{"id":3983,"date":"2020-10-04T08:13:33","date_gmt":"2020-10-04T08:13:33","guid":{"rendered":"https:\/\/codethataint.com\/blog\/?p=3983"},"modified":"2020-10-04T08:30:18","modified_gmt":"2020-10-04T08:30:18","slug":"using-custom-login-form-for-login-and-logout","status":"publish","type":"post","link":"https:\/\/codethataint.com\/blog\/using-custom-login-form-for-login-and-logout\/","title":{"rendered":"FormBased Authentication"},"content":{"rendered":"

\"\"
\nNote:The example is for CSRF disabled<\/strong><\/p>\n

    \n
  1. From the above diagram you can see JSESSIONID and HttpStatus.OK is send is response once the credentials are authenticated<\/li>\n
  2. JSESSIONID would be used for Subsequent request<\/li>\n
  3. In the below code we define URL for login and logout.\n
    \r\n.formLogin()\r\n.loginPage(\"\/login\").permitAll().usernameParameter(\"username\").passwordParameter(\"password\")\r\n.defaultSuccessUrl(\"\/test\", true)\r\n.and()\r\n.rememberMe()\r\n.and()\r\n.logout().logoutUrl(\"\/logout\").clearAuthentication(true).invalidateHttpSession(true).deleteCookies(\"JSESSIONID\", \"remember-me\")\r\n.logoutSuccessUrl(\"\/login\")\t\t\t\r\n<\/pre>\n<\/li>\n
  4. usernameParameter and passwordParameter is the name of the input form element as given in html<\/li>\n
  5. defaultSuccessUrl tells the default page after authentication<\/li>\n
  6. rememberMe allows the User to remember the session in server. The default JSESSIONID time is 30 minutes of inactivity. remember-me session would be active for 2 weeks and allows user to access page for 2 weeks<\/li>\n
  7. logout is similar to login with following\n
    \r\n.logout().logoutUrl(\"\/logout\")\r\n.clearAuthentication(true)\r\n.invalidateHttpSession(true)\r\n.deleteCookies(\"JSESSIONID\", \"remember-me\")\r\n.logoutSuccessUrl(\"\/login\")\t\t\t\r\n<\/pre>\n<\/li>\n<\/ol>\n
    \"\"<\/p>\n
    JSESSIONID and remember-me as seen in cookie in response after login button clicked<\/strong>
    \n\"\"<\/p>\n
    \"\"<\/p>\n
    JSESSIONID and remember-me cookie deleted in response after logout button clicked<\/strong>
    \n\"\"<\/p>\n
    login.html<\/strong><\/p>\n
    \r\n<body>\r\n<div class="container">\r\n    <form class="form-signin" method="post" action="\/login">\r\n        <table cellpadding="3" cellspacing="3" border="1px solid black" style="border-collapse: collapse">\r\n            <tr>\r\n                <td><label for="username" class="sr-only">Username<\/label><\/td>\r\n                <td><input type="text" id="username" name="username" class="form-control" placeholder="Username" required=""\r\n                           autofocus=""><\/td>\r\n            <\/tr>\r\n            <tr>\r\n                <td><label for="password" class="sr-only">Password<\/label><\/td>\r\n                <td><input type="password" id="password" name="password" class="form-control" placeholder="Password"\r\n                           required=""><\/td>\r\n            <\/tr>\r\n            <tr>\r\n                <td><label for="remember-me" class="sr-only">Remember Me?<\/label><\/td>\r\n                <td><input type="checkbox" id="remember-me" name="remember-me" class="form-control"><\/td>\r\n            <\/tr>\r\n            <tr>\r\n                <td colspan="2" align="center"><button class="btn btn-lg btn-primary btn-block" type="submit">Login<\/button><\/td>\r\n            <\/tr>\r\n        <\/table>\r\n    <\/form>\r\n<\/div>\r\n<\/body>\r\n<\/pre>\n
    test.html<\/strong><\/p>\n
    \r\nYou have been Logged In\r\n\r\n<form class="form-signin" method="get" action="\/logout">\r\n    <button class="btn btn-lg btn-primary btn-block" type="submit">Logout<\/button>\r\n<\/form>\r\n<\/pre>\n
    \r\n@Override\r\nprotected void configure(HttpSecurity httpSecurity) throws Exception{\r\n\thttpSecurity\r\n\t\t\t\t.csrf().disable()\r\n\t\t\t\t.authorizeRequests()\r\n\t\t\t\t.antMatchers("\/", "index", "\/css\/*", "\/js\/*").permitAll()\r\n\t\t\t\t.antMatchers("\/api\/**").hasRole("ADMIN")\r\n\t\t\t\t.anyRequest()\r\n\t\t\t\t.authenticated()\r\n\t\t\t\t.and()\r\n\t\t\t\t.formLogin()\r\n\t\t\t\t.loginPage("\/login").permitAll().usernameParameter("username").passwordParameter("password")\r\n\t\t\t\t.defaultSuccessUrl("\/test", true)\r\n\t\t\t\t.and()\r\n\t\t\t\t.rememberMe()\r\n\t\t\t\t.and()\r\n\t\t\t\t.logout().logoutUrl("\/logout").clearAuthentication(true).invalidateHttpSession(true).deleteCookies("JSESSIONID", "remember-me")\r\n\t\t\t\t.logoutSuccessUrl("\/login");\r\n}\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"
    Note:The example is for CSRF disabled From the above diagram you can see JSESSIONID and HttpStatus.OK is send is response once the credentials are authenticated JSESSIONID would be used for Subsequent request In the below code we define URL for login and logout. .formLogin() .loginPage(“\/login”).permitAll().usernameParameter(“username”).passwordParameter(“password”) .defaultSuccessUrl(“\/test”, true) .and() .rememberMe() .and() .logout().logoutUrl(“\/logout”).clearAuthentication(true).invalidateHttpSession(true).deleteCookies(“JSESSIONID”, “remember-me”) .logoutSuccessUrl(“\/login”) usernameParameter and… Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3983","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts\/3983","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/comments?post=3983"}],"version-history":[{"count":5,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts\/3983\/revisions"}],"predecessor-version":[{"id":3995,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/posts\/3983\/revisions\/3995"}],"wp:attachment":[{"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/media?parent=3983"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/categories?post=3983"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/codethataint.com\/blog\/wp-json\/wp\/v2\/tags?post=3983"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}