SpringSecurity:
1.WebSecurityConfigurereAdapter 自定义Security策略
2.AutherticationManagerBuilder 自定义认证策略
3.@EnableWebSecutity 开始交给Spring托管 开启WebSecurity模式
SpringSecurity的两个主要目标是认证和授权
认证:Authentication
授权:Authorization
SpringSecurity主要是横切 AOP思想
@EnableWebSecurity
public class MyWebSecourity extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//请求授权的规则
//首页所有人可以访问,功能页只有对应的人才可以访问
//authorize认证:Requests请求
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
http.csrf().disable();
http.formLogin().loginPage("toLogin");
http.logout().logoutSuccessUrl("/");
http.rememberMe().rememberMeParameter("remember");
}
}
在Controller中进行设置
@Controller
public class RouterController {
@RequestMapping({"/","/index"})
public String index(){
return "index";
}
@RequestMapping("toLogin")
public String toLogin(){
return "views/login";
}
@RequestMapping("/level1/{id}")
public String level1(@PathVariable("id")Integer id){
return "views/level1/"+id;
}
@RequestMapping("/level2/{id}")
public String level2(@PathVariable("id")Integer id){
return "views/level2/"+id;
}
//从URL中获取参数 用PathVariable
@RequestMapping("/level3/{id}")
public String level3(@PathVariable("id")Integer id){
return "views/level3/"+id;
}
}
在SpringSecurity中会遇到一些字符编码的问题
//认证规则
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("yanwei").password(new BCryptPasswordEncoder().encode("123321")).roles("vip2","vip3").and()
.withUser("ddd").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1").and()
.withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");
}
在thymeleaf中 需要显示登录和注销
如果是已登录的状态则显示对应的界面
<div sec:authorize="!isAuthenticated()">
<!--未登录-->
<a class="item" th:href="@{/toLogin}">
<i class="address card icon"></i> 登录
</a>
</div>
<!--已登录-->
<div sec:authorize="isAuthenticated()">
<a class="item">
用户名: <span sec:authentication="name"></span>
</a>
</div>
<div sec:authorize="isAuthenticated()">
<a class="item" th:href="@{/logout}">
<i class="sign-out icon"></i> 注销
</a>
</div>
如果想显示对应的界面
<!--显示对应对应的权限的用户可看到的-->
<div class="column" sec:authorize="hasRole('vip1')">
<div class="ui raised segment">
<div class="ui">
<div class="content">
<h5 class="content">Level 1</h5>
<hr>
<div><a th:href="@{/level1/1}"><i class="bullhorn icon"></i> Level-1-1</a></div>
<div><a th:href="@{/level1/2}"><i class="bullhorn icon"></i> Level-1-2</a></div>
<div><a th:href="@{/level1/3}"><i class="bullhorn icon"></i> Level-1-3</a></div>
</div>
</div>
</div>