Package org.springframework.security.config.annotation.web.configurers

Class FormLoginConfigurer<H extends HttpSecurityBuilder<H>>

    • Method Detail

      • loginPage

        public FormLoginConfigurer<H> loginPage​(java.lang.String loginPage)

        Specifies the URL to send users to if login is required. If used with WebSecurityConfigurerAdapter a default login page will be generated when this attribute is not specified.

        If a URL is specified or this is not being used in conjunction with WebSecurityConfigurerAdapter, users are required to process the specified URL to generate a login page. In general, the login page should create a form that submits a request with the following requirements to work with UsernamePasswordAuthenticationFilter:

        Example login.jsp

        Login pages can be rendered with any technology you choose so long as the rules above are followed. Below is an example login.jsp that can be used as a quick start when using JSP's or as a baseline to translate into another view technology. 
         
 <c:url value="/login" var="loginProcessingUrl"/>
 <form action="${loginProcessingUrl}" method="post">
    <fieldset>
        <legend>Please Login</legend>
        <!-- use param.error assuming FormLoginConfigurer#failureUrl contains the query parameter error -->
        <c:if test="${param.error != null}">
            <div>
                Failed to login.
                <c:if test="${SPRING_SECURITY_LAST_EXCEPTION != null}">
                  Reason: <c:out value="${SPRING_SECURITY_LAST_EXCEPTION.message}" />
                </c:if>
            </div>
        </c:if>
        <!-- the configured LogoutConfigurer#logoutSuccessUrl is /login?logout and contains the query param logout -->
        <c:if test="${param.logout != null}">
            <div>
                You have been logged out.
            </div>
        </c:if>
        <p>
        <label for="username">Username</label>
        <input type="text" id="username" name="username"/>
        </p>
        <p>
        <label for="password">Password</label>
        <input type="password" id="password" name="password"/>
        </p>
        <!-- if using RememberMeConfigurer make sure remember-me matches RememberMeConfigurer#rememberMeParameter -->
        <p>
        <label for="remember-me">Remember Me?</label>
        <input type="checkbox" id="remember-me" name="remember-me"/>
        </p>
        <div>
            <button type="submit" class="btn">Log in</button>
        </div>
    </fieldset>
 </form>

        Impact on other defaults

        Updating this value, also impacts a number of other default values. For example, the following are the default values when only formLogin() was specified.
        • /login GET - the login form
        • /login POST - process the credentials and if valid authenticate the user
        • /login?error GET - redirect here for failed authentication attempts
        • /login?logout GET - redirect here after successfully logging out
        If "/authenticate" was passed to this method it update the defaults as shown below:
        • /authenticate GET - the login form
        • /authenticate POST - process the credentials and if valid authenticate the user
        • /authenticate?error GET - redirect here for failed authentication attempts
        • /authenticate?logout GET - redirect here after successfully logging out
        Overrides:
        loginPage in class AbstractAuthenticationFilterConfigurer<H extends HttpSecurityBuilder<H>,​FormLoginConfigurer<H extends HttpSecurityBuilder<H>>,​UsernamePasswordAuthenticationFilter>
        Parameters:
        loginPage - the login page to redirect to if authentication is required (i.e. "/login")
        Returns:
        the FormLoginConfigurer for additional customization

      • usernameParameter

        public FormLoginConfigurer<H> usernameParameter​(java.lang.String usernameParameter)
        The HTTP parameter to look for the username when performing authentication. Default is "username".
        Parameters:
        usernameParameter - the HTTP parameter to look for the username when performing authentication
        Returns:
        the FormLoginConfigurer for additional customization

      • passwordParameter

        public FormLoginConfigurer<H> passwordParameter​(java.lang.String passwordParameter)
        The HTTP parameter to look for the password when performing authentication. Default is "password".
        Parameters:
        passwordParameter - the HTTP parameter to look for the password when performing authentication
        Returns:
        the FormLoginConfigurer for additional customization

      • failureForwardUrl

        public FormLoginConfigurer<H> failureForwardUrl​(java.lang.String forwardUrl)
        Forward Authentication Failure Handler
        Parameters:
        forwardUrl - the target URL in case of failure
        Returns:
        the FormLoginConfigurer for additional customization

      • successForwardUrl

        public FormLoginConfigurer<H> successForwardUrl​(java.lang.String forwardUrl)
        Forward Authentication Success Handler
        Parameters:
        forwardUrl - the target URL in case of success
        Returns:
        the FormLoginConfigurer for additional customization