Spring Securit学习笔记之整合Spring Boot

最新推荐文章于 2024-05-14 09:16:51 发布

IT小浣熊

最新推荐文章于 2024-05-14 09:16:51 发布

阅读量416

点赞数

分类专栏： Spring 文章标签： Spring Security Spring Boot Spring Security配置类

本文链接：https://blog.csdn.net/qq_43225978/article/details/88747913

版权

Spring 专栏收录该内容

10 篇文章 0 订阅

订阅专栏

文章目录

Spring Securit学习笔记之整合Spring Boot

Spring Securit学习笔记之整合Spring Boot

1. 创建Spring Boot项目，配置pom.xml

	......
	<properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
    <maven.compiler.source>1.7</maven.compiler.source>
    <maven.compiler.target>1.7</maven.compiler.target>

    <!-- 修改 thymeleaf 的版本 -->
    <thymeleaf.version>3.0.2.RELEASE</thymeleaf.version>
    <thymeleaf-layout-dialect.version>2.0.4</thymeleaf-layout-dialect.version>
  </properties>

  <!-- Spring Boot 父工程 -->
  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.5.4.RELEASE</version>
  </parent>

  <dependencies>
    <!-- web 支持，SpringMVC， Servlet 支持等 -->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <!-- thymeleaf -->
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
  </dependencies>
  ......

2. 编写 SpringBoot 启动类

package com.example;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;

@SpringBootApplication
public class SpringSecuritySBApplication {
    public static void main(String[] args) {
        SpringApplication.run(SpringSecuritySBApplication.class,args);
    }
}

3. 编写 SpringSecurityConfig 配置类

1. 导入Spring Security坐标

        <!-- Spring Security -->
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-web</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>

        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-config</artifactId>
            <version>4.2.3.RELEASE</version>
        </dependency>

2. 整合 Spring Security - HttpBasic 权限实现

package com.example.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity      //启动 SpringSecurity 过滤器链
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


    //该方法的作用就是代替之前配置：<security:http>
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/**")
                .fullyAuthenticated()
                .and()
                
                .httpBasic()  //HttpBasic 权限实现
        ;
    }

    //该方法的作用就是代替之前配置：<security:authentication-manager>
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("123456").authorities("PRODUCT_ADD");
    }
}

3. 整合 Spring Security - FormLogin 权限实现

package com.example.config;

import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity      //启动 SpringSecurity 过滤器链
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


    //该方法的作用就是代替之前配置：<security:http>
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/**")
                .fullyAuthenticated()
                .and()
                
                .formLogin()	//formLogin 权限实现
        ;
    }

    //该方法的作用就是代替之前配置：<security:authentication-manager>
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().withUser("user").password("123456").authorities("PRODUCT_ADD");
    }
}

4. 编写Controller

MainController.java

package com.example.controller;

import org.springframework.web.bind.annotation.RequestMapping;

public class MainController {

    @RequestMapping("index")
    public String index(){
        return "index";
    }
}

ProductController.java

package com.example.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
@RequestMapping("product")
public class ProductController {
    @RequestMapping("add")
    public String add(){
        return "product/add";
    }
    @RequestMapping("update")
    public String update(){
        return "product/update";
    }
    @RequestMapping("delete")
    public String delete(){
        return "product/delete";
    }
    @RequestMapping("list")
    public String list(){
        return "product/list";
    }
}