Spring Security is a powerful and customizable authentication and access control framework for Java applications. When implementing login and logout functionality, Spring Security provides a seamless way to manage users, roles, and sessions securely.
Setting Up Spring Security
Start by adding the Spring Security dependency to your pom.xml (Maven) or build.gradle (Gradle):
Maven
|
1 2 3 4 |
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> |
Gradle
|
1 |
implementation 'org.springframework.boot:spring-boot-starter-security' |
This will provide the necessary configurations for Spring Security.
Configuring Security Settings
You need to create a SecurityConfig class to customize the login and logout settings. Here’s how you can configure it:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 |
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/", "/login", "/register").permitAll() // Allow public access .anyRequest().authenticated() // Secure other URLs .and() .formLogin() .loginPage("/login") // Custom login page URL .loginProcessingUrl("/login") // URL to process login form .defaultSuccessUrl("/dashboard", true) // Redirect after successful login .and() .logout() .logoutUrl("/logout") // Logout URL .logoutSuccessUrl("/login?logout") // Redirect after logout .invalidateHttpSession(true) // Invalidate session on logout .clearAuthentication(true); // Clear authentication details } } |
Customizing the Login Page
Spring Security provides a default login page, but you can customize it by creating a login.html page in src/main/resources/templates. Here’s an example of a simple login form:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<!DOCTYPE html> <html> <head> <title>Login</title> </head> <body> <h2>Login</h2> <form action="/login" method="post"> <label for="username">Username: </label> <input type="text" id="username" name="username" required> <label for="password">Password: </label> <input type="password" id="password" name="password" required> <button type="submit">Login</button> </form> </body> </html> |
Handling Login and Logout
- Login: The
formLogin()configuration allows users to enter credentials, authenticate, and be redirected to a specified page upon success. - Logout: The
logout()configuration ensures that when users log out, the session is invalidated, authentication is cleared, and they are redirected to a specific page (like the login page).
Testing the Application
Once you’ve set up the security configuration and the login page, run your Spring Boot application. When you try to access any secured page (e.g., /dashboard), Spring Security will automatically redirect you to the login page. After successful login, you’ll be redirected to the dashboard page. On logout, users will be redirected to the login page.
