<!--引入thymeleaf与Spring Security整合的依赖-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.2.RELEASE</version>
</dependency>
<!--引入Spring Security依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--引入Thymeleaf依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
- 创建自定义WebSecurityConfigurerAdapter并重写configure方法
@EnableWebSecurity
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
//拦截请求
@Override
protected void configure(HttpSecurity http) throws Exception {
//设置哪些url允许被某种角色访问
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/bronze").hasRole("英勇黄铜")
.antMatchers("/silver").hasRole("不屈白银")
.antMatchers("/gold").hasRole("荣耀黄金")
.antMatchers("/platinum").hasRole("华贵铂金")
.antMatchers("/diamond").hasRole("璀璨钻石")
.antMatchers("/master").hasRole("超凡大师")
.antMatchers("/challenger").hasRole("最强王者");
//启用登录功能,可以使用默认的登录页,这里使用自定义的login.html页面
http.formLogin().loginPage("/login");
//启用注销功能,(需要提供一个action为/logout的form