在配置类中实现相关的配置

@Overrideprotected void configure(HttpSecurity http) throws Exception {http.formLogin() //自定义自己编写的登陆页面.loginPage("/login.html") //登陆页面设置.loginProcessingUrl("/user/login") //登陆访问路径.defaultSuccessUrl("/test/index").permitAll() //登陆成功之后，跳转路径.and().authorizeRequests().antMatchers("/","/test/hello","/user/login").permitAll() //设置哪些路径可以直接访问，不需要认证.anyRequest().authenticated().and().csrf().disable(); //关闭csrf防护}

创建出相关页面，controller

<!DOCTYPE html><html lang="en"><head><meta charset="UTF-8"><title>Title</title></head><body><form action="/user/login" method="post">用户名:<input type = "text" name = "username"><br/>密码:<input type = "text" name = "password"><br/><input type = "submit" value = "login"></form></body></html>

特别注意，表单那两个value必须是username和password，阅读UsernamePasswordAuthenticationFilter的源码就知道为什么了！

controller

package com.atguigu.securitydemo1.controller;import org.springframework.web.bind.annotation.GetMapping;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RestController@RequestMapping("/test")public class TestController {@GetMapping("hello")public String hello(){return "hello security";}@GetMapping("index")public String index(){return "hello index";}}

测试