配置类

@Configuration
public class SecurityConfigDiy extends WebSecurityConfigurerAdapter {

    @Autowired
    private UserDetailsService userDetailsService;

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }

    @Bean
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception{

        httpSecurity.formLogin()    //自定义自己编写的登录页面
                .loginPage("/login.html")    //登录页面设置
                .loginProcessingUrl("/user/login")  //登录访问路径 按登录按钮后跳转路径
                .defaultSuccessUrl("/test/index").permitAll()   //登录成功之后,跳转路径
                .and().authorizeRequests()
                .antMatchers("/","/test/hello","/user/login").permitAll()   //设置可以直接访问的路径
                .anyRequest().authenticated()
                .and().csrf().disable();    //关闭csrf防护

    }
}

页面

路径：/resources/static/login.html
强制要求name名称：
name="username"
name="password"

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>登录</title>
</head>
<body>
        <form action="/user/login" method="post" >
            用户名：<input type="text" name="username">
            <br/>
            密码：<input type="text" name="password">
            <br/>
            <input type="submit" value="登录">
        </form>
</body>
</html>

控制层

@RestController
@RequestMapping("/test")
public class TestController {

    @GetMapping("/hello")
    public String hello(){
        return "hello security";
    }

    @GetMapping("/index")
    public String index(){
        return "hello index";
    }
}

通过页面post传递过来的用户名密码
和根据用户名查询出来的用户名密码 比较

源码比较密码的地方