前言
Form表单模式是SpringSecurity内置的登录页,请求接口之前先再登录页登录,虽然可以自定义页面,但是该种方式适用传统前后端不分离模式。
SpringBoot整合Form
pom.xml
<dependencies>
<!-- spring boot security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- spring boot web -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!-- spring boot 单元测试依赖 -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
</dependency>
</dependencies>
启动类
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
@SpringBootApplication
public class App{
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}
控制层
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* test 控制层
* @author terry
* @version 1.0
* @date 2022/6/10 11:26
*/
@RestController
public class TestCtrl {
@RequestMapping("/test")
public String test(){
return "success";
}
}
form 表单认证基本配置类
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
/**
* Form 基本验证
* @author terry
* @date 2022/6/10
*/
@Configuration
@EnableWebSecurity
public class FormSecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 设置拦截的资源
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
// 代表拦截所有请求,另外一种方式:(antMatchers("/**"))
.anyRequest()
.authenticated()
.and()
.formLogin();
}
/**
* 设置授权账户
* @param auth
* @throws Exception
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("terry").password("terry123").authorities("/");
}
/**
* 在Spring security 5 之后需要设置密码解析器,
* 如果不设置会报错,一般情况下会用Md5.本文采用的无密码验证
* @return
*/
@Bean
public static NoOpPasswordEncoder passwordEncoder() {
return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance();
}
}
测试
浏览器访问:http://localhost:8080/test
输入用户名:terry,密码:terry123,即可访问接口。