Spring security authentication (using login form)

This example illustrates spring authentication by using login form.

Directory Structure

hello.html

<!DOCTYPE html>
<html>
    <head>
        <title>Hello World!</title>
    </head>
    <body>
        <h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
        <form th:action="@{/logout}" method="post">
            <input type="submit" value="Sign Out"/>
        </form>
    </body>
</html>

home.html

<!DOCTYPE html>
<html>
<head>
<title>Spring Security Example</title>
</head>
<body>
	<h1>Welcome!</h1>

	<p>
		Click <a th:href="@{/hello}">here</a> to see a greeting.
	</p>
</body>
</html>

login.html

<!DOCTYPE html>
<html>
    <head>
        <title>Spring Security Example | login </title>
    </head>
    <body>
        <div th:if="${param.error}">
            Invalid username and password
        </div>
        <div th:if="${param.logout}">
            You have been logged out.
        </div>
        <form th:action="@{/login}" method="post">
            <div><label> User Name : <input type="text" name="username"/> </label></div>
            <div><label> Password: <input type="password" name="password"/> </label></div>
            <div><input type="submit" value="Sign In"/></div>
        </form>
    </body>
</html>

WebSecurityConfig.java

package com.example.demo;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
	
	protected void configure(HttpSecurity http) throws Exception {
		http
			.authorizeRequests()
			.antMatchers("/", "/home").permitAll() // Permit requests to /home to anybody
			.anyRequest().authenticated()
			.and().formLogin().loginPage("/login").permitAll() // login form is /login and the login page is open to all 
			.and().logout().permitAll(); // logout permit to all
	}
		
    @Bean
    @Override
    public UserDetailsService userDetailsService() {
    	
    	// Adding a dummy user
        UserDetails user =
             User.withDefaultPasswordEncoder()
                .username("user") // username is user
                .password("1234") // password is 1234
                .roles("USER") // 
                .build();

        return new InMemoryUserDetailsManager(user);
    }	
}

DefaultController .java

package com.example.demo;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class DefaultController {

	@GetMapping("/")
	public String home1() {
		return "home";
	}

	@GetMapping("/hello")
	public String hello() {
		return "hello";
	}

	@GetMapping("/login")
	public String login() {
		return "login";
	}

}

DefaultController .java (main application file)

package com.example.demo;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringSecurityApplication {

	public static void main(String[] args) {
		SpringApplication.run(SpringSecurityApplication.class, args);
	}
}

Output