0

I have studied plenty tutorials and pages about Spring Boot Security. But none of them answered my questions. And here they are:

I´m building web app in Spring Boot. And I need to authenticate users via classic session (username, password). But as I know a lot of things are predefined in Spring Boot. And I want to change few things.

1) The only page which DO NOT NEED authentication is /. Here is also login form. Rest of pages MUST BE authenticated. So I do not want to use default URL /login. And what I have to write into form´s action?

2) I also need need unauthenticated routes for static resources. They are located: src/main/resource/static/css

3) Is there a way to edit logout? Like to add a code during logout action?

Can you show me how configure method of WebSecurityConfigurerAdapter should look like? I have already tried a lot of configurations, but they didnt work.

Thank you for your responses.

1 Answers1

0

I recommend you to have a look at this tutorial for a specific login and logout page.

With antmatchers you can also define that your static content is not secured.See here

For adding logic between spring defined processes like logout you should have a look at the spring filter pipelines especially the Logoutfiler. This was already discussed here

It would also be an easy way to set the logout url to a rest endpoint, execute the action you want an then redirect to the auth service. In my opion the filter way is the better solution and cleaner.

I hope this helps to get on track. cheers

FishingIsLife
  • 1,972
  • 3
  • 28
  • 51