[Java / Spring Boot] Spring security ⑤ --Implementation of logout processing

In Spring, let's check the ID and password entered on the login screen with the DB, and easily create a function that prohibits access to a specific URL with user privileges ~ ♪ So far, we have implemented direct link prohibition, login function implementation, error message Japaneseization, password encryption, so we will also implement logout ^ ^

Logout process

SecurityConfig.java


//Partial excerpt, full text is for reference below

//Logout process
    http
         .logout()
         .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) //
         .logoutUrl("/logout") //Logout URL
         .logoutSuccessUrl("/login"); //URL after successful logout

Launch the app and log in from the login screen!

logout0.png logout.png

(Reference) Full code

SecurityConfig.java


package com.example.demo;

import javax.sql.DataSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

@EnableWebSecurity
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //Data source
    @Autowired
    private DataSource dataSource;

    @Bean
    public PasswordEncoder passwordEncoder() {
        return new BCryptPasswordEncoder();
    }

    //SQL statement to get user ID and password
    private static final String USER_SQL = "SELECT"
            + "    user_id,"
            + "    password,"
            + "    true"
            + " FROM"
            + "    m_user"
            + " WHERE"
            + "    user_id = ?";
//
//    //SQL statement to get the user's role
    private static final String ROLE_SQL = "SELECT"
            + "    user_id,"
            + "    role"
            + " FROM"
            + "    m_user"
            + " WHERE"
            + "    user_id = ?";

    @Override
    public void configure(WebSecurity web) throws Exception {

        //No security is applied to access to static resources
        web.ignoring().antMatchers("/webjars/∗∗", "/css/∗∗");
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        //Login-free page settings
        http
            .authorizeRequests()
                .antMatchers("/webjars/**").permitAll() //Permission to webjars
                .antMatchers("/css/**").permitAll() //Permission to css
                .antMatchers("/login").permitAll() //Direct link OK for login page
                .antMatchers("/signup").permitAll() //Direct link OK for user registration screen
//                .antMatchers("/admin").hasAuthority("ROLE_ADMIN") //Allow admin users
                .anyRequest().authenticated(); //Other than that, direct link is prohibited

        //Login process
        http
            .formLogin()
                .loginProcessingUrl("/login") //Login process path
                .loginPage("/login") //Specify login page
                .failureUrl("/login") //Transition destination when login fails
                .usernameParameter("userId") //Login page user ID
                .passwordParameter("password") //Login page password
                .defaultSuccessUrl("/home", true); //Transition destination after successful login

        //Logout process
        http
                .logout()
                .logoutRequestMatcher(new AntPathRequestMatcher("/logout")) //
                .logoutUrl("/logout") //Logout URL
                .logoutSuccessUrl("/login"); //URL after successful logout

        //Disable CSRF measures (temporary)
        http.csrf().disable();
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        //Get user information at the time of login process from DB
        auth.jdbcAuthentication()
                .dataSource(dataSource)
                .usersByUsernameQuery(USER_SQL)
                .authoritiesByUsernameQuery(ROLE_SQL)
                .passwordEncoder(passwordEncoder());
    }
}

Recommended Posts

[Java / Spring Boot] Spring security ⑤ --Implementation of logout processing
[Java / Spring Boot] Spring security ④ --Implementation of login process
[FCM] Implementation of message transmission using FCM + Spring boot
[JQuery] Implementation procedure of AutoComplete function [Java / Spring]
Implementation example of simple LISP processing system (Java version)
[Java] Implementation of Faistel Network
CICS-Run Java application-(4) Spring Boot application
[Java] Timer processing implementation method
Implementation of gzip in java
Try using Spring Boot Security
[Java] [Spring] Spring Boot 1.4-> 1.2 Downgrade Note
Implementation of tri-tree in Java
Summary of java error processing
Minimal customization of Spring Boot error page (implementation of ErrorController interface)
Spring Boot + Java + GitHub authentication login
Memorandum of understanding when Spring Boot 1.5.10 → Spring Boot 2.0.0
Spring Boot Tutorial Using Spring Security Authentication
Elastic Beanstalk (Java) + Spring Boot + https
Java --Jersey Framework vs Spring Boot
Going out of message (Spring boot)
Learn Spring Security authentication processing architecture
[Spring Boot] Role of each class
[Java] LINE integration with Spring Boot
Basic processing flow of java Stream
Implementation of like function in Java
Implementation of clone method for Java Record
Processing at application startup with Spring Boot
Implementation of DBlayer in Java (RDB, MySQL)
[Java] [Spring] Spring Boot Dependency injection mysterious hamarineta
[Processing x Java] Construction of development environment
How to read Body of Request multiple times with Spring Boot + Spring Security
After 3 months of Java and Spring training
Implementation of multi-tenant asynchronous processing in Tomcat
Create Java Spring Boot project in IntelliJ
Spring Boot @WebMvcTest test enables Spring Security default security
WebMvcConfigurer Memorandum of Understanding for Spring Boot 2.0 (Spring 5)
[Java] Note how to use RecyclerView and implementation of animated swipe processing.
Spring Java
Features of spring framework for java developers
Asynchronous processing with Spring Boot using @Async
[Java] [Spring] Test the behavior of the logger
Login function implementation by Spring Security (securityConfig)
Achieve BASIC authentication with Spring Boot + Spring Security
Asynchronous processing with regular execution in Spring Boot
Summary of what I learned about Spring Boot
Hash passwords with Spring Boot + Spring Security (with salt, with stretching)
Do you need a memory-aware implementation of Java?
The story of raising Spring Boot 1.5 series to 2.1 series
Let's check the feel of Spring Boot + Swagger 2.0
Various correspondence table of Spring Framework and Spring Boot
When @Transactional of Spring Boot does not work
Java tips-Create a Spring Boot project in Gradle
[Note] Java: Speed of List processing by purpose
[Rails] Implementation of batch processing using whenever (gem)
[Java] Hello World with Java 14 x Spring Boot 2.3 x JUnit 5 ~
[Java] Article to add validation with Spring Boot 2.3.1.
LINE Bot x Java (Spring Boot) construction procedure
[Introduction to Spring Boot] Authentication function with Spring Security
[Verification] Comparison of Spring Boot vs Micronaut boot speed
Create Spring Cloud Config Server with security with Spring Boot 2.0
Java thread processing