案例1:
http .authorizeRequests() //请求路径“/”容许访问 .antMatchers("/").permitAll() //其它请求都需要校验才能访问 .anyRequest().authenticated() .and() // 定义登录的页面为“/login”,容许访问 .formLogin().loginPage("/login").permitAll() .and() //默认的“/logout”,容许访问 .logout().permitAll();案例2:
@Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/").permitAll() //必须有“USER”角色的才能访问 .antMatchers("/user/**").hasAuthority("USER") .and() //登陆成功以后默认访问路径 .formLogin().loginPage("/login").defaultSuccessUrl("/user") .and() //注销以后默认访问路径 .logout().logoutUrl("/logout").logoutSuccessUrl("/login"); http.addFilterAt(customFromLoginFilter(), UsernamePasswordAuthenticationFilter.class); }案例三:
@Override public void configure(WebSecurity web) throws Exception { web.ignoring() .antMatchers( "/js/**", "/css/**", "/img/**", "/webjars/**"); }