泡泡SpringSecurity2.1【认证-自定义登录页面】
<%-- Created by IntelliJ IDEA. User: yubaby Date: 2021/8/16 Time: 17:58 To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>index</title> </head> <body> <h1>hi SpringSecurity</h1> </body> </html>
<%-- Created by IntelliJ IDEA. User: yubaby Date: 2021/8/16 Time: 22:17 To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>home</title> </head> <body> <h1>欢迎光临home</h1> </body> </html>
<%-- Created by IntelliJ IDEA. User: yubaby Date: 2021/8/16 Time: 22:17 To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>error</title> </head> <body> <h1>错误页面</h1> </body> </html>
<%-- Created by IntelliJ IDEA. User: yubaby Date: 2021/8/16 Time: 19:15 To change this template use File | Settings | File Templates. --%> <%@ page contentType="text/html;charset=UTF-8" language="java" %> <html> <head> <title>login</title> </head> <body> <h1>自定义的登录页面</h1> <form action="/login" method="post"> 账号:<input type="text" name="username"><br> 密码:<input type="password" name="password"><br> <input type="submit" value="登录"> </form> </body> </html>
<?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd "> <!-- auto-config:表示自动加载SpringSecurity的配置文件 use-expressions:表示使用Spring的EL表达式 --> <security:http auto-config="true" use-expressions="true"> <!-- 配置匿名访问登录页面(须在拦截资源之前配置)--> <security:intercept-url pattern="/login.jsp" access="permitAll()"/> <!-- 拦截资源 pattern="/**" 表示拦截所有的资源 access="hasAnyRole('ROLE_USER')" 表示只有ROLE_USER这个角色可以访问资源 --> <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" /> <!--配置认证信息--> <security:form-login login-page="/login.jsp" login-processing-url="/login" default-target-url="/home.jsp" authentication-failure-url="/error.jsp" /> <!--配置注销--> <security:logout logout-url="/logout" logout-success-url="/login.jsp" /> </security:http> <!-- 认证用户信息 --> <security:authentication-manager> <security:authentication-provider> <security:user-service > <!-- 设置一个账号zhangsan 密码123 {noop}表示不加密 具有的角色是ROLE_USER--> <security:user name="zhangsan" authorities="ROLE_USER" password="{noop}123" /> <security:user name="lisi" authorities="ROLE_USER" password="{noop}456" /> </security:user-service> </security:authentication-provider> </security:authentication-manager> </beans>
访问http://localhost:8082/或http://localhost:8082/home.jsp页面后会自动跳转到自定义的登录页面,说明这个需求实现了
但是当我们提交了登录请求后页面出现了如下的错误
原因是SpringSecurity默认开启了CSRF拦截
标签:
SpringSecurity
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· Linux系列:如何用heaptrack跟踪.NET程序的非托管内存泄露
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 【自荐】一款简洁、开源的在线白板工具 Drawnix
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
· Docker 太简单,K8s 太复杂?w7panel 让容器管理更轻松!