SpringSecurity

最新推荐文章于 2024-07-22 14:15:06 发布

栗子举一个

最新推荐文章于 2024-07-22 14:15:06 发布

阅读量106

点赞数

文章标签： java

本文链接：https://blog.csdn.net/m0_64892750/article/details/123808066

版权

依赖

<dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf</groupId>
            <artifactId>thymeleaf-spring5</artifactId>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-java8time</artifactId>
        </dependency>
        <!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity5 -->
<!--        thymeleaf整合security-->
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
            <version>3.0.4.RELEASE</version>
        </dependency>

前端导入

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
<!--未登录显示登录-->
<div sec:authorize="!isAuthenticated()"><a th:href="@{/login}">登录</a></div>
index
获取登录的用户名2.0.7boot版本
<div sec:authorize="isAuthenticated()">
    用户名:<span sec:authentication="name"></span>
<!--    角色:<span sec:authentication="principal.getAuthorities()"></span>-->
</div>
<!--已登录显示注销-->
<div sec:authorize="isAuthenticated()"><a th:href="@{/logout}">注销</a></div>

<div sec:authorize="hasAnyRole('vip1')">
    <a th:href="@{level1/1}">1-1</a>
    <a th:href="@{level1/2}">1-2</a>
    <a th:href="@{level1/3}">1-3</a>
</div>
<div sec:authorize="hasAnyRole('vip2')">
    <a th:href="@{level2/1}">2-1</a>
    <a th:href="@{level2/2}">2-2</a>
    <a th:href="@{level2/3}">2-3</a>
</div>
<div sec:authorize="hasAnyRole('vip3')">
    <a th:href="@{level3/1}">3-1</a>
    <a th:href="@{level3/2}">3-2</a>
    <a th:href="@{level3/3}">3-3</a>
</div>
</body>
</html>

代码

package com.example.springsecurity.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import javax.sql.DataSource;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //授权
    //链式编程
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //首页所有人都可以访问，功能页只有对应有权限的人才能访问

        //请求授权规则
        http.authorizeRequests().antMatchers("/").permitAll()
                //vip1能访问/level1/**
                .antMatchers("/level1/**").permitAll()
                //vip2能访问/level2/**
                .antMatchers("/level2/**").hasRole("vip2")
                //vip3能访问/level3/**
                .antMatchers("/level3/**").hasRole("vip3");
        //没权限跳到login页面
        http.formLogin().loginPage("/toLogin").usernameParameter("username").passwordParameter("pwd").loginProcessingUrl("login");//设置登录提交页loginPage
//        loginProcessingUrl("login") 登录页面usernameParameter("username").passwordParameter("pwd")自定义接受前端传来的参数
        //注销
        // deleteCookies("remove")清除Cookies
//        invalidateHttpSession(true) 清除session
        //logoutUrl("/")指定页面
        // logoutSuccessUrl("/") 注销成功后跳转页面
        http.csrf().disable();//防止网站工具：get post 默认开启防止攻击 关闭csrf
        http.logout().logoutSuccessUrl("/");
//        开启记住我 cookie实现,默认保存两周 自定义接受前端传来的数据（remember）
        http.rememberMe().rememberMeParameter("remember");
    }

    //认证
//密码编码PasswordEncoder
    //SpringSecurity 5.+新增了很多方法
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//        auth.jdbcAuthentication();数据库里面拿
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123")).roles("vip3", "vip2")
                //通过.and()继续写下一个用户
                .and().withUser("root").password(new BCryptPasswordEncoder().encode("123")).roles("vip1", "vip2", "vip3");
       /* @Autowired
        DataSource dataSource; 要注入DataSource才能进行操作*/
        //auth.jdbcAuthentication().dataSource(dataSource).withDefaultSchema().withUser("").password("");
    }
}

栗子举一个

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
SpringSecurity

依赖<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.sprin
复制链接

扫一扫