1. 自定义access deny页面
只要在加一个access-denied-page就好
<http auto-config='true' access-denied-page="/noauth.jsp">
noauth.jsp
<body>
<h1>Access Denied</h1>
<hr>
<div class="error">
访问被拒绝<br>
${requestScope['SPRING_SECURITY_403_EXCEPTION'].message}
</div>
<hr>
</body>
2. 自定义login页面
添加如下:
<http auto-config='true' access-denied-page="/noauth.jsp">
<intercept-url pattern="/login.jsp" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<form-login login-page="/login.jsp"
authentication-failure-url="/login.jsp?error=true"
default-target-url="/" />
</http>
login.jsp
<body>
<div class="error ${param.error == true ? '' : 'hide'}">
登陆失败<br>
${sessionScope['SPRING_SECURITY_LAST_EXCEPTION'].message}
</div>
<form
action="${pageContext.request.contextPath}/j_spring_security_check"
method="post" style="width: 260px; text-align: center;">
<fieldset>
<legend>登陆</legend>
用户: <input type="text" name="j_username" style="width: 150px;"
value="${sessionScope['SPRING_SECURITY_LAST_USERNAME']}" /><br />
密码: <input type="password" name="j_password" style="width: 150px;" /><br />
<input type="checkbox" name="_spring_security_remember_me" />两周之内不必登陆<br />
<input type="submit" value="登陆" /> <input type="reset" value="重置" />
</fieldset>
</form>
</body>