pom
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
controller
package com.example.boot01.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @USER: qiuzhihao
* @DATE: 2023/3/26
* @TIME: 22:33
*/
@RestController
public class UserController {
@GetMapping("/")
public String index(){
return "<h1>我是首页</h1>";
}
@GetMapping("/tologin")
public String login(){
return "<form method=\"post\" action=\"/login\">\n" +
" 用户:<input type=\"text\" name=\"user\">\n" +
" 密码:<input type=\"text\" name=\"pwd\">\n" +
" <input type=\"checkbox\" name=\"remember\">记住我\n" +
" <input type=\"submit\">\n" +
"</form>";
}
@GetMapping("/user")
public String getUser(){
return "user";
}
@GetMapping("/user1")
public String getUser1(){
return "user1";
}
@GetMapping("/user2")
public String getUser2(){
return "user2";
}
@GetMapping("/user3")
public String getUser3(){
return "user3";
}
}
securityConfig
package com.example.boot01.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
* @USER: qiuzhihao
* @DATE: 2023/3/28
* @TIME: 18:03
*/
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/user").permitAll()
.antMatchers("/user1").hasRole("user1")
.antMatchers("/user2").hasRole("user2")
.antMatchers("/user3").hasRole("user3");
http.csrf().disable();
//登入
// http.formLogin();
/*
formLogin 内置登入页
loginPage 定制登入页 需要执行= http.csrf().disable()
定制的表单 method=post action=(定制表单路径)
input name属性值分别为 username password
usernameParameter("user").passwordParameter("pwd") 自定义input name属性值 origin:username password
loginProcessingUrl 自定义action路径
*/
http.formLogin().loginPage("/tologin").usernameParameter("user").passwordParameter("pwd").loginProcessingUrl("/login");
// http.formLogin().loginPage("/tologin");
/*
logout 退出
logoutSuccessUrl 退出成功重定向到
*/
http.logout().logoutSuccessUrl("/");
//记住我 cookie 14天
/*
记住我 cookie 14天
rememberMeParameter 更改name属性值
*/
http.rememberMe().rememberMeParameter("remember");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 在内存中 inMemoryAuthentication
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("user1").password(new BCryptPasswordEncoder().encode("123")).roles("user1").and()
.withUser("user2").password(new BCryptPasswordEncoder().encode("123")).roles("user2").and()
.withUser("user3").password(new BCryptPasswordEncoder().encode("123")).roles("user3");
}
}