编写配置文件,继承WebSecurityConfigurerAdapter 接口,具体的使用参考
https://docs.spring.io/spring-security/site/docs/current/guides/html5/helloworld-boot.html
权限的授予与用户的认证规则
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
//授予
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("VIP1")
.antMatchers("/level2/**").hasRole("VIP2")
.antMatchers("/level3/**").hasRole("VIP3");
http.formLogin();//没有登录返回到登录页面
http.logout().logoutSuccessUrl("/");//注销后返回
http.rememberMe();//记住我
}
//认证
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).
withUser("user1").password("111111").roles("VIP1", "VIP2")
.and()
.withUser("user2").password("111111").roles("VIP2", "VIP3")
.and()
.withUser("user3").password("111111").roles("VIP1", "VIP3");
}
}