案例1:
http
.authorizeRequests()
//请求路径“/”容许访问
.antMatchers("/").permitAll()
//其它请求都需要校验才能访问
.anyRequest().authenticated()
.and()
// 定义登录的页面为“/login”,容许访问
.formLogin().loginPage("/login").permitAll()
.and()
//默认的“/logout”,容许访问
.logout().permitAll();
案例2:
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
//必须有“USER”角色的才能访问
.antMatchers("/user/**").hasAuthority("USER")
.and()
//登陆成功以后默认访问路径
.formLogin().loginPage("/login").defaultSuccessUrl("/user")
.and()
//注销以后默认访问路径
.logout().logoutUrl("/logout").logoutSuccessUrl("/login");
http.addFilterAt(customFromLoginFilter(), UsernamePasswordAuthenticationFilter.class);
}
案例三:
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring()
.antMatchers(
"/js/**",
"/css/**",
"/img/**",
"/webjars/**");
}