The login form
Basic authentication is good for our RESTful API, but we would rather have a login page carefully designed by our team to improve the web experience.
Spring Security allows us to define as many WebSecurityConfigurerAdapter classes as we need. We will split our SecurityConfiguration class into two parts:
ApiSecurityConfiguration: This will be configured first. This will secure the RESTful endpoints with basic authentication.WebSecurityConfiguration: This will then configure login form for the rest of our application.
You can remove or rename SecurityConfiguration and create ApiSecurityConfiguration instead:
@Configuration
@Order(1) public class ApiSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired public void configureAuth(AuthenticationManagerBuilder ...Get Spring MVC: Designing Real-World Web Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
