ok is security

36177186 · 杨伊博 · 9ded52d3 · 36177186 · 36177186 · 36177186
Commit 36177186 authored Jan 20, 2017 by 杨伊博
22 changed files
--- a/springboot-SpringSecurity/pom.xml
+++ b/springboot-SpringSecurity/pom.xml
@@ -4,8 +4,8 @@
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
-    <groupId>com.us.Example</groupId>
+    <groupId>com.us</groupId>
-    <artifactId>springSecurity</artifactId>
+    <artifactId>springboot-security</artifactId>
    <version>1.0-SNAPSHOT</version>
    <parent>
@@ -16,40 +16,65 @@
    <properties>
        <start-class>com.us.Application</start-class>
        <maven.compiler.target>1.8</maven.compiler.target>
        <maven.compiler.source>1.8</maven.compiler.source>
+        <mybatis.version>3.2.7</mybatis.version>
+        <mybatis-spring.version>1.2.2</mybatis-spring.version>
    </properties>
    <dependencies>
+        <!--springboot-->
-        <!-- 核心模块，包括自动配置支持、日志和YAML -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter</artifactId>
+            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
-        <!-- 测试模块，包括JUnit、Hamcrest、Mockito -->
        <dependency>
            <groupId>org.springframework.boot</groupId>
-            <artifactId>spring-boot-starter-test</artifactId>
+            <artifactId>spring-boot-starter-thymeleaf</artifactId>
-            <scope>test</scope>
        </dependency>
-        <!-- 引入Web模块 -->
        <dependency>
-            <groupId>org.springframework.boot</groupId>
+            <groupId>org.thymeleaf.extras</groupId>
-            <artifactId>spring-boot-starter-web</artifactId>
+            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
+        </dependency>
+        <!--db-->
+        <dependency>
+            <groupId>mysql</groupId>
+            <artifactId>mysql-connector-java</artifactId>
+            <version>6.0.5</version>
+        </dependency>
+        <dependency>
+            <groupId>com.mchange</groupId>
+            <artifactId>c3p0</artifactId>
+            <version>0.9.5.2</version>
+            <exclusions>
+                <exclusion>
+                    <groupId>commons-logging</groupId>
+                    <artifactId>commons-logging</artifactId>
+                </exclusion>
+            </exclusions>
        </dependency>
-        <!-- SpringSecurity依赖 -->
+        <!--mybatis-->
        <dependency>
-            <groupId>org.springframework.boot</groupId>
+            <groupId>org.springframework</groupId>
-            <artifactId>spring-boot-starter-security</artifactId>
+            <artifactId>spring-jdbc</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis</artifactId>
+            <version>${mybatis.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.mybatis</groupId>
+            <artifactId>mybatis-spring</artifactId>
+            <version>${mybatis-spring.version}</version>
        </dependency>
    </dependencies>
 </project>
\ No newline at end of file
--- a/springboot-SpringSecurity/src/main/java/com/us/example/Application.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/Application.java
 package com.us.example;
-/**
- * Created by yangyibo on 16/12/27.
