泡泡SpringSecurity2.1【认证-自定义登录页面】

 

 

 

<%--
  Created by IntelliJ IDEA.
  User: yubaby
  Date: 2021/8/16
  Time: 17:58
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>index</title>
</head>
<body>
    <h1>hi SpringSecurity</h1>
</body>
</html>
View Code
<%--
  Created by IntelliJ IDEA.
  User: yubaby
  Date: 2021/8/16
  Time: 22:17
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>home</title>
</head>
<body>
    <h1>欢迎光临home</h1>
</body>
</html>
View Code
<%--
  Created by IntelliJ IDEA.
  User: yubaby
  Date: 2021/8/16
  Time: 22:17
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>error</title>
</head>
<body>
    <h1>错误页面</h1>
</body>
</html>
View Code
<%--
  Created by IntelliJ IDEA.
  User: yubaby
  Date: 2021/8/16
  Time: 19:15
  To change this template use File | Settings | File Templates.
--%>
<%@ page contentType="text/html;charset=UTF-8" language="java" %>
<html>
<head>
    <title>login</title>
</head>
<body>
    <h1>自定义的登录页面</h1>
    <form action="/login" method="post">
        账号:<input type="text" name="username"><br>
        密码:<input type="password" name="password"><br>
        <input type="submit" value="登录">
    </form>
</body>
</html>
View Code
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
       xmlns:security="http://www.springframework.org/schema/security"
       xsi:schemaLocation="
       http://www.springframework.org/schema/beans
       http://www.springframework.org/schema/beans/spring-beans.xsd
       http://www.springframework.org/schema/security
       http://www.springframework.org/schema/security/spring-security.xsd
">


    <!--
        auto-config:表示自动加载SpringSecurity的配置文件
        use-expressions:表示使用Spring的EL表达式
     -->
    <security:http auto-config="true" use-expressions="true">
        <!-- 配置匿名访问登录页面(须在拦截资源之前配置)-->
        <security:intercept-url pattern="/login.jsp" access="permitAll()"/>

        <!--
            拦截资源
            pattern="/**" 表示拦截所有的资源
            access="hasAnyRole('ROLE_USER')" 表示只有ROLE_USER这个角色可以访问资源
         -->
        <security:intercept-url pattern="/**" access="hasAnyRole('ROLE_USER')" />

        <!--配置认证信息-->
        <security:form-login login-page="/login.jsp"
                             login-processing-url="/login"
                             default-target-url="/home.jsp"
                             authentication-failure-url="/error.jsp" />
        <!--配置注销-->
        <security:logout logout-url="/logout"
                         logout-success-url="/login.jsp" />
    </security:http>


    <!-- 认证用户信息 -->
    <security:authentication-manager>
        <security:authentication-provider>
            <security:user-service >
                <!-- 设置一个账号zhangsan 密码123 {noop}表示不加密 具有的角色是ROLE_USER-->
                <security:user name="zhangsan" authorities="ROLE_USER" password="{noop}123" />
                <security:user name="lisi" authorities="ROLE_USER" password="{noop}456" />
            </security:user-service>
        </security:authentication-provider>
    </security:authentication-manager>


</beans>
View Code

 

 访问http://localhost:8082/或http://localhost:8082/home.jsp页面后会自动跳转到自定义的登录页面,说明这个需求实现了

 

 

 

 

 

 

但是当我们提交了登录请求后页面出现了如下的错误

 

 

 原因是SpringSecurity默认开启了CSRF拦截

posted @ 2021-08-17 10:41  yub4by  阅读(55)  评论(0)    收藏  举报