Spring Security原理
认证
关键过滤器
认证流程
授权
授权类型
- 角色授权
- 资源授权
授权流程
#### 授权的数据模型
与springboot的整合
引入依赖
<!‐‐ 以下是>spring security依赖‐‐> <dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring‐boot‐starter‐security</artifactId>
</dependency>
spring boot 配置文件
server.port=8080
server.servlet.context‐path=/security‐springboot
spring.application.name = security‐springboot
Servlet Context配置
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("redirect:/login");
}
}
安全配置
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("zhangsan").password("123").authorities("p1").build());
manager.createUser(User.withUsername("lisi").password("456").authorities("p2").build());
return manager;
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/r/**").authenticated() (1) .anyRequest().permitAll() (2) .and()
.formLogin().successForwardUrl("/login‐success"); (3)
}
}