application in STS ide will look like as follows.
Creating a login view
Create a login.jsp file inside webapp directory which replaces the Spring’s default login page.
<!DOCTYPE html>
<html>
<head>
<title>Spring Boot Security- Change default login page</title>
</head>
<body>
<h1>Spring Boot Security- Change default login page</h1>
<form action="login" method="post">
<table>
<tr style="color: red;">
<td></td>
<td>${SPRING_SECURITY_LAST_EXCEPTION.message}</td>
</tr>
<tr>
<td>User name:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>Password:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Login"></td>
</tr>
</table>
</form>
</body>
</html>
Note: Field name for the user name and password must be “username” and “password” respectively.
Configuring a login view controller
Create a LoginController
class which contains a view controller for /login.
package org.websparrow.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class LoginController {
@RequestMapping("/login")
public String login() {
return "login.jsp";
}
}
Overriding the default configure(HttpSecurity) method
Create a SecurityConfig
class which extends the WebSecurityConfigurerAdapter
class and override its configure(HttpSecurity http)
method.
package org.websparrow.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.csrf().disable()
.authorizeRequests().antMatchers("/login").permitAll()
.anyRequest().authenticated()
.and()
.formLogin().loginPage("/login").permitAll();
}
}
Now your custom login form has been set. It’s time to check whether Spring uses your login form instead of the default. Run your application and access any URL of your application, it will redirect to your custom login form.
Download Source Code: spring-boot-security-how-to-change-default-login-page.zip
References
Similar Posts
- Spring dependency check using @Required annotation example
- Spring 5 auto scanning using @Component annotation and XML configuration
- Spring Boot + Angular 8 CRUD Example
- Spring @RestController, @GetMapping, @PostMapping, @PutMapping, and @DeleteMapping Annotation Example
- Spring Data JPA Derived Query Methods Example