【Spring Security入门】05-在Spring-Boot中的应用

前言

本文作为入门级的DEMO，完全按照官网实例演示；

项目目录结构

Maven 依赖

  <parent>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-parent</artifactId>
    <version>1.4.1.RELEASE</version>
  </parent>

  <dependencies>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-web</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    <dependency>
      <groupId>org.springframework.boot</groupId>
      <artifactId>spring-boot-starter-thymeleaf</artifactId>
    </dependency>
  </dependencies>

前端页面 home.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Spring Security Example</title>
</head>
<body>
  <h1>Welcome!</h1>
  <p>Click <a th:href="@{/hello}">here</a> to see a greeting.</p>
</body>
</html>

前端页面 login.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Spring Security Example </title>
</head>
<body>
<div th:if="${param.error}">    Invalid username and password.</div>
<div th:if="${param.logout}">    You have been logged out.</div>
<form th:action="@{/login}" method="post">    
    <div><label> UserName: <input type="text" name="username"/> </label></div>
    <div><label> Password: <input type="password" name="password"/> </label></div>
    <div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>

前端页面 hello.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org">
<head>
    <title>Hello World!</title>
</head>
<body>
<h1 th:inline="text">Hello [[${#httpServletRequest.remoteUser}]]!</h1>
<form th:action="@{/logout}" method="post">
    <input type="submit" value="Sign Out"/>
</form>
</body>
</html>

启动程序 Application.java

@SpringBootApplication
public class Application {
  public static void main(String[] args) {
    SpringApplication.run(Application.class, args);
  }
}

HomeController.java

@Controller
public class HomeController {
  @RequestMapping("/")
  public String home(){
    return "home";  
  }

  @RequestMapping("/login")
  public String login(){
    return "login";
  }

  @RequestMapping("/hello")
  public String hello(){
    return "hello";
  }
}

Web安全配置 WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .antMatchers("/").permitAll()                      //请求路径"/"允许访问
        .anyRequest().authenticated()                      //其它请求都需要校验才能访问
      .and()
        .formLogin()
          .loginPage("/login")                             //定义登录的页面"/login"，允许访问
          .permitAll()
      .and()
        .logout()                                           //默认的"/logout", 允许访问
          .permitAll();
  }
  @Autowired
  public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    //在内存中注入一个用户名为anyCode密码为password并且身份为USER的对象
    auth
      .inMemoryAuthentication()
        .withUser("anyCode").password("password").roles("USER");
  }
}