SpringSecurit配置类表单登录
1:protected void configure(HttpSecurity http) throws Exception {
super.configure(http); }
1.1:suoer.config(http)很重要:源码中有一句是:会拦截任意请求
2:以下是http的用法:
////授权请求,后一句话表示除了"/layui/**"这个路径下的都需要认证。 http.authorizeRequests().antMatchers("/layui/**","/index.jsp").permitAll().anyRequest().authenticated();
如下:(父类的config()方法)
2:访问受限页面去登录页面提示登录,配置开启表单登录功能
因为父类的config方法中指定了登录失败去登录页(.formLogin()),而我们又注销了super.config();所以我们需要手动指定:
http.formLogin().loginPage("/index.jsp");
-------------------------------------------------------------------------------------------------------------
http.formLogin().loginPage("/login").permitAll();表示的是: SpringSecurit默认的表单登录:
规则:
-------/login GET - the login form
-------/login POST - process the credentials and if valid authenticate the user
------- /login?error GET - redirect here for failed authentication attempts
-------- /login?logout GET - redirect here after successfully logging out
*
但是:一但你指定了表单登录页面地址,规则就发生变化:
--------index.jsp GET - the login form
--------
/index.jsp POST - process the credentials and if valid authenticate the user
--------
/index.jsp?error GET - redirect here for failed authentication attempts
--------
/index.jsp?logout GET - redirect here after successfully logging out
*
并且:你需要指定相应的:如下:
<form action="${PATH }/index.jsp" method="post">
1:表单的action里边:必须是你的登录页面的地址,
2:
method :必须是post方式、
补充:${SPRING_SECURITY_LAST_EXCEPTION.message}:取出错误信息
网友评论