依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring5</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-java8time</artifactId>
</dependency>
<!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity5 -->
<!-- thymeleaf整合security-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
前端导入
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<!--未登录显示登录-->
<div sec:authorize="!isAuthenticated()"><a th:href="@{/login}">登录</a></div>
index
获取登录的用户名2.0.7boot版本
<div sec:authorize="isAuthenticated()">
用户名:<span sec:authentication="name"></span>
<!-- 角色:<span sec:authentication="principal.getAuthorities()"></span>-->
</div>
<!--已登录显示注销-->
<div sec:authorize="isAuthenticated()"><a th:href="@{/logout}">注销</a></div>
<div sec:authorize="hasAnyRole('vip1')">
<a th:href="@{level1/1}">1-1</a>
<a th:href="@{level1/2}">1-2</a>
<a th:href="@{level1/3}">1-3</a>
</div>
<div sec:authorize="hasAnyRole('vip2')">
<a th:href="@{level2/1}">2-1</a>
<a th:href="@{level2/2}">2-2</a>
<a th:href="@{level2/3}">2-3</a>
</div>
<div sec:authorize="hasAnyRole('vip3')">
<a th:href="@{level3/1}">3-1</a>
<a th:href="@{level3/2}">3-2</a>
<a th:href="@{level3/3}">3-3</a>
</div>
</body>
</html>
代码
package com.example.springsecurity.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import javax.sql.DataSource;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//授权
//链式编程
@Override
protected void configure(HttpSecurity http) throws Exception {
//首页所有人都可以访问,功能页只有对应有权限的人才能访问
//请求授权规则
http.authorizeRequests().antMatchers("/").permitAll()
//vip1能访问/level1/**
.antMatchers("/level1/**").permitAll()
//vip2能访问/level2/**
.antMatchers("/level2/**").hasRole("vip2")
//vip3能访问/level3/**
.antMatchers("/level3/**").hasRole("vip3");
//没权限跳到login页面
http.formLogin().loginPage("/toLogin").usernameParameter("username").passwordParameter("pwd").loginProcessingUrl("login");//设置登录提交页loginPage
// loginProcessingUrl("login") 登录页面usernameParameter("username").passwordParameter("pwd")自定义接受前端传来的参数
//注销
// deleteCookies("remove")清除Cookies
// invalidateHttpSession(true) 清除session
//logoutUrl("/")指定页面
// logoutSuccessUrl("/") 注销成功后跳转页面
http.csrf().disable();//防止网站工具:get post 默认开启防止攻击 关闭csrf
http.logout().logoutSuccessUrl("/");
// 开启记住我 cookie实现,默认保存两周 自定义接受前端传来的数据(remember)
http.rememberMe().rememberMeParameter("remember");
}
//认证
//密码编码PasswordEncoder
//SpringSecurity 5.+新增了很多方法
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.jdbcAuthentication();数据库里面拿
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("admin").password(new BCryptPasswordEncoder().encode("123")).roles("vip3", "vip2")
//通过.and()继续写下一个用户
.and().withUser("root").password(new BCryptPasswordEncoder().encode("123")).roles("vip1", "vip2", "vip3");
/* @Autowired
DataSource dataSource; 要注入DataSource才能进行操作*/
//auth.jdbcAuthentication().dataSource(dataSource).withDefaultSchema().withUser("").password("");
}
}