一.使用自定义登录页面
1.首先关闭 登录页面 , 登录错误后跳转页面, 登录成功后跳转页面 的拦截
<!--不拦截静态资源-->
<security:http pattern="/css/**" security="none"></security:http>
<security:http pattern="/img/**" security="none"></security:http>
<security:http pattern="/plugins/**" security="none"></security:http>
<!--不拦截登录 不拦截 error-->
<security:http pattern="/login.jsp" security="none"/>
<security:http pattern="/file.jsp" security="none"/>
<security:http pattern="/index.ico" security="none"/>
2.自定义登录页面
<security:http use-expressions="false"> <security:intercept-url pattern="/**" access="ROLE_USER"/> <!--开启表单登录 login-page="" 登录页面
login-processing-url="/log" 登录提交页面路径,默认login default-target-url="" 登录成功页面 authentication-failure-url="" 登录失败页面 --> <security:form-login login-page="/login.jsp" login-processing-url="/log" default-target-url="/index.jsp" authentication-failure-url="/file.jsp" /> <!--关闭跨越请求 如果没有关闭会报403错误--> <security:csrf disabled="true"/>
</security:http>
二. 从数据库查询用户登录
1.修改spring-security配置
<!-- 配置认证登录信息 从数据库读取账户-->
<security:authentication-manager>
<!--提供服务类 去数据库查询账户密码-->
<security:authentication-provider user-service-ref="membersServiceImpl">
</security:authentication-provider>
</security:authentication-manager>
<security:authentication-manager>
<!--提供服务类 去数据库查询账户密码-->
<security:authentication-provider user-service-ref="membersServiceImpl">
</security:authentication-provider>
</security:authentication-manager>
2.创建pojo dao service层
注:service接口要继承UserDetailsService
public class MembersServiceImpl implements MembersService { @Autowired MembersDao membersDao; @Override public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException { //根据用户名获取对象
Members members = membersDao.findByName(username); if (members!=null){
//创建角色集合对象 Collection<GrantedAuthority> authorities = new ArrayList<>();
GrantedAuthority grantedAuthority = new SimpleGrantedAuthority("ROLE_USER"); authorities.add(grantedAuthority); User user = new User(members.getUserName(), "{noop}"+members.getPassword(), authorities); return user; } return null; } }
注:顺序不能错,先关闭要页面的拦截,再定义页面,否则无法运行