1.pom文件
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.1.RELEASE</version>
<relativePath /> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>SpringBoot_Security</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>SpringBoot_Security</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- <dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-core</artifactId>
</dependency> -->
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
<exclusions>
<exclusion>
<groupId>org.junit.vintage</groupId>
<artifactId>junit-vintage-engine</artifactId>
</exclusion>
</exclusions>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
2.Securityconfig配置类
package com.ying.securityconfig;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {
@Bean
public BCryptPasswordEncoder getBCryptPasswordEncoder() {
return new BCryptPasswordEncoder();
}
@Autowired
BCryptPasswordEncoder BCrypt;
@Autowired
public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {
System.out.println("11111111111111111111");
auth.inMemoryAuthentication()
.passwordEncoder(BCrypt).withUser("ying")
.password(BCrypt.encode("123"))
.roles("user")
.and().passwordEncoder(BCrypt).withUser("yingying")
.password(BCrypt.encode("123"))
.roles("ADMIN")
.and().passwordEncoder(BCrypt).withUser("yingbao")
.password(BCrypt.encode("123"))
.roles("all","adminn");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin();
http.authorizeRequests().antMatchers("/", "/select").permitAll();
http.authorizeRequests().antMatchers("/insert", "/update", "/delete").hasRole("ADMIN");
http.authorizeRequests().anyRequest().authenticated();
http.headers().frameOptions().disable();
http.csrf().disable();
http.rememberMe().rememberMeParameter("remeber");
http.logout().logoutSuccessUrl("/");
}
}
3.controller类
package com.ying.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class MyController {
@GetMapping("/select")
public String select() {
System.out.println("select");
return "select";
}
@GetMapping("/insert")
public String insert() {
System.out.println("insert");
return "insert";
}
@GetMapping("/update")
public String update() {
System.out.println("update");
return "update";
}
@GetMapping("/delete")
public String delete() {
System.out.println("delete");
return "delete";
}
}
4.application.properties配置用户名和密码以及权限
#spring.security.user.name=ying
#spring.security.user.password=123
#spring.security.user.roles=admin