- */
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.context.annotation.ComponentScan;
+import static org.springframework.boot.SpringApplication.run;
-import static org.springframework.boot.SpringApplication.*;
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+@ComponentScan(basePackages ="com.us.example")
 @SpringBootApplication
 public class Application {
    public static void main(String[] args) {
        ConfigurableApplicationContext run = run(Application.class, args);
    }
-}
\ No newline at end of file
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/DBconfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/DBconfig.java
+package com.us.example.config;
+import java.beans.PropertyVetoException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.core.env.Environment;
+import com.mchange.v2.c3p0.ComboPooledDataSource;
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Configuration
+public class DBconfig {
+    @Autowired
+    private Environment env;
+    @Bean(name="dataSource")
+    public ComboPooledDataSource dataSource() throws PropertyVetoException {
+        ComboPooledDataSource dataSource = new ComboPooledDataSource();
+        dataSource.setDriverClass(env.getProperty("ms.db.driverClassName"));
+        dataSource.setJdbcUrl(env.getProperty("ms.db.url"));
+        dataSource.setUser(env.getProperty("ms.db.username"));
+        dataSource.setPassword(env.getProperty("ms.db.password"));
+        dataSource.setMaxPoolSize(20);
+        dataSource.setMinPoolSize(5);
+        dataSource.setInitialPoolSize(10);
+        dataSource.setMaxIdleTime(300);
+        dataSource.setAcquireIncrement(5);
+        dataSource.setIdleConnectionTestPeriod(60);
+        return dataSource;
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/MyBatisConfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/MyBatisConfig.java
+package com.us.example.config;
+import org.mybatis.spring.SqlSessionFactoryBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import javax.sql.DataSource;
+@Configuration
+@ComponentScan
+public class MyBatisConfig {
+    @Autowired
+    private DataSource dataSource;
+    @Bean(name = "sqlSessionFactory")
+    public SqlSessionFactoryBean sqlSessionFactory(ApplicationContext applicationContext) throws Exception {
+        SqlSessionFactoryBean sessionFactory = new SqlSessionFactoryBean();
+        sessionFactory.setDataSource(dataSource);
+        // sessionFactory.setPlugins(new Interceptor[]{new PageInterceptor()});
+        sessionFactory.setMapperLocations(applicationContext.getResources("classpath*:mapper/*.xml"));
+        return sessionFactory;
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/MyBatisRepository.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/MyBatisRepository.java
+package com.us.example.config;
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+//@Retention: 定义注解的保留策略，注释类型的注释要保留
+@Retention(RetentionPolicy.RUNTIME)
+//@Target说明了Annotation所修饰的对象范围：Annotation可被用于 packages、types（类、接口、枚举、Annotation类型）、类型成员（方法、构造方法、成员变量、枚举值）、方法参数和本地变量（如循环变量、catch参数）。在Annotation类型的声明中使用了target可更加明晰其修饰的目标。
+//作用：用于描述注解的使用范围（即：被描述的注解可以用在什么地方）
+//取值(ElementType)有：
+//CONSTRUCTOR:用于描述构造器
+//2.FIELD:用于描述域
+//3.LOCAL_VARIABLE:用于描述局部变量
+//4.METHOD:用于描述方法
+//5.PACKAGE:用于描述包
+//6.PARAMETER:用于描述参数
+//7.TYPE:用于描述类、接口(包括注解类型) 或enum声明
+@Target(ElementType.TYPE)
+public @interface MyBatisRepository {
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/MyBatisScannerConfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/MyBatisScannerConfig.java
+package com.us.example.config;
+import org.mybatis.spring.mapper.MapperScannerConfigurer;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+@Configuration
+public class MyBatisScannerConfig {
+    @Bean
+    public MapperScannerConfigurer MapperScannerConfigurer() {
+        MapperScannerConfigurer mapperScannerConfigurer = new MapperScannerConfigurer();
+        mapperScannerConfigurer.setBasePackage("com.us.example.dao");
+        mapperScannerConfigurer.setAnnotationClass(MyBatisRepository.class);
+        mapperScannerConfigurer.setSqlSessionFactoryBeanName("sqlSessionFactory");
+        return mapperScannerConfigurer;
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/SecurityConfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/SecurityConfig.java
-package com.us.example.config;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-/**
- * Created by yangyibo on 16/12/27.
