全部代码地址:
https://github.com/pshdhx/security-springmvc-pshdhx.git
首先,拦截用户的请求就不用web.xml或者是spring-mvc.xml来做了。直接上security的配置文件;
/** * security配置 */ @EnableWebSecurity public class WebSecurityConfig extends WebSecurityConfigurerAdapter { //配置用户信息服务 @Bean public UserDetailsService userDetailsService() { InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); manager.createUser(User.withUsername("zhangsan").password("123").authorities("p1").build()); manager.createUser(User.withUsername("lisi").password("456").authorities("p2").build()); return manager; } @Bean public PasswordEncoder passwordEncoder() { return NoOpPasswordEncoder.getInstance(); } //配置安全拦截机制 @Override protected void configure(HttpSecurity http) throws Exception { //访问此处拦截到的登录界面?? http .authorizeRequests() .antMatchers("/r/r1").hasAuthority("p1") .antMatchers("/r/r2").hasAuthority("p2") .antMatchers("/r/**").authenticated() .anyRequest().permitAll() .and() .formLogin().successForwardUrl("/login‐success"); } } |
注意点:
- security的配置文件加注解:@EnableWebSecurity
- 配置用户信息服务(用户名,密码,权限)
- 配置密码加密方式
- 配置安全拦截机制
Spring容器初始化加载security配置文件;
//spring容器,相当于加载 applicationContext.xml,加载配置类。 @Override protected Class<?>[] getRootConfigClasses() { //return new Class[]{ApplicationConfig.class}; return new Class<?>[] { ApplicationConfig.class, WebSecurityConfig.class}; } |
Security初始化;
/** * 初始化security */ //初始化类不需要注释 public class SpringSecurityApplicationInitializer extends AbstractSecurityWebApplicationInitializer { public SpringSecurityApplicationInitializer() { // 如果配置了spring容器初始化,此处注释即可。因为spring初始化加载了webSecurityConfig.class; //super(WebSecurityConfig.class); } } |