Spring Security 3.x 使用 spring_security_login 作为默认登录 URL (source: 官方文档).这可以设置为自定义值，如 并映射到控制器以呈现自定义页面.

Spring Security 3.x used spring_security_login as the default login URL (source: official documentation). This could be set to a custom value as <security:form-login login-page="/login"> and mapped to a controller to render a custom page.

Spring Security 4.x 已经放弃了 spring_security_login 并改用 login 作为默认登录 URL(source:官方Spring安全 4.x 迁移指南).因此，URL login 现在转到默认的 Spring Security 基础设施，显示默认的、自动生成的登录页面.

Spring Security 4.x has abandoned spring_security_login and switched to login as the default login URL (source: official Spring Security 4.x migration guide). Therefore, the URL login now goes to the default Spring Security infrastructure, that displays the default, auto-generated login page.

如果您使用 JSP 作为视图渲染技术，补救方法很简单.只需将您的登录页面重命名为 login.jsp，将其放入页面层次结构的根文件夹中，Spring Security 将自动选取它.如果您不使用 JSP，则必须使用不同的 login-page 值(可能是 signin 而不是 login，然后更改您的控制器映射也是如此.

The remedy is simple if you are using JSP as the view rendering technology. Simply rename your login page to login.jsp, drop it in the root folder of the page hierarchy and Spring Security will pick it up automatically. If you are not using JSP, you will have to use a different login-page value (perhaps signin instead of login and then change your controller mapping as well.

请注意，4.x 中的默认注销 URL 也发生了变化.如果您为注销 URL 编写了任何自定义逻辑，请务必一并查看.

Note that the default logout URL has also changed in 4.x. If you have any custom logic written for the logout URL, do make sure to review that as well.

请查看官方迁移指南，因为 4.x 中发生了很多变化.

Do review the official migration guide as a lot of things have changed in 4.x.