I started to use most is written in the following configuration file defines the encoding, but custom passwordEncoder not completely, bosses give directions, if you can bother writing specific implementation class, and how to follow spring ws-security associated

 

HTTP: security permissions, none, eliminate resources 
Whether HTTP: auto - config: automatic configuration 
When set to true framework will provide some of the default configuration, such as providing the default login page, appropriate treatment, etc. 
When set to false need to display to provide the login form configuration, otherwise an error 
Use - expressions: used to specify the intercept - whether in the url access attributes using the expression (SpEL expression) 
--> 
Login - processing - url="/SEC/login. Do" 
Authentication failure - forward - url="/user/loginFail. Do" 
Authentication success - forward - url="/user/loginSuccess. Do"/& gt; 
Logout: log out 
Logout - url: log out the corresponding operation request path 
The logout success - url: 
 logged out after the jump page--> 
Logout success - url="http://localhost:8080/pages/login.html" 
Invalidate - session="true"/& gt; 
CSRF: corresponding CsrfFilter filters 
Disabled: if you use a custom login page need to shut down this, otherwise the login operation will be disabled (403) 
--> 
 
 
Authentication - provider: authentication provider, perform specific authentication logic 
--> 
 
 
 CodePudding user response: 
Don't sink drain