- */
-    @Configuration          // 配置文件
-    @EnableWebSecurity      // 开启Security
-    @EnableGlobalMethodSecurity(prePostEnabled = true)  //AOP
-    public class SecurityConfig extends WebSecurityConfigurerAdapter {
-        @Override
-        protected void configure(HttpSecurity http) throws Exception {
-            //路由策略和访问权限的简单配置
-            http
-                    .formLogin()                        //启用默认登陆页面
-                    .failureUrl("/login/error")         //登陆失败返回URL:/login?error
-                    .defaultSuccessUrl("/home")         //登陆成功跳转URL
-                    .permitAll();                       //登陆页面全部权限可访问
-            super.configure(http);
-        }
-//
-//    /**
-//     * 配置内存用户
-//     */
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        auth
-            .inMemoryAuthentication()
-            .withUser("abel").password("123").roles("USER");
-    }
-    }
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/TransactionConfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/TransactionConfig.java
+package com.us.example.config;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.jdbc.datasource.DataSourceTransactionManager;
+import org.springframework.transaction.PlatformTransactionManager;
+import org.springframework.transaction.annotation.TransactionManagementConfigurer;
+import javax.sql.DataSource;
+@Configuration
+@ComponentScan
+public class TransactionConfig implements TransactionManagementConfigurer{
+    @Autowired
+    private DataSource dataSource;
+    @Bean(name = "transactionManager")
+    @Override
+    public PlatformTransactionManager annotationDrivenTransactionManager() {
+        return new DataSourceTransactionManager(dataSource);
+    }
+}
\ No newline at end of file
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/WebMvcConfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/WebMvcConfig.java
+package com.us.example.config;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Configuration
+public class WebMvcConfig extends WebMvcConfigurerAdapter{
+    @Override
+    public void addViewControllers(ViewControllerRegistry registry) {
+        registry.addViewController("/login").setViewName("login");
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/config/WebSecurityConfig.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/config/WebSecurityConfig.java
+package com.us.example.config;
+import com.us.example.security.CustomUserService;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
+import org.springframework.security.core.userdetails.UserDetailsService;
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Configuration
+public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+    @Bean
+    UserDetailsService customUserService(){ //注册UserDetailsService 的bean
+        return new CustomUserService();
+    }
+    @Override
+    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
+        auth.userDetailsService(customUserService()); //user Details Service验证
+    }
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        http.authorizeRequests()
+                .anyRequest().authenticated() //任何请求,登录后可以访问
+                .and()
+                .formLogin()
+                .loginPage("/login")
+                .failureUrl("/login?error")
+                .permitAll() //登录页面用户任意访问
+                .and()
+                .logout().permitAll(); //注销行为任意访问
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/controller/HomeController.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/controller/HomeController.java
+package com.us.example.controller;
+import com.us.example.domain.Msg;
+import org.springframework.stereotype.Controller;
+import org.springframework.ui.Model;
+import org.springframework.web.bind.annotation.RequestMapping;
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Controller
+public class HomeController {
+    @RequestMapping("/")
+    public String index(Model model){
+        Msg msg =  new Msg("测试标题","测试内容","额外信息，只对管理员显示");
+        model.addAttribute("msg", msg);
+        return "home";
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/controller/helloController.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/controller/helloController.java
-package com.us.example.controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.ResponseBody;
-import org.springframework.web.bind.annotation.RestController;
-import javax.servlet.http.HttpServletRequest;
-import javax.websocket.server.PathParam;
-/**
- * Created by yangyibo on 16/12/27.
- */
-@RestController
-public class helloController {
-    // 访问 http://localhost:8080/login  账号 abel 密码 123
-    @RequestMapping(value = "/home", method = RequestMethod.GET)
-    @ResponseBody
-    public String viewHome() {
-        return "hello SpringSecurity";
-    }
-}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/dao/UserDao.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/dao/UserDao.java
+package com.us.example.dao;
+import com.us.example.config.MyBatisRepository;
+import com.us.example.domain.SysUser;
+@MyBatisRepository
+public interface UserDao {
+    public SysUser findByUserName(String username);
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/domain/Msg.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/domain/Msg.java
+package com.us.example.domain;
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+    public class Msg {
+        private String title;
+        private String content;
+        private String etraInfo;
+        public Msg(String title, String content, String etraInfo) {
+            super();
+            this.title = title;
+            this.content = content;
+            this.etraInfo = etraInfo;
+        }
+        public String getTitle() {
+            return title;
+        }
+        public void setTitle(String title) {
+            this.title = title;
+        }
+        public String getContent() {
+            return content;
+        }
+        public void setContent(String content) {
+            this.content = content;
+        }
+        public String getEtraInfo() {
+            return etraInfo;
+        }
+        public void setEtraInfo(String etraInfo) {
+            this.etraInfo = etraInfo;
+        }
+    }
--- a/springboot-SpringSecurity/src/main/java/com/us/example/domain/SysRole.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/domain/SysRole.java
+package com.us.example.domain;
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+public class SysRole {
+    private Integer id;
+    private String name;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public String getName() {
+        return name;
+    }
+    public void setName(String name) {
+        this.name = name;
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/domain/SysUser.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/domain/SysUser.java
+package com.us.example.domain;
+import java.util.List;
+/**
+ * Created by yangyibo on 17/1/17.
