Spring Security :(一) SpringSecurity的Basic模式和formLogin模式

Security有两种登陆模式:

1、Basic登陆模式

2、formLogin()登陆模式

创建一个Springboot项目

添加Pom.xml

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>2.3.1.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.example</groupId>
    <artifactId>springabc</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>springabc</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
       <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

设置端口号

server.port=8080

启动EnableWebSecurity

package com.example.springabc;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

@SpringBootApplication
@EnableWebSecurity
public class SpringabcApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringabcApplication.class, args);
    }

}

创建SecurityCofig

package com.example.springabc.securityConfig;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * @ClassName SecurityCofig
 * @Description TODO
 * @Author zhurongfei
 * @Data 2020/7/14 17:23
 * Version 1.0
 **/
@Component
public class SecurityCofig extends WebSecurityConfigurerAdapter {
    /**
     * 添加账户
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //添加用户信息和权限
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("zrf").password(new BCryptPasswordEncoder().encode("zrf")).authorities("find");//添加用户名和密码 authorities权限名称
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).authorities("insert");//添加用户名和密码 
    }

    /**
     * 拦截登陆请求
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
       http.authorizeRequests().
               antMatchers("/**d").fullyAuthenticated().and().httpBasic();
 // http.authorizeRequests().
   //            antMatchers("/**d").fullyAuthenticated().and().formLogin();
    }
}

 

然后创建Controller

package com.example.springabc.controller;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @ClassName findUser
 * @Description TODO
 * @Author zhurongfei
 * @Data 2020/7/14 17:20
 * Version 1.0
 **/
@RestController
public class findUser {

    @RequestMapping("find")
    public String find(){
        return "查询成功!有查询权限";
    }
    @RequestMapping("insert")
    public String insert(){
        return "插入成功!有权限插入";
    }
}

这就是basic模式