These notes should point you at the relevant parts to construct your own template solution. I've left initializr refs at the bottom to assist you.
- Provided as an illustrative example of out of the box spring-security login/out controllers and templates for a colleague doing a spring sec course.
- Demonstrate out of the box login/logout templates
- You will want to customise these templates as your examples get more involved and involve OAuth2 + OIDC
- Note that in this case we do not create controllers or templates for /login or /logout. This allows you to focus on the SpringSecurityConfig class in an early part of your course.
I've not customised cache-controls headers, so your browser state might show stale content if you change responses or out of the box redirects.
mvn spring-boot:run
Login creds (but keep reading this doc first) {User: 'user', Password: 'insecure'}
Note that I've just used a flat package structure here to illustrate things for you. I'd recommend mapping controllers and services to more meaningful packages.
-
pom.xml - templates provided by:
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> -
com.example.demo.SpringSecurityConfig
.authorizeRequests() .anyRequest().authenticated() .antMatchers("/public**").permitAll()OUT of the BOX templates and controllers bootstrapped by:
.and() .formLogin() .and() .logout(); -
com.example.demo.DemoController
Note that these are just dumb GetMappings returning a response body.
(you'll see this without logging in.) Don't stick in a trailing slash, etc
These are provided out of the box by virtue of the spring-security and the formLogin and logout configuration.
You'll need to be logged in to see this.
For further reference, please consider the following sections:
The following guides illustrate how to use some features concretely: