springboot-security注销及权限控制

新导入一个包把security和thymeleaf整合起来

<!--        thymeleaf-security整合包-->
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity5</artifactId>
            <version>3.0.4.RELEASE</version>
        </dependency>

security配置

package com.lu.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


@EnableWebSecurity
public class securityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //首页所有人都可以访问,功能页只有拥有权限的人才可以访问,下面是链式编程
        http.authorizeHttpRequests()
                .antMatchers("/").permitAll()//全都可以访问
                .antMatchers("/level1/**").hasRole("vip1")//需要一些角色可以访问
                .antMatchers("/level2/**").hasRole("vip2")
                .antMatchers("/level3/**").hasRole("vip3");
        http.formLogin();//没有权限会自动跳转到登录页面

        http.logout().deleteCookies("remove").invalidateHttpSession(true);//开启了注销功能并删除cookies和session注销默认跳到登录页面
        http.logout().logoutSuccessUrl("/");//登录成功默认跳到
    }


//        //正常这些数据应给从数据库中读取
//        //密码加密编码PasswordEncoder
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {  //AuthenticationManagerBuilder授权管理建造者
    auth.inMemoryAuthentication()   //inMemoryAuthentication()在内存中存储授权信息
            .withUser("admin").password(new BCryptPasswordEncoder().encode("12345")).roles("vip1","vip2","vip3").and()  //授权用户1信息配置
            .withUser("lu").password(new BCryptPasswordEncoder().encode("12345")).roles("vip1").and()         //授权用户2信息配置
            .withUser("lisi").password(new BCryptPasswordEncoder().encode("12345")).roles("vip2","vip3").and()             //授权用户3信息配置
            .passwordEncoder(new BCryptPasswordEncoder());
    //结不了课明天看官方文档
    }



}

controller包

package com.lu.controller;


import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class TextController {
    @RequestMapping({"/", "/index"})
    public String index() {
        return "/index";
    }

    @RequestMapping("/login")
    public String login() {
        return "views/login";
    }

//    @RequestMapping("/vs/{id1}/{id2}")
//    public String views(@PathVariable("id1") int id1,@PathVariable("id2") int id2){
//        return "views/level"+id1+"/"+id2;
//    }

    @RequestMapping("/level1/{id}")
    public String level1(@PathVariable("id") int id) {//这里写的要和前端对应不对应要报404
        return "views/level1/" + id;
    }

    @RequestMapping("/level2/{id}")
    public String level2(@PathVariable("id") int id) {
        return "views/level2/" + id;
    }

    @RequestMapping("/level3/{id}")
    public String level3(@PathVariable("id") int id) {
        return "views/level3/" + id;
    }
}

html里面的index页面

<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org"
       整合security和thymeleaf要导入的包
      xmlns:sec="http://www.thymeleaf.org/extras/spring-security"	>
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1">
    <title>首页</title>
    <!--semantic-ui-->
    <link href="https://cdn.bootcss.com/semantic-ui/2.4.1/semantic.min.css" rel="stylesheet">
    <link th:href="@{/qinjiang/css/qinstyle.css}" rel="stylesheet">
</head>
<body>

<!--主容器-->
<div class="ui container">

    <div class="ui segment" id="index-header-nav" th:fragment="nav-menu">
        <div class="ui secondary menu">
            <a class="item"  th:href="@{/index}">首页</a>

            <!--登录注销-->
            <div class="right menu">
                <!--未登录-->
                <div sec:authorize="!isAuthenticated()">
                    <a class="item" th:href="@{/toLogin}">
                        <i class="address card icon"></i> 登录
                    </a>
                </div>

                <div sec:authorize="isAuthenticated()" >
                    用户名:<span sec:authentication="name" style="display: inline"></span> &nbsp;<strong>|</strong> &nbsp;
                    角&nbsp;色:<span sec:authentication="principal.authorities" style="display: inline"></span>
                    <a class="item" th:href="@{/logout}" style="display: inline-block">
                        <i class="sign-out icon"></i> 注销
                    </a>

                </div>
            </div>

        </div>
    </div>

    <div class="ui segment" style="text-align: center">
        <h3>Spring Security Study by 鲁家见</h3>
    </div>

    <div>
        <br>
        <div class="ui three column stackable grid">
<!--            菜单根据用户的权限显示-->
            <div class="column" sec:authorize="hasRole('vip1')">
                <div class="ui raised segment">
                    <div class="ui">
                        <div class="content">
                            <h5 class="content">Level 1</h5>
                            <hr>
                            <div><a th:href="@{/level1/1}"><i class="bullhorn icon"></i> Level-1-1</a></div>
                            <div><a th:href="@{/level1/2}"><i class="bullhorn icon"></i> Level-1-2</a></div>
                            <div><a th:href="@{/level1/3}"><i class="bullhorn icon"></i> Level-1-3</a></div>
                        </div>
                    </div>
                </div>
            </div>

            <div class="column" sec:authorize="hasRole('vip2')">
                <div class="ui raised segment">
                    <div class="ui">
                        <div class="content">
                            <h5 class="content">Level 2</h5>
                            <hr>
                            <div><a th:href="@{/level2/1}"><i class="bullhorn icon"></i> Level-2-1</a></div>
                            <div><a th:href="@{/level2/2}"><i class="bullhorn icon"></i> Level-2-2</a></div>
                            <div><a th:href="@{/level2/3}"><i class="bullhorn icon"></i> Level-2-3</a></div>
                        </div>
                    </div>
                </div>
            </div>

            <div class="column" sec:authorize="hasRole('vip3')">
                <div class="ui raised segment">
                    <div class="ui">
                        <div class="content">
                            <h5 class="content">Level 3</h5>
                            <hr>
                            <div><a th:href="@{/level3/1}"><i class="bullhorn icon"></i> Level-3-1</a></div>
                            <div><a th:href="@{/level3/2}"><i class="bullhorn icon"></i> Level-3-2</a></div>
                            <div><a th:href="@{/level3/3}"><i class="bullhorn icon"></i> Level-3-3</a></div>
                        </div>
                    </div>
                </div>
            </div>

        </div>
    </div>
    
</div>


<script th:src="@{/qinjiang/js/jquery-3.1.1.min.js}"></script>
<script th:src="@{/qinjiang/js/semantic.min.js}"></script>

</body>
</html>

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值