08-Springboot_security

最新推荐文章于 2024-06-16 14:01:36 发布

Write less Do more

最新推荐文章于 2024-06-16 14:01:36 发布

阅读量127

点赞数

分类专栏： Springboot 文章标签： spring boot

本文链接：https://blog.csdn.net/qq_43416276/article/details/105278490

版权

Springboot 专栏收录该内容

9 篇文章 0 订阅

订阅专栏

Springboot_security

1、配置

#关闭模板引擎，方便调试，不然每次都要重启
spring.thymeleaf.cache=false

2、依赖

<!--thymeleaf-->
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-springsecurity5</artifactId>
    <version>3.0.4.RELEASE</version>
</dependency>

<dependency>
    <groupId>org.thymeleaf</groupId>
    <artifactId>thymeleaf-spring5</artifactId>
</dependency>
<dependency>
    <groupId>org.thymeleaf.extras</groupId>
    <artifactId>thymeleaf-extras-java8time</artifactId>
</dependency>
<!--security-->
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-web</artifactId>
</dependency>

3、SecurityConfig

package com.xd.config;

import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /*链式编程*/
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        /*权限规则*/
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/level1/**").hasRole("vip1")
                .antMatchers("/level2/**").hasRole("vip2")
                .antMatchers("/level3/**").hasRole("vip3");
        /*2、定制登录界面*/
        http.formLogin().loginPage("/toLogin").usernameParameter("username").passwordParameter("password").loginProcessingUrl("/login");
        /*没有权限立马跳到登录界面*/
        http.formLogin();
        /*开启注销功能,跳首页*/
        http.logout().logoutSuccessUrl("/");
        /*防止网站攻击*/
        http.csrf().disable();/*springboot 默认为开启，现在设置为关闭状态*/
        /*开启记住我功能,默认两周，自定义接收前端参数*/
        http.rememberMe().rememberMeParameter("remember");
    }

    /*认证，springboot 2.1.X 可以直接使用
    * 密码编码：PasswordEncoder 就是加密
    * 在Spring Security 5.0+ 新增了很多加密的方法 md5 等等  不加密就任务明文密码不安全，能被反编译。
    * */

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("xd").password(new BCryptPasswordEncoder().encode("222")).roles("vip2","vip3")
                .and()
                .withUser("root").password(new BCryptPasswordEncoder().encode("222")).roles("vip1","vip2","vip3")
                .and()
                .withUser("xdd").password(new BCryptPasswordEncoder().encode("222")).roles("vip1");
    }
}

4、配置路由

package com.xd.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class RouterController {
    /*跳首页*/
    @RequestMapping({"/","/index"})
    public String index(){
        return "index";
    }
    /*去登录界面*/
    @RequestMapping("/toLogin")
    public String toLogin(){
        return "views/login";
    }
    /*九个页面合成三个restful风格*/
    @RequestMapping("/level1/{id}")
    public String level1(@PathVariable("id") Integer id){
        return "views/level1/"+id;
    }
    @RequestMapping("/level2/{id}")
    public String level2(@PathVariable("id") Integer id){
        return "views/level2/"+id;
    }
    @RequestMapping("/level3/{id}")
    public String level3(@PathVariable("id") Integer id){
        return "views/level3/"+id;
    }
}

5、前端归纳

<!--未登录：只显示登录按钮   isAuthenticated:用户登录了就显示-->
<div sec:authorize="!isAuthenticated()">
<!--已登录：用户名+注销-->
    <a class="item" >
        用户名：<span sec:authentication="name"></span>  <!--获取用户的名字-->
        角色：<span sec:authentication="principal.authorities"></span><!--获取用户的权限-->
    </a>
    
    <div class="column" sec:authorize="hasRole('vip1')" > <!--如果是vip1权限就显示出来-->