+ */
+public class SysUser {
+    private Integer id;
+    private String username;
+    private String password;
+    private List<SysRole> roles;
+    public Integer getId() {
+        return id;
+    }
+    public void setId(Integer id) {
+        this.id = id;
+    }
+    public String getUsername() {
+        return username;
+    }
+    public void setUsername(String username) {
+        this.username = username;
+    }
+    public String getPassword() {
+        return password;
+    }
+    public void setPassword(String password) {
+        this.password = password;
+    }
+    public List<SysRole> getRoles() {
+        return roles;
+    }
+    public void setRoles(List<SysRole> roles) {
+        this.roles = roles;
+    }
+}
--- a/springboot-SpringSecurity/src/main/java/com/us/example/security/CustomUserService.java
+++ b/springboot-SpringSecurity/src/main/java/com/us/example/security/CustomUserService.java
+package com.us.example.security;
+import com.us.example.dao.UserDao;
+import com.us.example.domain.SysRole;
+import com.us.example.domain.SysUser;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+import org.springframework.security.core.userdetails.UserDetailsService;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
+import org.springframework.stereotype.Service;
+import java.util.ArrayList;
+import java.util.List;
+/**
+ * Created by yangyibo on 17/1/18.
+ */
+@Service
+public class CustomUserService implements UserDetailsService { //自定义UserDetailsService 接口
+    @Autowired
+    UserDao userDao;
+    @Override
+    public UserDetails loadUserByUsername(String username) { //重写loadUserByUsername 方法获得 userdetails 类型用户
+        SysUser user = userDao.findByUserName(username);
+        if(user == null){
+            throw new UsernameNotFoundException("用户名不存在");
+        }
+        List<SimpleGrantedAuthority> authorities = new ArrayList<>();
+        //用于添加用户的权限。只要把用户权限添加到authorities 就万事大吉。
+        for(SysRole role:user.getRoles())
+        {
+            authorities.add(new SimpleGrantedAuthority(role.getName()));
+            System.out.println(role.getName());
+        }
+        return new org.springframework.security.core.userdetails.User(user.getUsername(),
+                user.getPassword(), authorities);
+    }
+}
--- a/springboot-SpringSecurity/src/main/resources/application.properties
+++ b/springboot-SpringSecurity/src/main/resources/application.properties
+ms.db.driverClassName=com.mysql.jdbc.Driver
+ms.db.url=jdbc:mysql://localhost:3306/cache?characterEncoding=utf-8&useSSL=false
+ms.db.username=root
+ms.db.password=admin
+ms.db.maxActive=500
+logging.level.org.springframework.security= INFO
+spring.thymeleaf.cache=false
--- a/springboot-SpringSecurity/src/main/resources/mapper/UserDaoMapper.xml
+++ b/springboot-SpringSecurity/src/main/resources/mapper/UserDaoMapper.xml
+<?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE mapper PUBLIC "-//mybatis.org//DTD Mapper 3.0//EN" "http://mybatis.org/dtd/mybatis-3-mapper.dtd">
+<mapper namespace="com.us.example.dao.UserDao">
+    <resultMap id="userMap" type="com.us.example.domain.SysUser">
+        <id property="id" column="ID"/>
+        <result property="username" column="username"/>
+        <result property="password" column="PASSWORD"/>
+        <collection property="roles" ofType="com.us.example.domain.SysRole">
+            <result column="name" property="name"/>
+        </collection>
+    </resultMap>
+    <select id="findByUserName" parameterType="String" resultMap="userMap">
+		select u.*
+		,r.name
+		from Sys_User u
+        LEFT JOIN sys_role_user sru on u.id= sru.Sys_User_id
