1. 自定义access deny页面
只要在加一个access-denied-page就好
<http auto-config='true' access-denied-page="/noauth.jsp">
noauth.jsp
<body> <h1>Access Denied</h1> <hr> <div class="error"> 访问被拒绝<br> ${requestScope['SPRING_SECURITY_403_EXCEPTION'].message} </div> <hr> </body>
2. 自定义login页面
添加如下:
<http auto-config='true' access-denied-page="/noauth.jsp"> <intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <form-login login-page="/login.jsp" authentication-failure-url="/login.jsp?error=true" default-target-url="/" /> </http>
login.jsp
<body> <div class="error ${param.error == true ? '' : 'hide'}"> 登陆失败<br> ${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message} </div> <form action="${pageContext.request.contextPath}/j_spring_security_check" method="post" style="width: 260px; text-align: center;"> <fieldset> <legend>登陆</legend> 用户: <input type="text" name="j_username" style="width: 150px;" value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" /><br /> 密码: <input type="password" name="j_password" style="width: 150px;" /><br /> <input type="checkbox" name="_spring_security_remember_me" />两周之内不必登陆<br /> <input type="submit" value="登陆" /> <input type="reset" value="重置" /> </fieldset> </form> </body>