依赖:
<!--Spring Security的依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--Thymeleaf Spring Security依赖-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
controller类
@Controller
public class MainController {
@GetMapping("/")
public String root() {
return "redirect:/index";
}
@GetMapping("/index")
public String index() {
return "index";
}
/**
* 获取登录界面
*
* @return
*/
@GetMapping("/login")
public String login() {
return "users/login";
}
@GetMapping("/login-error")
public String loginError(Model model) {
model.addAttribute("loginError",true);
model.addAttribute("errorMsg","登录失败,用户名或者密码错误");
return "login";
}
@GetMapping("/register")
public String register() {
return "register";
}
@GetMapping("/search")
public String search() {
return "search";
}
}
config配置
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用方法安全设置
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 方法重写
*
* @param http
* @throws Exception
*/
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/css/**","/js/**","/fonts/**","/index").permitAll()//都可以访问
.antMatchers("//**").hasRole("ADMIN")//需要相应的角色才能访问
.and()
.formLogin()//基于Form表单登录验证
.loginPage("/login").failureUrl("/login-error");//自定义登录界面
}
/**
* 认证信息管理
* @param authenticationManagerBuilder
* @throws Exception
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{
authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("wangzhou").password(new BCryptPasswordEncoder().encode("123456")).roles("ADMIN");
// authenticationManagerBuilder.inMemoryAuthentication()//认证信息存储于内存中
// .withUser("admin").password("123456").roles("ADMIN");
}
}
login.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:th="http://www.thymeleaf.org">
</head>
<body>
<div class="container blog-content-container">
<form th:action="@{/login}" method="post">
<h2 >请登录</h2>
<div class="form-group col-md-5">
<label for="username" class="col-form-label">账号</label>
<input type="text" class="form-control" id="username" name="username" maxlength="50" placeholder="请输入账号">
</div>
<div class="form-group col-md-5">
<label for="password" class="col-form-label">密码</label>
<input type="password" class="form-control" id="password" name="password" maxlength="30" placeholder="请输入密码" >
</div>
<div class="form-group col-md-5">
<input type="checkbox" name="remember-me"> 记住我
</div>
<div class="form-group col-md-5">
<button type="submit" class="btn btn-primary">登录</button>
</div>
<div class=" col-md-5" th:if="${loginError}">
<p class="blog-label-error" th:text="${errorMsg}"></p>
</div>
</form>
</div> <!-- /container -->
</body>
</html>
index.html
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<head >
</head>
<body>
<!-- Page Content -->
<div class="container blog-content-container">
<!--<div sec:authentication="isAuthenticated()">-->
<p>已有用户登录</p>
<p>登录的用户为:<span sec:authentication="name"></span></p>
<p>用户角色为:<span sec:authentication="principal.authorities"></span></p>
</div>
<!--<div sec:authentication="isAnonymous()">-->
<!--<p>未有用户登录</p>-->
</div>
</div>
<!-- /.container -->
</body>
</html>
结果在登录页面输入admin,123456
得到