Spring Boot Security- How to change default login page

By Atul Rai | Last Updated: February 10, 2019

This guide will help you to change the default login page provided by the Spring Boot Security. To do that, you need to override the configure(HttpSecurity http) method of WebSecurityConfigurerAdapter class.

Similar Posts:

Default configure(HttpSecurity)

The default configuration for the configure(HttpSecurity http) method is given below:

protected void configure(HttpSecurity http) throws Exception {
    http
        .authorizeRequests()
            .anyRequest().authenticated() 
            .and()
        .formLogin()                      
            .and()
        .httpBasic();                     
}

The above configuration ensures that every request requires the user to be authenticated.

Configuring a custom login page

Override  configure(HttpSecurity http) method which instruct Spring Security to use your login page.

@Override
protected void configure(HttpSecurity http) throws Exception {
	http
		.csrf().disable()
		.authorizeRequests().antMatchers("/login").permitAll()
		.anyRequest().authenticated()
		.and()
		.formLogin().loginPage("/login").permitAll();
}

Technologies Used

Find the list of all tools/technologies used in this application.

  1. Spring Tool Suite 3
  2. JDK 8
  3. Maven 3
  4. Spring Boot 2.1.2.RELEASE
  5. Spring Boot Security 2.1.2.RELEASE

Dependencies Required

Add the following dependencies in your pom.xml.

<dependencies>
	<!-- Spring boot security jar -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-security</artifactId>
	</dependency>
	<!-- Spring boot web jar -->
	<dependency>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-web</artifactId>
	</dependency>
	<!-- JSP compiler jar -->
	<dependency>
		<groupId>org.apache.tomcat.embed</groupId>
		<artifactId>tomcat-embed-jasper</artifactId>
		<scope>provided</scope>
	</dependency>
</dependencies>

Project Structure

Final project structure of our application in STS ide will look like as follows.

Spring Boot Security- How to change default login page

Creating a login view

Create a login.jsp file inside webapp directory which replaces the Spring’s default login page.

login.jsp
<!DOCTYPE html>
<html>
<head>
<title>Spring Boot Security- Change default login page</title>
</head>
<body>
	<h1>Spring Boot Security- Change default login page</h1>

	<form action="login" method="post">
		<table>
			<tr style="color: red;">
				<td></td>
				<td>${SPRING_SECURITY_LAST_EXCEPTION.message}</td>
			</tr>
			<tr>
				<td>User name:</td>
				<td><input type="text" name="username"></td>
			</tr>
			<tr>
				<td>Password:</td>
				<td><input type="password" name="password"></td>
			</tr>
			<tr>
				<td></td>
				<td><input type="submit" value="Login"></td>
			</tr>
		</table>
	</form>
</body>
</html>

Note: Field name for the user name and password must be “username” and “password” respectively.

Configuring a login view controller

Create a LoginController class which contains a view controller for /login.

LoginController.java
package org.websparrow.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class LoginController {

	@RequestMapping("/login")
	public String login() {
		return "login.jsp";
	}
}

Overriding the default configure(HttpSecurity) method

Create a SecurityConfig class which extends the WebSecurityConfigurerAdapter class and override its configure(HttpSecurity http) method.

SecurityConfig.java
package org.websparrow.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http
			.csrf().disable()
			.authorizeRequests().antMatchers("/login").permitAll()
			.anyRequest().authenticated()
			.and()
			.formLogin().loginPage("/login").permitAll();
	}
}

Now your custom login form has been set. It’s time to check whether Spring uses your login form instead of the default. Run your application and access any URL of your application, it will redirect to your custom login form.

Spring Boot Security- How to change default login page

References

  1. Creating a Custom Login Form
  2. Hello Spring MVC Security Java Config

Similar Posts

About the Author

Atul Rai
I love sharing my experiments and ideas with everyone by writing articles on the latest technological trends. Read all published posts by Atul Rai.