本文使用的版本为5.7.4,自spring security 5.7.3起,WebSecurityConfigurerAdapter
已标识为deprecated
,不再建议使用
Spring Security是一个功能强大且高度可定制的认证和授权框架,核心是一组过滤器链,不同的功能经由不同的过滤器。
认证(Authentication):身份验证
授权(Authorization):访问权限
加入Spring Security
依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
SiteController
内容如下
package com.example.curd.controller;
import com.example.curd.util.ResultUtil;
import org.springframework.web.bind.annotation.*;
@RestController
@RequestMapping("/site")
public class SiteController {
@GetMapping("/index")
public String index(){
return "site/index";
}
@GetMapping("/test")
public Object test()
{
return "site/test";
}
}
浏览器输入http://localhost:8081/site/index
回车
发现会被Spring Security
拦截,浏览器自动跳转到http://localhost:8081/login
Username
默认为user
,Password
可以在IDEA的控制台看到
输入账号密码登录后再次浏览
http://localhost:8081/site/index
即可看到site/index
当然也可以在application.properties
文件里面自定义账号和密码
spring.security.user.name=haha
spring.security.user.password=12345
定义配置类SecurityConfiguration
package com.example.curd.configuration;
import org.springframework.context.annotation.*;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
import static org.springframework.security.config.Customizer.withDefaults;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfiguration {
private static final String PASSWORD = "123456";
@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests((authorize) -> authorize
.anyRequest().authenticated()
)
.httpBasic(withDefaults())
.formLogin(withDefaults());
return http.build();
}
@Bean
public InMemoryUserDetailsManager userDetailsService() {
UserDetails user = User.builder()
.username("user")
.password(passwordEncoder().encode(PASSWORD))
.roles("USER")
.build();
return new InMemoryUserDetailsManager(user);
}
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
浏览器打开http://localhost:8081/site/index
进行测试