接着上一节的代码,这部分是做简单的权限控制
package com.example.springabc.securityConfig;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;
/**
* @ClassName SecurityCofig
* @Description TODO
* @Author zhurongfei
* @Data 2020/7/14 17:23
* Version 1.0
**/
@Component
public class SecurityCofig extends WebSecurityConfigurerAdapter {
/**
* 添加账户
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//添加用户信息和权限
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("zrf").password(new BCryptPasswordEncoder().encode("zrf")).authorities("find","insert");//添加用户名和密码 authorities权限名称
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).authorities("insert");//添加用户名和密码
}
/**
* 拦截登陆请求
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
// http.authorizeRequests().
// antMatchers("/**d").fullyAuthenticated().and().httpBasic();
http.authorizeRequests().
antMatchers("/find").hasAnyAuthority("find").
antMatchers("/insert").hasAnyAuthority("insert").
antMatchers("/**").fullyAuthenticated().and()
.formLogin();
}
}
package com.example.springabc.securityConfig;
import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.ErrorPage;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
/**
* @ClassName WebServletConfig
* @Description TODO
* @Author zhurongfei
* @Data 2020/7/15 9:32
* Version 1.0
**/
@Configuration
public class WebServletConfig {
@Bean
public ConfigurableServletWebServerFactory webServerFactory(){
TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
ErrorPage errorPage400 = new ErrorPage(HttpStatus.BAD_REQUEST,"/error/400");
ErrorPage errorPage401 = new ErrorPage(HttpStatus.UNAUTHORIZED,"/error/401");
ErrorPage errorPage403 = new ErrorPage(HttpStatus.FORBIDDEN,"/error/403");
ErrorPage errorPage404 = new ErrorPage(HttpStatus.NOT_FOUND,"/error/404");
ErrorPage errorPage415 = new ErrorPage(HttpStatus.UNSUPPORTED_MEDIA_TYPE,"/error/415");
ErrorPage errorPage500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR,"/error/500");
factory.addErrorPages(errorPage400,errorPage401,errorPage403,errorPage404,errorPage415,errorPage500);
return factory;
}
}
package com.example.springabc.controller.error;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @ClassName errorController
* @Description TODO
* @Author zhurongfei
* @Data 2020/7/15 9:39
* Version 1.0
**/
@RestController
public class errorController {
@RequestMapping("/error/400")
public String error400(){
return "无法找到该网页!";
}
@RequestMapping("/error/401")
public String error401(){
return "未经授权,访问由于服务器配置被拒绝。";
}
@RequestMapping("/error/403")
public String error403(){
return "该用户可能权限不足,访问被禁止!";
}
@RequestMapping("/error/404")
public String error404(){
return "找不到页面!";
}
@RequestMapping("/error/415")
public String error415(){
return "找不到页面!";
}
@RequestMapping("/error/500")
public String error500(){
return "服务器内部出错,请稍后重试!";
}
}
像这些代码最好不要写,只记录下来,因为写了一样忘,只要能看懂,就行