创建Spring Boot 项目(3)
一、添加权限框架Spring Security
(1)添加相关依赖;
第一步、在项目pom.xml文件中添加依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
(2)简单模式测试;
第二步、简单模式测试,直接访问http://localhost:8080/
(3)添加配置测试;
第三步、添加配置测试,直接访问http://localhost:8080/:
(1)创建配置类:
package com.example.Shixun1.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(new MyPasswordEncoder())
.withUser("admin")
.password(new MyPasswordEncoder().encode("123456"))
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.logout().permitAll()
.and()
.formLogin();
http.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/js/**", "/css/**", "/images/**");
}
}
(2)添加接口方法:
package com.example.Shixun1.controller;
import com.example.Shixun1.entity.SysUser;
import com.example.Shixun1.service.SysUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.PutMapping;
import org.springframework.web.bind.annotation.RestController;
import java.util.Date;
import java.util.List;
@RestController
public class SysUserController {
@Autowired
private SysUserService sysUserService;
@GetMapping("/")
public String index(){
return "欢迎访问";
}
@GetMapping("/getUser")
public SysUser getUser(Long id){
return sysUserService.getById(id);
}
@PostMapping("/addUser")
public String addUser(SysUser sysUser){
sysUser.setCreateTime(new Date());
return sysUserService.save(sysUser)? "保存成功":"保存失败";
}
@PutMapping("/updateUser")
public String updateUser(SysUser sysUser){
return sysUserService.updateById(sysUser) ? "修改成功":"修改失败";
}
@GetMapping("/list")
public List<SysUser> list(){
return sysUserService.list();
}
}
(4)添加内存账号测试;
(2)添加接口方法:
package com.example.Shixun1.config;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.passwordEncoder(new MyPasswordEncoder())
.withUser("admin")
.password(new MyPasswordEncoder().encode("123456"))
.roles("ADMIN");
}
@Override
protected void configure(HttpSecurity http) throws Exception{
http.authorizeRequests()
.antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.logout().permitAll()
.and()
.formLogin();
http.csrf().disable();
}
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/js/**", "/css/**", "/images/**");
}
}
(2)访问http://localhost:8080/getList ,输入账号ADMIN,密码123456:
(5)添加自定义密码编解码测试;
(1)创建自定义密码编解码类:
public class MyPasswordEncoder implements PasswordEncoder {
final static String ENCODER_PWD = "123456";
@Override
public String encode(CharSequence rawPassword) {
return rawPassword + ENCODER_PWD;
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return encodedPassword.equals(rawPassword+ENCODER_PWD);
}
}
(2)修改配置用户密码编解码方式:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new
MyPasswordEncoder()).withUser("admin").password(new
MyPasswordEncoder().encode("123456")).roles("ADMIN");
}
(3)访问http://localhost:8080/getList ,输入账号admin,密码123456: