一:首先在pom.xml中添加security依赖
<!-- security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
二:新建security包在该包下新建springSecurityConfig,MyPasswordEncoder,ErrorPageConfig配置类。三个类的具体作用在里面有解释。
package com.yty.demo.security;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* 配置类
*/
@Configuration
@EnableWebSecurity//启动springsecurity过滤器
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//super.configure(auth);
/**
* auth.inMemoryAuthentication()
* .withUser("eric")
* .password("123456")
* .authorities("Appauthor_ADD");
*/
//这样,页面提交时候,密码以明文的方式进行匹配。
auth.inMemoryAuthentication()
.passwordEncoder(new MyPasswordEncoder())
.withUser("eric")
.password("123456")
.authorities("Appauthor_ADD","Appauthor_UPDATE");
}
/**
* 设置所有资源都需要认证
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
http.authorizeRequests()
.antMatchers("/appauthor/add").hasAnyAuthority("Appauthor_ADD")
.antMatchers("/appauthor/update").hasAnyAuthority("Appauthor_UPDATE")
.antMatchers("/appauthor/delete").hasAnyAuthority("Appauthor_DELETE")
.antMatchers("/appauthor/list").hasAnyAuthority("Appauthor_LIST")
.antMatchers("/login").permitAll()
.antMatchers("/**")
.fullyAuthenticated()
.and()
.formLogin()
.loginPage("/login")//修改登录页
.and()
.csrf().disable();//关闭跨站拦截请求
//.httpBasic();//最基础的http页面请求拦截
}
}
package com.yty.demo.security;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* 设置前台用户名和密码到后台明文验证
*/
public class MyPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
System.out.println(charSequence.toString());
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}
package com.yty.demo.security;
import org.springframework.boot.web.server.ErrorPage;
import org.springframework.boot.web.server.ErrorPageRegistrar;
import org.springframework.boot.web.server.ErrorPageRegistry;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
@Configuration
public class ErrorPageConfig implements ErrorPageRegistrar {
/**
*参数一:HttpStatus.BAD_REQUEST:该错误接受什么错误代码
* 参数二:交给那个错误请求
* @param registry
*/
@Override
public void registerErrorPages(ErrorPageRegistry registry) {
ErrorPage error400Page=new ErrorPage(HttpStatus.BAD_REQUEST,"/400" );
ErrorPage error403Page=new ErrorPage(HttpStatus.FORBIDDEN,"/403" );
ErrorPage error401Page=new ErrorPage(HttpStatus.UNAUTHORIZED,"/401");
ErrorPage error500Page=new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR,"/500");
registry.addErrorPages(error400Page,error403Page,error401Page,error500Page);
}
}
三:包结构如下:
![](https://img-blog.csdnimg.cn/20200420153115124.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzM5MzA5MDYw,size_16,color_FFFFFF,t_70)
四:踩坑记录:前台对login的请求要加post请求方式
![](https://img-blog.csdnimg.cn/20200420153452942.png?x-oss-process=image/watermark,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3FxXzM5MzA5MDYw,size_16,color_FFFFFF,t_70)