Refer to this link
Here are some notes that common change in page or configuration files:
- default URL for login and logout form action are changed:
/j_spring_security_logout to /logout
/j_spring_security_check to /login
So we need to change our JSP content for these two.
- Default csrf is enabled… so if you want to be disabled, just add this
<csrf disabled=”true”/> in the <http />tag
If you want enable, you do not need to do sth.
- <access-denied-handler error-page=”/page/403″ /> put inside the <http />
not like old on as the attribute <http *** />
- If you have more than one roles, you can not use the
access=”ROLE_USER,ROLE_ADMIN” any more, you have to change to<http auto-config=”true” use-expressions=”true” >
<intercept-url ……. access=”hasAnyRole(‘ROLE_USER’,’ROLE_ADMIN’)” …..you maybe have others need changes, need to refer to reference page