创建自定义 security 配置类 WebSecurityConfig 如下:
//@EnableWebSecurity(debug = false)
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
super.configure(http);
}
}
super.configure(http);中使用的默认配置为父类中的
protected void configure(HttpSecurity http) throws Exception {
this.logger.debug("Using default configure(HttpSecurity). "
+ "If subclassed this will potentially override subclass configure(HttpSecurity).");
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());//所有请求需要进行认证
http.formLogin();//开启form表单登录
http.httpBasic();//开启 Basic Auth 登录
}
那我们可以覆盖父类的配置,比如这样
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests((requests) -> requests.anyRequest().authenticated());
http.formLogin().usernameParameter("loginName").passwordParameter("passwd");//将登录用户名和密码改成我么需要的
http.httpBasic();
http.csrf().disable();//关闭csrf认证
}
}
使用post登录