⒈自定义登录页面
1 package cn.coreqi.security.config; 2 3 import org.springframework.context.annotation.Bean; 4 import org.springframework.context.annotation.Configuration; 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity; 6 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; 7 import org.springframework.security.crypto.password.NoOpPasswordEncoder; 8 import org.springframework.security.crypto.password.PasswordEncoder; 9 10 @Configuration 11 public class WebSecurityConfig extends WebSecurityConfigurerAdapter { 12 13 @Bean 14 public PasswordEncoder passwordEncoder(){ 15 return NoOpPasswordEncoder.getInstance(); 16 } 17 18 @Override 19 protected void configure(HttpSecurity http) throws Exception { 20 //http.httpBasic() //httpBasic登录 BasicAuthenticationFilter 21 http.formLogin() //表单登录 UsernamePasswordAuthenticationFilter 22 //.loginPage("/coreqi-signIn.html") //指定登录页面 23 .loginPage("/authentication/require") 24 .loginProcessingUrl("/authentication/form") //指定表单提交的地址用于替换UsernamePasswordAuthenticationFilter默认的提交地址 25 .and() 26 .authorizeRequests() //对授权请求进行配置 27 .antMatchers("/coreqi-signIn.html").permitAll() //指定登录页面不需要身份认证 28 .anyRequest().authenticated() //任何请求都需要身份认证 29 .and().csrf().disable(); //禁用CSRF 30 //FilterSecurityInterceptor 整个SpringSecurity过滤器链的最后一环 31 } 32 }
⒉自定义登录成功处理
⒊自定义登录失败处理