接下来是我们第一步接触SpringSecurity,还是按照我们程序dog(手动滑稽)的老规矩,先来一个hello world!让我们初识Security。
1、首先创建一个Spring Boot 项目,具体创建过程我就不详细说明了,如果使用IDEA那么操作流程为:
file->new->project 然后在弹窗左侧选择Spring Initializr,然后在左侧选择好JDK以后直接下一步,按照自己的需求填好相关数据,最后一步选择Web就ok了。然后点击确定就可以生成一个spring boot项目。
2、添加controller包并新建SecurityController类,并新建一个测试接口
package com.sylvan.controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
/**
* @author sylvan
* @create 2019-01-08 9:10
**/
@RestController
public class SecurityController {
@GetMapping("/test")
public String getTest() {
return "hello security";
}
}
接下来在pom.xml中添加security的配置、也可以直接去maven中央仓库找spring-boot-starter-security最新版来进行配置
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
下一步运行程序,我们可以在运行日志中发现一些东西
Connected to the target VM, address: '127.0.0.1:57359', transport: 'socket'
. ____ _ __ _ _
/\\ / ___'_ __ _ _(_)_ __ __ _ \ \ \ \
( ( )\___ | '_ | '_| | '_ \/ _` | \ \ \ \
\\/ ___)| |_)| | | | | || (_| | ) ) ) )
' |____| .__|_| |_|_| |_\__, | / / / /
=========|_|==============|___/=/_/_/_/
:: Spring Boot :: (v2.1.1.RELEASE)
2019-01-08 16:07:24.610 INFO 23736 --- [ main] com.sylvan.SylvanApplication : Starting SylvanApplication on LAPTOP-UHSIN8VV with PID 23736 (D:\workspace\sylvan\target\classes started by linzc in D:\workspace\sylvan)
2019-01-08 16:07:24.619 INFO 23736 --- [ main] com.sylvan.SylvanApplication : No active profile set, falling back to default profiles: default
2019-01-08 16:07:26.382 INFO 23736 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat initialized with port(s): 8080 (http)
2019-01-08 16:07:26.408 INFO 23736 --- [ main] o.apache.catalina.core.StandardService : Starting service [Tomcat]
2019-01-08 16:07:26.408 INFO 23736 --- [ main] org.apache.catalina.core.StandardEngine : Starting Servlet Engine: Apache Tomcat/9.0.13
2019-01-08 16:07:26.416 INFO 23736 --- [ main] o.a.catalina.core.AprLifecycleListener : The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: [C:\Program Files\Java\jdk1.8.0_102\bin;C:\WINDOWS\Sun\Java\bin;C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files (x86)\Intel\iCLS Client\;C:\Python27\;C:\Python27\Scripts;C:\app\linzc\product\11.2.0\dbhome_2\bin;C:\Program Files\Java\jdk1.8.0_102\bin;C:\Program Files\Java\jdk1.8.0_102\jre\bin;C:\Program Files\Intel\iCLS Client\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\soft\work\Git\cmd;C:\app\linzc\product\11.2.0\dbhome_2\BIN;C:\Program Files\MySQL\MySQL Utilities 1.6\;C:\Program Files\nodejs\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Go\bin;C:\Users\linzc\AppData\Local\Microsoft\WindowsApps;C:\Users\linzc\AppData\Roaming\npm;D:\soft\work\Microsoft VS Code\bin;C:\Users\linzc\go\bin;.]
2019-01-08 16:07:26.524 INFO 23736 --- [ main] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring embedded WebApplicationContext
2019-01-08 16:07:26.524 INFO 23736 --- [ main] o.s.web.context.ContextLoader : Root WebApplicationContext: initialization completed in 1797 ms
2019-01-08 16:07:26.794 INFO 23736 --- [ main] o.s.s.concurrent.ThreadPoolTaskExecutor : Initializing ExecutorService 'applicationTaskExecutor'
2019-01-08 16:07:27.065 INFO 23736 --- [ main] .s.s.UserDetailsServiceAutoConfiguration :
Using generated security password: afefdcc7-9156-4baf-91dd-2ab58a01025c
2019-01-08 16:07:27.213 INFO 23736 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Creating filter chain: any request, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@1b495d4, org.springframework.security.web.context.SecurityContextPersistenceFilter@1d12e953, org.springframework.security.web.header.HeaderWriterFilter@2abe9173, org.springframework.security.web.csrf.CsrfFilter@65f651eb, org.springframework.security.web.authentication.logout.LogoutFilter@3f50b680, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@2fdf17dc, org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter@5a75ec37, org.springframework.security.web.authentication.ui.DefaultLogoutPageGeneratingFilter@5e1dde44, org.springframework.security.web.authentication.www.BasicAuthenticationFilter@79c5460e, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@2d4608a6, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2687725a, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@7f37b6d9, org.springframework.security.web.session.SessionManagementFilter@1fdca564, org.springframework.security.web.access.ExceptionTranslationFilter@a96d56c, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@4190bc8a]
2019-01-08 16:07:27.303 INFO 23736 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 8080 (http) with context path ''
2019-01-08 16:07:27.309 INFO 23736 --- [ main] com.sylvan.SylvanApplication : Started SylvanApplication in 3.583 seconds (JVM running for 4.786)
可以清楚的看到在启动日志中有这么一行日志
Using generated security password: afefdcc7-9156-4baf-91dd-2ab58a01025c
这一行日志就是我们security生成的登录密码,因为我们现在什么都没有配置,都是使用的默认配置。
接下来我们在浏览器中访问/test接口即
http://localhost:8080/test,security
浏览器会自动跳转到
http://localhost:8080/login
登录页面,并要求我们进行登录,因为现在程序受security的保护,我们需要进行认证才能访问相应接口。我们输入账号和密码。
默认账户:user
密码:启动日志中打印的
Using generated security password: afefdcc7-9156-4baf-91dd-2ab58a01025c
输入账户信息登录,登录成功则会跳转到我们最开始访问的/test接口,登录失败则会在页面上显示相关登录失败信息。
url: http://localhost:8080/test
浏览器输出: hello security
到这里我们SpringSecurity的hello world就完成了,下一章会对security的核心处理逻辑进行一个说明。
我的github:
项目地址:https://github.com/linzhenc/sylvan