Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。
依赖:
<!-- 接口安全 Spring security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>4.2.7.RELEASE</version>
</dependency>
Spring Security 配置文件:
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* SecurityConfig 配置文件
*
*/
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
/**
* 生成用户名和密码
*
* @param auth
* @throws Exception
*/
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//生成密码
PasswordEncoder passwordEncoder = new BCryptPasswordEncoder();
String pass = passwordEncoder.encode("111");
//用户的构建
auth.inMemoryAuthentication()
//设置用户密码的加密方式
.passwordEncoder(passwordEncoder)
//用户名
.withUser("swagger")
//密码
.password(pass)
//指定权限
.roles("SWAGGER");
}
/**
* 拦截HTTP请求
*
* @param http
* @throws Exception
*/
protected void configure(HttpSecurity http) throws Exception {
//指定拦截的请求
http.authorizeRequests()
//需要拦截的路径,指定对应角色
.antMatchers("/swagger-ui.html","/v2/api-docs").hasRole("SWAGGER")
.and()
.formLogin().permitAll();
}
}