pom文件
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
web.xml
<!-- spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" always-use-default-target="true" default-target-url="/index"
authentication-failure-url="/login?error=error" />
<logout logout-url="/logout" logout-success-url="/login" invalidate-session="true"/>
<csrf disabled="true" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.4.RELEASE</version>
</dependency>
web.xml
<!-- spring security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
spring-security.xml
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security.xsd">
<http auto-config="true" use-expressions="true">
<intercept-url pattern="/login" access="permitAll" />
<intercept-url pattern="/*" access="hasRole('ROLE_USER')" />
<form-login login-page="/login" always-use-default-target="true" default-target-url="/index"
authentication-failure-url="/login?error=error" />
<logout logout-url="/logout" logout-success-url="/login" invalidate-session="true"/>
<csrf disabled="true" />
</http>
<authentication-manager>
<authentication-provider>
<user-service>
<user name="admin" password="admin" authorities="ROLE_USER" />
</user-service>
</authentication-provider>
</authentication-manager>
</beans:beans>
login.html
<!DOCTYPE html> <html> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <!-- The above 3 meta tags *must* come first in the head; any other head content must come *after* these tags --> <meta name="description" content=""> <meta name="author" content=""> <title></title> <link rel="stylesheet" href="js/bootstrap/css/bootstrap.css" /> <style type="text/css"> .form{ background: rgba(255,255,255,0.2); width:500px; height: 250px; position: absolute; left:50%; top:50%; margin-left:-250px; margin-top:-150px; border-radius: 10px; text-align: center; } /*.form{background: red;width:400px;margin:250px auto;}*/ .errorMessage{ text-align: left; color:red; } </style> </head> <body style="background:#3f4843"> <div class="container" > <form class="form-horizontal form" id="login_form" action="/login" method="post"> <h3 class="form-title">深圳后台管理系统</h3> <div class="form-group"> <label id="errMessage" class="col-sm-6 control-label errorMessage">${errorMessage}</label> </div> <div class="form-group"> <label class="col-sm-4 control-label">用户名:</label> <div class="col-sm-6"> <input class="form-control" name="username" type="text" placeholder="用户名..."> </div> </div> <div class="form-group"> <label class="col-sm-4 control-label">密码:</label> <div class="col-sm-6"> <input class="form-control" name="password" type="text" placeholder="密码..."> </div> </div> <#--<div class="form-group">--> <#--<label class="checkbox">--> <#--<input type="checkbox" name="remember" value="1"/>记住我--> <#--</label>--> <#--</div>--> <div class="form-group col-md-offset-3"> <button type="submit" class="btn btn-success" style="margin-left:250px;" name="submit">登录</button> </div> </form> </div> </body> <script type="text/javascript" src="js/jquery.js"></script> <script type="text/javascript" src="js/bootstrap/js/bootstrap.js"></script> </html>