首先在pom中引入:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
为了方便介绍将case1的前两张图片 定义为模块一 和模块二 ;
case1:只能登陆就可以:
@EnableWebSecurity
@Configuration
class SpringSecurityConfig extends WebSecurityConfigurationAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("123456").roles("seller");
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/js/**", "/css/**", "images/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.anyRequest().authenticated()
.and().logout().permitAll()
.and().formLogin();
http.csrf().disable();
}
}
package com.yumin.security;
import com.fasterxml.jackson.annotation.JsonInclude;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.authentication.configuration.EnableGlobalAuthentication;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.jws.HandlerChain;
@SpringBootApplication
@RestController
public class SecurityApplication {
public static void main(String[] args) {
SpringApplication.run(SecurityApplication.class, args);
}
@GetMapping("/")
public String index(){
return "hello , home!";
}
@GetMapping("/plc")
public String login(){
return "hello ,plc !";
}
}
case2:
有指定的角色 ,每个角色有不同的权限
首先我们添加几个角色:
在模块一改动为:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("admin").roles("BOSS");
auth.inMemoryAuthentication().withUser("yumin").password("yumin").roles("BOSS");
auth.inMemoryAuthentication().withUser("yanyuye").password("yanyuye").roles("WORK");
}
添加了两个BOSS 一个Work
那么我们处理模块二:
写了一个新方法 :
@PreAuthorize("hasRole('ROLE_BOSS')")
@GetMapping("/tolk")
public String tolk(){
return "boss is tolking";
}
这个方法上面写了@PreAuthorize("hasRole('ROLE_BOSS')")
注意:
这个注解"ROLE_BOSS" ROLE_XXX 是一个前缀
这样的话是不是就可以了? No 还差一个启动注解
@EnableGlobalMethodSecurity(prePostEnabled = true)
想使用@PreAuthorize("hasRole('Role_Boss')") 或者@PostAuthorize() 必须在该类上面加上@EnableGlobalMethodSecurity(prePostEnable=true)
case:3
从数据库里面取出数据(模仿拿出数据)
1.首先实现写一个类实现UserDetailsService
@Component
public class MyUserService implements UserDetailsService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
Collection<GrantedAuthority> collections = getAuthorities();
return new User("admin", "admin", true, true, true, true, collections);
}
private Collection<GrantedAuthority> getAuthorities() {
List<GrantedAuthority> authList = new ArrayList<GrantedAuthority>();
authList.add(new SimpleGrantedAuthority("ROLE_USER"));
return authList;
}
}
然后吧这个类配置到模块一的configuration方法中
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.inMemoryAuthentication().withUser("admin").password("admin").roles("BOSS");
// auth.inMemoryAuthentication().withUser("yumin").password("yumin").roles("BOSS");
// auth.inMemoryAuthentication().withUser("yanyuye").password("yanyuye").roles("WORK");
auth.userDetailsService(myUserService).passwordEncoder(myPasswordEncoder) ;
}
手写的注销掉就可以了
然后这个地方我们用到的是