public final class FormLoginConfigurer<H extends HttpSecurityBuilder<H>> extends AbstractAuthenticationFilterConfigurer<H,FormLoginConfigurer<H>,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter>
loginPage(String) is specified, a default login
page will be generated by the framework.
UsernamePasswordAuthenticationFilterAuthenticationEntryPointAuthenticationManagerRememberMeServices - is optionally used. See RememberMeConfigurer
SessionAuthenticationStrategy - is optionally used. See
SessionManagementConfigurerDefaultLoginPageGeneratingFilter - if present will be populated with
information from the configuration| Constructor and Description |
|---|
FormLoginConfigurer()
Creates a new instance
|
| Modifier and Type | Method and Description |
|---|---|
protected org.springframework.security.web.util.matcher.RequestMatcher |
createLoginProcessingUrlMatcher(String loginProcessingUrl)
Create the
RequestMatcher given a loginProcessingUrl |
B |
disable()
Disables the
AbstractHttpConfigurer by removing it. |
FormLoginConfigurer<H> |
failureForwardUrl(String forwardUrl)
Forward Authentication Failure Handler
|
void |
init(H http)
Initialize the
SecurityBuilder. |
FormLoginConfigurer<H> |
loginPage(String loginPage)
Specifies the URL to send users to if login is required.
|
FormLoginConfigurer<H> |
passwordParameter(String passwordParameter)
The HTTP parameter to look for the password when performing authentication.
|
FormLoginConfigurer<H> |
successForwardUrl(String forwardUrl)
Forward Authentication Success Handler
|
FormLoginConfigurer<H> |
usernameParameter(String usernameParameter)
The HTTP parameter to look for the username when performing authentication.
|
T |
withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor) |
authenticationDetailsSource, configure, defaultSuccessUrl, defaultSuccessUrl, failureHandler, failureUrl, getAuthenticationFilter, getFailureUrl, getLoginPage, getLoginProcessingUrl, isCustomLoginPage, loginProcessingUrl, permitAll, permitAll, successHandleraddObjectPostProcessor, and, getBuilder, postProcess, setBuilderpublic FormLoginConfigurer()
HttpSecurity.formLogin()public FormLoginConfigurer<H> loginPage(String loginPage)
Specifies the URL to send users to if login is required. If used with
WebSecurityConfigurerAdapter a default login page will be generated when
this attribute is not specified.
If a URL is specified or this is not being used in conjuction with
WebSecurityConfigurerAdapter, users are required to process the specified
URL to generate a login page. In general, the login page should create a form that
submits a request with the following requirements to work with
UsernamePasswordAuthenticationFilter:
AbstractAuthenticationFilterConfigurer.loginProcessingUrl(String)usernameParameter(String)passwordParameter(String)
<c:url value="/login" var="loginProcessingUrl"/>
<form action="${loginProcessingUrl}" method="post">
<fieldset>
<legend>Please Login</legend>
<!-- use param.error assuming FormLoginConfigurer#failureUrl contains the query parameter error -->
<c:if test="${param.error != null}">
<div>
Failed to login.
<c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
</c:if>
</div>
</c:if>
<!-- the configured LogoutConfigurer#logoutSuccessUrl is /login?logout and contains the query param logout -->
<c:if test="${param.logout != null}">
<div>
You have been logged out.
</div>
</c:if>
<p>
<label for="username">Username</label>
<input type="text" id="username" name="username"/>
</p>
<p>
<label for="password">Password</label>
<input type="password" id="password" name="password"/>
</p>
<!-- if using RememberMeConfigurer make sure remember-me matches RememberMeConfigurer#rememberMeParameter -->
<p>
<label for="remember-me">Remember Me?</label>
<input type="checkbox" id="remember-me" name="remember-me"/>
</p>
<div>
<button type="submit" class="btn">Log in</button>
</div>
</fieldset>
</form>
loginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter>loginPage - the login page to redirect to if authentication is required (i.e.
"/login")FormLoginConfigurer for additional customizationpublic FormLoginConfigurer<H> usernameParameter(String usernameParameter)
usernameParameter - the HTTP parameter to look for the username when
performing authenticationFormLoginConfigurer for additional customizationpublic FormLoginConfigurer<H> passwordParameter(String passwordParameter)
passwordParameter - the HTTP parameter to look for the password when
performing authenticationFormLoginConfigurer for additional customizationpublic FormLoginConfigurer<H> failureForwardUrl(String forwardUrl)
forwardUrl - the target URL in case of failureFormLoginConfigurer for additional customizationpublic FormLoginConfigurer<H> successForwardUrl(String forwardUrl)
forwardUrl - the target URL in case of successFormLoginConfigurer for additional customizationpublic void init(H http) throws Exception
SecurityConfigurerSecurityBuilder. Here only shared state should be created
and modified, but not properties on the SecurityBuilder used for building
the object. This ensures that the SecurityConfigurer.configure(SecurityBuilder) method uses
the correct shared objects when building.init in interface SecurityConfigurer<org.springframework.security.web.DefaultSecurityFilterChain,H extends HttpSecurityBuilder<H>>init in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter>Exceptionprotected org.springframework.security.web.util.matcher.RequestMatcher createLoginProcessingUrlMatcher(String loginProcessingUrl)
AbstractAuthenticationFilterConfigurerRequestMatcher given a loginProcessingUrlcreateLoginProcessingUrlMatcher in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter>loginProcessingUrl - creates the RequestMatcher based upon the
loginProcessingUrlRequestMatcher to use based upon the loginProcessingUrlpublic B disable()
AbstractHttpConfigurer by removing it. After doing so a fresh
version of the configuration can be applied.HttpSecurityBuilder for additional customizationspublic T withObjectPostProcessor(ObjectPostProcessor<?> objectPostProcessor)