Spring Security 简单入门

简介

Spring Security是一个功能强大、高度可定制的身份验证和访问控制框架。它实际上是保护基于Spring的应用程序的标准，Spring安全性是一个专注于为Java应用程序提供身份验证和授权的框架。与所有Spring项目一样，Spring安全的真正威力在于它可以很容易地被扩展以满足定制需求
简单来说就是做认证很授权的

实践

1. 创建springboot项目(本人使用了模板引擎thymeleaf：所以在application.properties中配置如下信息）
   
   
2. 引入相关依赖

  <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
            <exclusions>
                <exclusion>
                    <groupId>org.junit.vintage</groupId>
                    <artifactId>junit-vintage-engine</artifactId>
                </exclusion>
            </exclusions>
        </dependency>
        <dependency>
            <groupId>org.springframework.security</groupId>
            <artifactId>spring-security-test</artifactId>
            <scope>test</scope>
        </dependency>

3. 自定义配置类SecurityConfig继承WebSecurityConfigurerAdapter并重写configure（）方法

package com.example.demo.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    //授权
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //链式编程
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/test1").hasRole("vip1")
                .antMatchers("/test2").hasRole("vip2")
                .antMatchers("/test3").hasRole("vip3");
        //没权限就到默认登录页
        http.formLogin();

        //注销用户信息
        http.logout();

    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("zhangsan").password(new BCryptPasswordEncoder().encode("1234")).roles("vip1")
                .and()
                .withUser("lisi").password(new BCryptPasswordEncoder().encode("1234")).roles("vip2")
                .and().withUser("root").password(new BCryptPasswordEncoder().encode("1234")).roles("vip1","vip2","vip3");

    }
}

4. 控制层

package com.example.demo.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;

@Controller
public class TestController {

    @GetMapping("/test1")
    public String test1(){
        return "1";
    }
    @GetMapping("/test2")
    public String test2(){
        return "2";
    }
    @GetMapping("/test3")
    public String test3(){
        return "3";
    }
}

5. 自定义html页面
   

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
页面1
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
页面2
</body>
</html>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body>
页面3
</body>
</html>

6. 启动项目测试
   浏览器中输入localhost:8080/test[n] 会进入到登录页面进行登录
   
   登录成功进入此页面

没有权限

再次启动项目以root登录