maven所需要的依赖上章已经说过这章不做解释
所谓的内存用户就是将用户账号密码写死在代码中,这种方法适合刚接触security的同学,毕竟学习是需要徐徐渐进的嚒。
好了话不多说直接撸代码
1.新建WebSecurityConfig.java 并继承WebSecurityConfigurerAdapter类
代码如下
package com.hutian.security.config;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @author hutian
* @date 2020/7/25 10:11
*/
@EnableWebSecurity //开启security
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//配置访问策略
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.formLogin() //设置默认登陆页面
.failureForwardUrl("/error") //设置登录失败路由的url
.defaultSuccessUrl("/success") //设置登录成功的路由url
.permitAll(); //访问权限所有
super.configure(http);
}
//配置内存用户
@Autowired
protected void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth
.inMemoryAuthentication()
.withUser("zhangsan").password("zspswd").roles("ADMIN")
.and()
.withUser("lisi").password("lspswd").roles("USER");
}
//密码明文处理
@SuppressWarnings("deprecation")
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
2.登录成功或者失败的controller代码如下
package com.hutian.security;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author hutian
* @date 2020/7/25 10:15
*/
@SpringBootApplication
@RestController
public class Security {
public static void main(String[] args) {
SpringApplication.run(Security.class, args);
}
@GetMapping("error")
public String error() {
String msg = "登录失败===============";
return msg;
}
@GetMapping("success")
public String success() {
String msg = "登录成功===============";
return msg;
}
}
3.基于内存用户的配置这里已经配置完成,下面实际操作一波
1启动springboot项目,访问localhost:8080
2输入上面自己配置的账号密码如zhangsan/zspswd然后就会跳转登录成功的页面
ok基于内存的用户这篇已经讲完了,后续会慢慢更新出基于数据库配置用户权限的文章,谢谢大家