Spring Security知识点总结

Spring Security原理

认证

关键过滤器

认证流程

授权

授权类型

1. 角色授权
2. 资源授权

授权流程

#### 授权的数据模型

与springboot的整合

引入依赖

<!‐‐ 以下是>spring security依赖‐‐> <dependency>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring‐boot‐starter‐security</artifactId>
    </dependency>

spring boot 配置文件

server.port=8080
   server.servlet.context‐path=/security‐springboot
   spring.application.name = security‐springboot

Servlet Context配置

@Configuration
   public class WebConfig implements WebMvcConfigurer {
//默认Url根路径跳转到/login，此url为spring security提供
@Override
public void addViewControllers(ViewControllerRegistry registry) {
           registry.addViewController("/").setViewName("redirect:/login");
       }
}

安全配置

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter { //内容跟Spring security入门程序一致
  //配置用户信息服务
       @Bean
       public UserDetailsService userDetailsService()  {
           InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
   manager.createUser(User.withUsername("zhangsan").password("123").authorities("p1").build());
           manager.createUser(User.withUsername("lisi").password("456").authorities("p2").build());
       return manager;
   }
   @Bean
   public PasswordEncoder passwordEncoder() {
       return  NoOpPasswordEncoder.getInstance();
   }
  //配置安全拦截机制
  @Override
  protected void configure(HttpSecurity http) throws Exception {
         http
                 .authorizeRequests()
  .antMatchers("/r/**").authenticated() (1) .anyRequest().permitAll() (2) .and()
  .formLogin().successForwardUrl("/login‐success"); (3)
  }
}