+        LEFT JOIN Sys_Role r on sru.Sys_Role_id=r.id
+        where username= #{username}
+	</select>
+</mapper>
\ No newline at end of file
--- a/springboot-SpringSecurity/src/main/resources/static/css/bootstrap.min.css
+++ b/springboot-SpringSecurity/src/main/resources/static/css/bootstrap.min.css
--- a/springboot-SpringSecurity/src/main/resources/templates/home.html
+++ b/springboot-SpringSecurity/src/main/resources/templates/home.html
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org" 
+	  xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
+<head>
+<meta content="text/html;charset=UTF-8"/>
+<title sec:authentication="name"></title>
+<link rel="stylesheet" th:href="@{css/bootstrap.min.css}" />
+<style type="text/css">
+body {
+  padding-top: 50px;
+}
+.starter-template {
+  padding: 40px 15px;
+  text-align: center;
+}
+</style>
+</head>
+<body>
+	 <nav class="navbar navbar-inverse navbar-fixed-top">
+      <div class="container">
+        <div class="navbar-header">
+          <a class="navbar-brand" href="#">Spring Security演示</a>
+        </div>
+        <div id="navbar" class="collapse navbar-collapse">
+          <ul class="nav navbar-nav">
+           <li><a th:href="@{/}"> 首页 </a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+      </div>
+    </nav>
+     <div class="container">
+      <div class="starter-template">
+      	<h1 th:text="${msg.title}"></h1>
+		<p class="bg-primary" th:text="${msg.content}"></p>
+		<div sec:authorize="hasRole('ROLE_ADMIN')"> <!-- 用户类型为ROLE_ADMIN 显示 -->
+		 	<p class="bg-info" th:text="${msg.etraInfo}"></p>
+		</div>	
+		<div sec:authorize="hasRole('ROLE_USER')"> <!-- 用户类型为 ROLE_USER 显示 -->
+		 	<p class="bg-info">无更多信息显示</p>
+		</div>	
+        <form th:action="@{/logout}" method="post">
+            <input type="submit" class="btn btn-primary" value="注销"/>
+        </form>
+      </div>
+    </div>
+</body>
+</html>
--- a/springboot-SpringSecurity/src/main/resources/templates/login.html
+++ b/springboot-SpringSecurity/src/main/resources/templates/login.html
+<!DOCTYPE html>
+<html xmlns:th="http://www.thymeleaf.org">
+<head>
+<meta content="text/html;charset=UTF-8"/>
+<title>登录页面</title>
+<link rel="stylesheet" th:href="@{css/bootstrap.min.css}"/>
+<style type="text/css">
+	body {
+  padding-top: 50px;
+}
+.starter-template {
+  padding: 40px 15px;
+  text-align: center;
+}
+</style>
+</head>
+<body>
+	 <nav class="navbar navbar-inverse navbar-fixed-top">
+      <div class="container">
+        <div class="navbar-header">
+          <a class="navbar-brand" href="#">Spring Security演示</a>
+        </div>
+        <div id="navbar" class="collapse navbar-collapse">
+          <ul class="nav navbar-nav">
+           <li><a th:href="@{/}"> 首页 </a></li>
+          </ul>
+        </div><!--/.nav-collapse -->
+      </div>
+    </nav>
+     <div class="container">
+      <div class="starter-template">
+       <p th:if="${param.logout}" class="bg-warning">已成功注销</p><!-- 1 -->
+			<p th:if="${param.error}" class="bg-danger">有错误，请重试</p> <!-- 2 -->
+			<h2>使用账号密码登录</h2>
+			<form name="form" th:action="@{/login}" action="/login" method="POST"> <!-- 3 -->
+				<div class="form-group">
+					<label for="username">账号</label>
+					<input type="text" class="form-control" name="username" value="" placeholder="账号" />
+				</div>
+				<div class="form-group">
+					<label for="password">密码</label>
+					<input type="password" class="form-control" name="password" placeholder="密码" />
+				</div>
+				<input type="submit" id="login" value="Login" class="btn btn-primary" />
+			</form>
+      </div>
+    </div>
+</body>
+</html>
\ No newline at end of file