Use of Spring Security Primer (2-3) httpsecurity

So far our securityconfig has only included information on how to verify our users.

How does Spring security know that we want to authenticate all users?
How does Spring security know that we need to support forms-based validation?
The reason is that our Securityconfig class inherits the Websecurityconfigureradapter in
The Configure (Httpsecurity http) method provides a default configuration,
Looks similar to the following:

protected void Configure (Httpsecurity http) throws Exception {
http
. Authorizerequests ()
. Anyrequest (). Authenticated ()
. and ()
. Formlogin ()
. and ()
. Httpbasic ();
}

The default configuration instructions above:
Ensure that all requests in our application require the user to be authenticated
Allow users to perform forms-based authentication
Allow users to authenticate using HTTP Basic authentication
You can see that this configuration is similar to the following XML naming configuration:

<intercept-url pattern= "/**" access= "authenticated"/>

<form-login/>

Authorizerequests (), Formlogin (), Httpbasic () The three methods returned were Expressionurlauthorizationconfigurer, Formloginconfigurer , Httpbasicconfigurer, they are the implementation classes of the Securityconfigurer interface, each representing a different type of security configurator.
Overall: Httpsecurity is an implementation class for the Securitybuilder interface, which we can see from the name is an HTTP security-related builder. Of course, we may need some configuration when we build it, and when we call the method of the Httpsecurity object, we are actually doing the configuration.
What is the final result of the configuration?
Basically, each Securityconfigurer sub-class corresponds to one or more filters
Visible Expressionurlauthorizationconfigurer, Formloginconfigurer, The filters for the Httpbasicconfigurer Three Configurator are Filtersecurityinterceptor, Usernamepasswordauthenticationfilter, Basicauthenticationfilter.
The Httpsecuirty internally maintains a filter's list collection, and the filters that we add to the various security Configurator will eventually be added to the list collection.
Configure Form Login
protected void Configure (Httpsecurity http) throws Exception {
http
. Authorizerequests ()
. Anyrequest (). Authenticated ()
. and ()
. Formlogin ()
. LoginPage ("/login")//1
. Permitall (); 2
}

1, the updated configuration, specify the location of the login page
2. We must allow all users, regardless of whether they are logged in or not, to access this page. Formlogin (). Permitall () allows all users to access this page.
You can customize the parameter name of the user name and password, but you cannot modify the Post method request/login this URL

. Formlogin ()
. LoginPage ("/login")
. Usernameparameter ("uname")//custom user Name Parameter name
. Passwordparameter ("pwd")//Custom Password parameter name

Use of Spring Security Primer (2-3) httpsecurity