1.首先搭建一个简单的模型
index.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<a th:href="@{/toLogin}">登陆</a>
<a th:href="@{/logout}">注销</a> <br>
<table>
<tr>
<td >
<a th:href="@{/leave_1/1}">leave_1_1</a>
</td>
<td>
<a th:href="@{/leave_1/2}">leave_1_2</a>
</td>
<td>
<a th:href="@{/leave_1/3}">leave_1_3</a>
</td>
</tr>
<tr>
<td>
<a th:href="@{/leave_2/1}">leave_2_1</a>
</td>
<td>
<a th:href="@{/leave_2/2}">leave_2_2</a>
</td>
<td>
<a th:href="@{/leave_2/3}">leave_2_3</a>
</td>
</tr>
<tr>
<td>
<a th:href="@{/leave_3/1}">leave_3_1</a>
</td>
<td>
<a th:href="@{/leave_3/2}">leave_3_2</a>
</td>
<td>
<a th:href="@{/leave_3/3}">leave_3_3</a>
</td>
</tr>
</table>
</body>
</html>
login.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form th:action="@{/securitylogin}" method="post">
用户名:<input type="text" name="username">
<br>
密码:<input type="password" name="password">
<br>
<input type="submit" value="登陆">
</form>
</body>
</html>
其他的leave页面里面只是随便写了一句话
2.导包和写配置类
添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
写配置类
package com.example.studysecurity.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class securityConfig extends WebSecurityConfigurerAdapter {
//授权
@Override
protected void configure(HttpSecurity http) throws Exception {
//此处设置首页和登陆页所有人都可以访问,但是对应的leave页面只有对应的权限的用户才可以访问
//这个方法属于链式编程
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/login").permitAll()
.antMatchers("/leave_1/**").hasRole("vip1")
.antMatchers("/leave_2/**").hasRole("vip2")
.antMatchers("/leave_3/**").hasRole("vip3");
//没有权限会跳转导login页面,这个login也买你并不是我再自己写的login页面,要开启后才会跳到自己写的的登陆页面
//http.formLogin();//写好的login页面
http.formLogin().loginPage("/toLogin").loginProcessingUrl("/securitylogin");
//自己写的login页面,但记住我们写的表单提交也要从login改为这个路径(securitylogin)
http.logout().deleteCookies("remove").invalidateHttpSession(true).logoutSuccessUrl("/");//开启注销,清除session,跳回首页
http.rememberMe();//开启记住我功能,利用cookie实现
}
//认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//密码如果没有加密的话再一些版本会报500
//虚假数据
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("Pning_12").password(new BCryptPasswordEncoder().encode("123")).roles("vip1","vip2")
.and()
.withUser("Pning_123").password(new BCryptPasswordEncoder().encode("123")).roles("vip1","vip2","vip3");
}
}
到这里其实就已经可以进行简单的权限认证了,此处的认证我暂时用的还是从内存读的假数据,也就是完全没有使用到数据库格式,到时候会补充上数据库的形式
SpringMVC部分
package com.example.studysecurity.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class LoginController {
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
@RequestMapping("/leave_1/{viewId}")
public String toLeaveOneView(@PathVariable("viewId") int viewId){
return "/views/leave_1/leave_1_"+viewId;
}
@RequestMapping("/leave_2/{viewId}")
public String toLeaveTwoView(@PathVariable("viewId")int viewId){
return "/views/leave_2/leave_2_"+viewId;
}
@RequestMapping("/leave_3/{viewId}")
public String toLeaveThreeView(@PathVariable("viewId")int viewId){
return "/views/leave_3/leave_3_"+viewId;
}
}
项目在码云里,可自取