SpringBoot针对SpringSecurity的自动配置在org.springframework.boot.autoconfigure.security包中,主要通过SecurityAutoConfiguration和SecurityProperties来完成配置。
SecuritAutoConfiguration导入了SpringBootWebSecurityConfiguration中的配置。在SpringBootWebSecurityConfiguration配置中,我们获得如下的自动配置:
1、自动配置了一个内存中的用户,账号为user,密码在程序启动时出现。
2、忽略/css/、/js/、/images/和//favicon.ico等静态文件的拦截。
3、自动配置的securityFilterChainRegistration的Bean。
SpringSecurity的配置项:
security.user.name=user # 内存中的用户默认账号为user
security.user.password= # 1默认用户的密码
security.user.role=USER #默认用户的角色
security.require-ssl=false # 是否需要ssl支持
security.enable-csrf=false #是否开启“跨站请求伪造”支持,默认关闭
security.basic.enable=true
security.basic.realm=Spring
security.basic.authorize-mode=
security.filter-order=0
security.headers.xss=false
security.headers.cache=false
security.headers.frame=false
security.headers.content-type=false
security.headers.hsts=all
security.session=stateless
security.ignored= # 用,隔开无需拦截的路径
SpringBoot为我们做了如此多的配置,当我们需要自己扩展配置时,只需配置类继承WebSecurityConfigurerAdapter类即可,无需使用@EnableWebSecurity注解。
在SpringBoot中使用Security
初始化项目
添加的Maven依赖
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>1.1.1</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
application.properties 的选项
spring.datasource.driverClassName=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/sosweet?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=root
spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.filters=stat
spring.datasource.maxActive=20
spring.datasource.initialSize=1
spring.datasource.maxWait=60000
spring.datasource.minIdle=1
spring.datasource.timeBetweenEvictionRunsMillis=60000
spring.datasource.minEvictableIdleTimeMillis=300000
spring.datasource.validationQuery=select 'x'
spring.datasource.testWhileIdle=true
spring.datasource.testOnBorrow=false
spring.datasource.testOnReturn=false
spring.datasource.poolPreparedStatements=true
spring.datasource.maxOpenPreparedStatements=20
mybatis.mapperLocations=classpath:mapper/**/*.xml
mybatis.typeAliasesPackage=com.sosweet.entity
logging.level.org.springframeworlk.security=INFO
spring.thymeleft.cache=false