点击查看表单登录配置项的规则:
可以看到其原码如下:
<xs:attribute name="login-processing-url" type="xs:token">
<xs:annotation>
<xs:documentation>The URL that the login form is posted to. If unspecified, it defaults to /login.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="username-parameter" type="xs:token">
<xs:annotation>
<xs:documentation>The name of the request parameter which contains the username. Defaults to 'username'.
</xs:documentation>
</xs:annotation>
</xs:attribute>
<xs:attribute name="password-parameter" type="xs:token">
<xs:annotation>
<xs:documentation>The name of the request parameter which contains the password. Defaults to 'password'.
</xs:documentation>
</xs:annotation>
</xs:attribute>可以看到,当没有指定username,password,以及登录的url的时候,默认就是username,password,/login
所以在页面的配置上就必须写这些属性
一个问题是:为什么表单登录的前台必须要用post方法来登录,菜会成功,用get的方式就不行,待解决
看下面的原码的解释:
<xs:attribute name="request-matcher-ref" type="xs:token">
<xs:annotation>
<xs:documentation>The RequestMatcher instance to be used to determine if CSRF should be applied. Default is
any HTTP method except "GET", "TRACE", "HEAD", "OPTIONS"
</xs:documentation>
</xs:annotation>