- 项目简介
本项目在Spring boot的基础上继承Spring security功能。注:作为自己的学习心得记录下来,欢迎交流,不喜勿碰。
- 项目目录
主要的文件如上红框所示。
- 项目代码
pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>huahua</groupId> <artifactId>login02</artifactId> <version>0.0.1-SNAPSHOT</version> <packaging>jar</packaging> <name>login02</name> <description>Demo project for Spring Boot</description> <parent> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-parent</artifactId> <version>1.5.9.RELEASE</version> <relativePath/> <!-- lookup parent from repository --> </parent> <properties> <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding> <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding> <java.version>1.8</java.version> </properties> <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.security.web</groupId> <artifactId>spring-security-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> <dependency> <groupId>org.springframework.security</groupId> <artifactId>spring-security-test</artifactId> <scope>test</scope> </dependency> </dependencies> <build> <plugins> <plugin> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-maven-plugin</artifactId> </plugin> </plugins> </build> </project>
WebConfig.java
package huahua.login02.config; import org.springframework.context.annotation.Configuration; import org.springframework.util.ResourceUtils; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; /** * @author: zhanghuadi * @date: 2018/1/29 0029 * @description: 用于注入静态资源 */ @EnableWebMvc @Configuration public class WebConfig extends WebMvcConfigurerAdapter { @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { registry.addResourceHandler("/templates/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"/templates/"); registry.addResourceHandler("/static/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"/static/"); //registry.addResourceHandler("ml/**").addResourceLocations(ResourceUtils.CLASSPATH_URL_PREFIX+"ml/"); super.addResourceHandlers(registry); } }
WebSecurityConfig.java
package huahua.login02.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.builders.WebSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; /** * @author: zhanghuadi * @date: 2018/1/29 0029 * @description: 用于配置安全策略 */ @Configuration @EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) //开启security注解 public class WebSecurityConfig extends WebSecurityConfigurerAdapter{ /** * 设定登陆的账号和密码 * @param auth * @throws Exception */ @Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth .inMemoryAuthentication() .withUser("user").password("password").roles("USER"); } /** * 配置安全策略,即那些请求需要权限控制 * @param http * @throws Exception */ @Override protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/","/index").permitAll() .anyRequest().authenticated() .and() .formLogin() .loginPage("/login") .defaultSuccessUrl("/hello") .permitAll() .and() .logout() .logoutSuccessUrl("/index") .permitAll(); } /** * 此方法忽略对静态志愿的拦截,这样才能正常加载静态志愿文件 * @param web * @throws Exception */ @Override public void configure(WebSecurity web) throws Exception { web.ignoring().antMatchers("/static/css/*.*"); //可以仿照上面一句忽略静态资源 } }
PageController.java
package huahua.login02.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; /** * @author: zhanghuadi * @date: 2018/1/29 0029 * @description: 用于返回请求页面 */ @Controller public class PageController { @RequestMapping(value = "/") public String index(){ return "index"; } @RequestMapping(value = "/index") public String index1(){ return "index"; } @RequestMapping(value = "/hello") public String hello(){ return "hello"; } @RequestMapping(value = "/login") public String login(){ return "login"; } }
index.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"/> <title>index</title> </head> <body> <h1>index</h1> <p>Click <a href="hello.html">here</a> to see hello.</p> </body> </html>
hello.html
<!DOCTYPE html> <html lang="en" xmlns:th="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"/> <title>hello</title> <link href="../static/css/hello.css" rel="stylesheet" type="text/css"/> </head> <body> <h1>hello!你好!你现在访问页面是登陆过后才能看见的页面。 </h1> <form th:action="@{/logout}" method="post"> <input type="submit" value="Sign Out"/> </form> </body> </html>
login.html
<!DOCTYPE html> <html lang="en" xmlns:th="http://www.w3.org/1999/xhtml"> <head> <meta charset="UTF-8"/> <title>login</title> <!-- 新 Bootstrap 核心 CSS 文件 --> <link rel="stylesheet" href="http://cdn.bootcss.com/bootstrap/3.3.0/css/bootstrap.min.css"/> <!-- jQuery文件。务必在bootstrap.min.js 之前引入 --> <script src="http://cdn.bootcss.com/jquery/1.11.1/jquery.min.js"></script> <!-- 最新的 Bootstrap 核心 JavaScript 文件 --> <script src="http://cdn.bootcss.com/bootstrap/3.3.0/js/bootstrap.min.js"></script> <!--本地css文件引入--> <link rel="stylesheet" type="text/css" href="static/css/signin.css"/> </head> <body> <div class="container"> <!--form表单必须指定name="username" name="password"才行,如果不使用th:action,则需要注意使用隐藏域--> <form class="form-signin" th:action="@{/login}" method="post"> <h2 class="form-signin-heading">Please sign in</h2> <label for="inputEmail" class="sr-only">Email address</label> <input type="text" name="username" id="inputEmail" class="form-control" placeholder="Email address" required="required" autofocus="autofocus"/> <label for="inputPassword" class="sr-only">Password</label> <input type="password" name="password" id="inputPassword" class="form-control" placeholder="Password" required="required"/> <div class="checkbox"> <label> <input type="checkbox" value="remember-me"/> Remember me </label> </div> <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button> </form> </div> <!-- /container --> <!--<form th:action="@{/login}" method="post">--> <!--<div><label> User Name : <input type="text" name="username"/> </label></div>--> <!--<div><label> Password: <input type="password" name="password"/> </label></div>--> <!--<div><input type="submit" value="Sign In"/></div>--> <!--</form>--> </body> </html>
sign.css
body { padding-top: 40px; padding-bottom: 40px; background-color: #eee; } .form-signin { max-width: 330px; padding: 15px; margin: 0 auto; } .form-signin .form-signin-heading, .form-signin .checkbox { margin-bottom: 10px; } .form-signin .checkbox { font-weight: normal; } .form-signin .form-control { position: relative; height: auto; -webkit-box-sizing: border-box; -moz-box-sizing: border-box; box-sizing: border-box; padding: 10px; font-size: 16px; } .form-signin .form-control:focus { z-index: 2; } .form-signin input[type="email"] { margin-bottom: -1px; border-bottom-right-radius: 0; border-bottom-left-radius: 0; } .form-signin input[type="password"] { margin-bottom: 10px; border-top-left-radius: 0; border-top-right-radius: 0; }
此css文件才是最重要的,项目中的其他css文件是用于测试的,没有必要使用。
- 项目总结
本项目参考security官方教程,在原Spring boot项目上引入了Bootstrap,在项目过程中不能正常引入css文件,最终使用WebSecurityConfig.java中的
web.ignoring().antMatchers("/static/css/*.*");
方能正常使用。