SpringbootSecurity

最新推荐文章于 2024-10-17 10:27:13 发布

菜到没朋友

最新推荐文章于 2024-10-17 10:27:13 发布

阅读量144

点赞数

分类专栏： Spring boot Security java 文章标签： java SpringbootSecurity

本文链接：https://blog.csdn.net/qq_35909489/article/details/103264714

版权

Spring boot 同时被 3 个专栏收录

8 篇文章 0 订阅

订阅专栏

java

8 篇文章 0 订阅

订阅专栏

Security

1 篇文章 0 订阅

订阅专栏

1.pom文件

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
	<modelVersion>4.0.0</modelVersion>
	<parent>
		<groupId>org.springframework.boot</groupId>
		<artifactId>spring-boot-starter-parent</artifactId>
		<version>2.2.1.RELEASE</version>
		<relativePath /> <!-- lookup parent from repository -->
	</parent>
	<groupId>com.example</groupId>
	<artifactId>SpringBoot_Security</artifactId>
	<version>0.0.1-SNAPSHOT</version>
	<name>SpringBoot_Security</name>
	<description>Demo project for Spring Boot</description>

	<properties>
		<java.version>1.8</java.version>
	</properties>

	<dependencies>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-thymeleaf</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-web</artifactId>
		</dependency>
<!-- 		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-core</artifactId>
		</dependency> -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-web</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-config</artifactId>
		</dependency>
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-test</artifactId>
			<scope>test</scope>
			<exclusions>
				<exclusion>
					<groupId>org.junit.vintage</groupId>
					<artifactId>junit-vintage-engine</artifactId>
				</exclusion>
			</exclusions>
		</dependency>
	</dependencies>

	<build>
		<plugins>
			<plugin>
				<groupId>org.springframework.boot</groupId>
				<artifactId>spring-boot-maven-plugin</artifactId>
			</plugin>
		</plugins>
	</build>

</project>

2.Securityconfig配置类

package com.ying.securityconfig;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
public class SecurityConfiguration extends WebSecurityConfigurerAdapter  {

	@Bean
	public BCryptPasswordEncoder getBCryptPasswordEncoder() {
		return new BCryptPasswordEncoder();
	}

	@Autowired
	BCryptPasswordEncoder BCrypt;

	@Autowired
	public void globalUserDetails(AuthenticationManagerBuilder auth) throws Exception {

		System.out.println("11111111111111111111");
		auth.inMemoryAuthentication()
			//设置用户
			.passwordEncoder(BCrypt).withUser("ying")
			//设置密码
			.password(BCrypt.encode("123"))
			//该用户拥有的权限
			.roles("user")
			
			.and().passwordEncoder(BCrypt).withUser("yingying")
			.password(BCrypt.encode("123"))
			.roles("ADMIN")
			
			.and().passwordEncoder(BCrypt).withUser("yingbao")
			.password(BCrypt.encode("123"))
			.roles("all","adminn");

	}
	
	
	@Override
	protected void configure(HttpSecurity http) throws Exception {

		// 开启登录拦截,自己的login页面
		http.formLogin();
		
		//自定义login页面,参数名称
		//http.formLogin().usernameParameter("user").passwordParameter("pwd").loginPage("/CustomPage");
		
		// 设置以下请求不需要验证身份
		// ("/","/select") 需要和你controller的地址配置@GetMapping("/select")
		// ("/","/select") @GetMapping("select") 这样无法匹配 请求地址必须一致
		http.authorizeRequests().antMatchers("/", "/select").permitAll();

		// 设置以下请求需要用户有ADMIN权限才能访问
		http.authorizeRequests().antMatchers("/insert", "/update", "/delete").hasRole("ADMIN");

		// 除"/","select")之外其他请求都需要身份验证
		http.authorizeRequests().anyRequest().authenticated();

		//配置SpringSecurity允许使用ifrme嵌入页面
		http.headers().frameOptions().disable();
		
		//跨站请求伪造的防护
		http.csrf().disable();
		
		// 开启记住我功能
		http.rememberMe().rememberMeParameter("remeber");

		// 注销成功以后来到首页
		/*
		 * <html xmlns:th="http://www.thymeleaf.org"
		 * 		xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"> 
		 * 
		 * <form th:action="@{/logout}" method="post"> 
		 * 		<input type="submit" value="注销" />
		 * </form>
		 */
		http.logout().logoutSuccessUrl("/");

	}

}

3.controller类

package com.ying.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
public class MyController {

	@GetMapping("/select")
	public String select() {
		System.out.println("select");
		return "select";
	}

	@GetMapping("/insert")
	public String insert() {
		System.out.println("insert");
		return "insert";
	}

	@GetMapping("/update")
	public String update() {
		System.out.println("update");
		return "update";
	}

	@GetMapping("/delete")
	public String delete() {
		System.out.println("delete");
		return "delete";
	}

}

4.application.properties配置用户名和密码以及权限

#spring.security.user.name=ying
#spring.security.user.password=123
#spring.security.user.roles=admin

菜到没朋友

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
复制链接

分享到 QQ

分享到新浪微博

扫一扫

专栏目录