- 写一个自己的登录表单。
<body>
<h2>标准登录页面</h2>
<h3>表单登录</h3>
<form action="/login/form" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2"><button type="submit">登录</button></td>
</tr>
</table>
</form>
</body>
</html></title>
</head>
<body>
2.定义配置验证配置项 WebSecurityConfigurerAdapter
@Configuration
public class MySecurityConfigurer extends WebSecurityConfigurerAdapter {
@Bean
PasswordEncoder passwordEncoder()
{
// return NoOpPasswordEncoder.getInstance();
return new BCryptPasswordEncoder();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//formlogin登录
http.formLogin()
//自定义的登录页面
.loginPage("/login.html")
//让form表单的用户名和密码走 系统认证
.loginProcessingUrl("/login/form")
.and()
//任何请求都进行拦截
.authorizeRequests()
//不需要身份认证的项目。匹配器
.antMatchers("/login.html").permitAll()
//所有的请求
.anyRequest()
//都要身份认证
.authenticated()
.and()
//跨站请求关掉
.csrf().disable();
}
}
- 用户配置,UserDetailsService 这里可以配置成数据库连接
@Component
public class MyUserDetailsService implements UserDetailsService {
private Logger logger= LoggerFactory.getLogger(getClass());
@Autowired
PasswordEncoder passwordEncoder;
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
return new User("james",passwordEncoder.encode("123"), AuthorityUtils.commaSeparatedStringToAuthorityList("admin"));
}
}