基于内存
使用自定义适配器SecurityConfiguration类实现WebSecurityConfigurerAdapter父类,覆盖两个方法,在configure中
- 授予用户名和密码
- 授予用户对应的角色
package com.pug.security.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
// 认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 基于内存授权
String password = passwordEncoder().encode("123456");
auth.inMemoryAuthentication()
.withUser("admin").password(password).roles("Admin")
// 下一个配置
.and()
.withUser("yykk").password(password).roles("User");
}
@Override
public void configure(WebSecurity web) throws Exception {
super.configure(web);
}
// 配置一个密码的加密器
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
package com.ksd.pug.controller;
import com.ksd.pug.pojo.LoginUser;
import com.ksd.pug.service.user.IUserService;
import com.pug.commons.anno.PugLog;
import com.pug.commons.anno.PugRateLimiter;
import lombok.RequiredArgsConstructor;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequiredArgsConstructor
public class IndexController {
private final IUserService userService;
@GetMapping("/getuser/{id}")
@PugLog
public LoginUser getUser(@PathVariable("id") Long id) {
return userService.getById(id);
}
@GetMapping("/index")
@PugRateLimiter(limit = 3, timeout = 1)
@PugLog
public String index() {
return "Hello springboot!!!";
}
}
小结
-
默认情况下:springsecurity对所有的请求都是拦截的
-
如果要放开需要进行配置
webSecurity.ignoring().antMatchers("/index", "/js/**","/css/**","/fonts/**","/images/**","/img/**");
后续也可以在授权的时候放开。
-
基于内存的方式授权用户和密码:使用场景
-
项目单一简单