Spring security使用自定义登录界面且显示登录异常信息的例子

eclipse中的工程结构：

1、配置Maven的pom文件：

  4.0.0
  SpringSecurity
  SpringSecurity
  war
  0.0.1-SNAPSHOT
  SpringSecurity Maven Webapp
  http://maven.apache.org
  
    
      junit
      junit
      3.8.1
      test
    
    
        org.springframework
        spring-webmvc
        4.2.3.RELEASE
    
    
        org.springframework.security
        spring-security-web
        4.1.0.RELEASE
    
    
        org.springframework.security
        spring-security-config
        4.1.0.RELEASE
    
    
        jstl
        jstl
        1.2
    
  
  
    SpringSecurity
  

2、使用注解的方式配置Spring Security：

package com.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		http.authorizeRequests().
		antMatchers("/secure/**").//匹配URL
                access("hasRole('ROLE_ADMIN')").//验证登录者角色
		and().formLogin().  //login configuration
                loginPage("/customLogin.jsp").
                failureUrl("/customLogin.jsp?failed=true"). //配置登录失败URL
                loginProcessingUrl("/appLogin").
                usernameParameter("app_username").
                passwordParameter("app_password").
                defaultSuccessUrl("/secure/home").	
		and().logout().    //logout configuration
		logoutUrl("/appLogout"). 
		logoutSuccessUrl("/customLogin.jsp");
	} 
	@Autowired
	public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
		auth.inMemoryAuthentication().withUser("ram").password("ram123").roles("ADMIN");
	}	
} 

3、使用注解配置SpringMVC

package com.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.view.InternalResourceViewResolver;
@Configuration
@ComponentScan("com")   //扫描文件夹内的类以生产beans
@Import(SecurityConfig.class) //引入Spring Security 配置类
@EnableWebMvc
public class AppConfig {
    @Bean  
    public InternalResourceViewResolver viewResolver() {  
	InternalResourceViewResolver resolver = new InternalResourceViewResolver();  
        resolver.setPrefix("/WEB-INF/secure/");  
        resolver.setSuffix(".jsp");
        return resolver;  
    }	
} 

4、创建自定义登录界面：

customLogin.jsp:

<%@ page language="java" contentType="text/html; charset=gbk" pageEncoding="gbk"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="true" %> 
<%@ page isELIgnored="false" %>

    
        
    
    
       
Spring 4 Security Example
        
        
           
login failed,try again!
           
		   		
		   
		
        
	

		Enter UserName:	


		Enter Password:  

			
		
					
	
    
   

home.jsp:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<%@ page isELIgnored="false" %>

    
        
    
    
          
Spring 4 Security Example
          Student Name:  ${stdName}
	  

	     
	     		
	  
    
 

output.jsp:

<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<%@ page isELIgnored="false" %>

    
        
    
    
          
Spring 4 Security Example
          Student Name:  ${stdName}
	  

	     
	     		
	  
    
 

student.jsp

<%@taglib uri="http://www.springframework.org/tags/form" prefix="form"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
<%@ page session="false" %>
<%@ page isELIgnored="false" %>



  
Spring 4 Security Example 
  
     

    
  

代码下载：https://github.com/angleBeibei/SpringSecurity

参考资料：http://www.concretepage.com/spring-4/spring-4-mvc-security-custom-login-form-and-logout-example-with-csrf-protection-using-annotation-and-xml-configuration