spring-boot构建spring-security
pom文件
<dependencies>
security组件
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
热部署使用
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<optional>true</optional>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
配置security的config
package com.liuhy.springsecuritydemo.config;
import com.liuhy.springsecuritydemo.MyPasswordEncoder;
import com.liuhy.springsecuritydemo.MyUserDetailService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @Auther: liuhy
* @Date: 2018/12/6 15:30
*/
@Configuration
@EnableWebSecurity //开启springSecurity的功能
// 继承WebSecurityConfigurerAdapter,并重写它的方法来设置web安全的细节
public class WebSecutityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private MyUserDetailService myUserDetailService;
/**
* 通过authorizeRequests()定义哪些URL需要被保护、哪些
* 不需要被保护。
* 例如antMatchers("/","css","/js").permitAll()指定了不需要认证。
* 通过formLogin()定义当需要用户登录时候,转到的登录页面。
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.formLogin()
.and()
.logout().permitAll();
}
/**
* 添加用户
* 用户名 admin 密码123456 角色ADMIN
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("admin")
.password("123456").roles("ADMIN");
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("liuhy")
.password("123456").roles("USER");
//auth.userDetailsService(myUserDetailService).passwordEncoder(new MyPasswordEncoder());
}
}
MypasswordEncoder
encode定义加密方法,matches用于验证
package com.liuhy.springsecuritydemo;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.stereotype.Component;
/**
* @Auther: liuhy
* @Date: 2018/12/6 16:11
*/
@Component
public class MyPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return charSequence.toString().equals(s);
}
}
spring-security使用自定义的userDetail,以及使用其自带的库表等方式,待续。。。