spring boot--11Spring Boot Security

最新推荐文章于 2022-02-26 00:14:31 发布
最新推荐文章于 2022-02-26 00:14:31 发布
阅读量153 收藏
点赞数
分类专栏: springboot
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/weixin_37650458/article/details/97976702
版权

1.简单验证

   首先springboot的版本是1.5.3,首先来一个简单的验证,只将认证的信息放到内存之中。

  pom文件:

<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
    <modelVersion>4.0.0</modelVersion>
    <parent>
        <groupId>org.springframework.boot</groupId>
        <artifactId>spring-boot-starter-parent</artifactId>
        <version>1.5.3.RELEASE</version>
        <relativePath/> <!-- lookup parent from repository -->
    </parent>
    <groupId>com.wx</groupId>
    <artifactId>test-security15</artifactId>
    <version>0.0.1-SNAPSHOT</version>
    <name>test-security15</name>
    <description>Demo project for Spring Boot</description>

    <properties>
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
        <java.version>1.8</java.version>
    </properties>

    <dependencies>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-thymeleaf</artifactId>
        </dependency>
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <dependency>
            <groupId>org.thymeleaf.extras</groupId>
            <artifactId>thymeleaf-extras-springsecurity4</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-test</artifactId>
            <scope>test</scope>
        </dependency>

        <!--  sql-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>
    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
            </plugin>
        </plugins>
    </build>

</project>

 yml文件:

server:
  port: 8080

#logging:
#  level:
#    root: WARN
#    org.springframework.web: INFO
#    org.springframework.security: INFO

spring:
  thymeleaf:
    mode: HTML5
    encoding: UTF-8
    cache: false

  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://localhost:3306/springcloud?useUnicode=true&characterEncoding=utf8&characterSetResults=utf8
    username: root
    password: 133309

  jpa:
    hibernate:
      ddl-auto: update
    show-sql: true

  controller:

/*
 * Copyright 2002-2016 the original author or authors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.wx.testsecurity15.controller;

import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;


/**
 * 
 */
@Controller
public class MainController {

	@RequestMapping("/")
	public String root() {
		return "redirect:/index";
	}

	@RequestMapping("/index")
	public String index() {
		return "index";
	}

	@RequestMapping("/user/index")
	public String userIndex() {
		return "user/index";
	}

	@RequestMapping("/login")
	public String login() {
		return "login";
	}

	@RequestMapping("/login-error")
	public String loginError(Model model) {
		model.addAttribute("loginError", true);
		return "login";
	}
	@GetMapping("/401")
	public String accesssDenied() {
		return "401";
	}
}

 配置,WebSecurityConfigurerAdapter


package com.wx.testsecurity15.config;


@EnableWebSecurity
@Configuration

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    // @formatter:off
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/css/**", "/index").permitAll()
                .antMatchers("/user/**").hasRole("USER")
                .antMatchers("/blogs/**").hasRole("USER")
                .and()
                .formLogin().loginPage("/login").failureUrl("/login-error")
                .and()
                .exceptionHandling().accessDeniedPage("/401");
        http.logout().logoutSuccessUrl("/");
    }
    // @formatter:on

    // @formatter:off
   /* @Autowired
    UserDetailsService userDetailsService;*/

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        //通过AuthenticationManagerBuilder在内存中创建了一个认证用户信息,
        //用户名为IronMan,密码为123456,有USER的角色
        auth.inMemoryAuthentication()
                .withUser("wang").password("123456").roles("USER");
       
    }
    



}

 前端页面:

 

 欧克,启动工程,访问:

进入登陆页面:

登陆:

2.进行多个角色的验证

  因为/user/index界面只有USER角色才能访问,所以新建一个admin用户,该用户只有ADMIN的角色,所以他不能访问/user/index


package com.wx.testsecurity15.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    // @formatter:off
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/css/**", "/index").permitAll()
                .antMatchers("/user/**").hasRole("USER")
                .antMatchers("/blogs/**").hasRole("USER")
                .and()
                .formLogin().loginPage("/login").failureUrl("/login-error")
                .and()
                .exceptionHandling().accessDeniedPage("/401");
        http.logout().logoutSuccessUrl("/");
    }
    // @formatter:on

    // @formatter:off
   /* @Autowired
    UserDetailsService userDetailsService;*/

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        //通过AuthenticationManagerBuilder在内存中创建了一个认证用户信息,
        //用户名为IronMan,密码为123456,有USER的角色
        /*auth.inMemoryAuthentication()
                .withUser("wang").password("123456").roles("USER");*/
        //auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).withUser("wang").password("123456").roles("ADMIN");
        auth.userDetailsService(userDetailsService());
        //auth.userDetailsService(userDetailsService);
    }
    // @formatter:on


	@Bean
	public UserDetailsService userDetailsService() {
		InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); // 在内存中存放用户信息
		manager.createUser(User.withUsername("wang").password("123456").roles("USER").build());
		manager.createUser(User.withUsername("admin").password("123456").roles("ADMIN").build());
		return manager;
	}
}

 

如果想要admin用户访问就给他添加USER的角色:

这时就能够访问了:

3.对方法级别的权限验证

 比如具有管理员权限的用户才能够删除博客。

创建博客实体类:

package com.wx.testsecurity15.entity;

/**
 * Created by fangzhipeng on 2017/5/15.
 */
public class Blog {

    private Long id;
    private String name;
    private String content;

    public Blog(Long id, String name, String content) {
        this.id = id;
        this.name = name;
        this.content = content;
    }

    public Long getId() {
        return id;
    }

    public void setId(Long id) {
        this.id = id;
    }

    public String getName() {
        return name;
    }

    public void setName(String name) {
        this.name = name;
    }

    public String getContent() {
        return content;
    }

    public void setContent(String content) {
        this.content = content;
    }
}

service:

package com.wx.testsecurity15.service;


import com.wx.testsecurity15.entity.Blog;

import java.util.List;

/**
 * 
 */
public interface IBlogService {
    List<Blog> getBlogs();
    void deleteBlog(long id);
}

imp:

package com.wx.testsecurity15.service.impl;

import com.wx.testsecurity15.entity.Blog;
import com.wx.testsecurity15.service.IBlogService;
import org.springframework.stereotype.Service;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;

/**
 * Created by fangzhipeng on 2017/5/15.
 */
@Service
public class BlogService implements IBlogService {

    private List<Blog> list=new ArrayList<>();

    public BlogService(){
        list.add(new Blog(1L, " spring in action", "good!"));
        list.add(new Blog(2L,"spring boot in action", "nice!"));
    }

    @Override
    public List<Blog> getBlogs() {
        return list;
    }

    @Override
    public void deleteBlog(long id) {
        Iterator iter = list.iterator();
        while(iter.hasNext()) {
            Blog blog= (Blog) iter.next();
            if (blog.getId()==id){
                iter.remove();
            }
        }
    }
}

controller层,添加方法级别的权限:

package com.wx.testsecurity15.controller;

import com.wx.testsecurity15.entity.Blog;
import com.wx.testsecurity15.service.impl.BlogService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.servlet.ModelAndView;

import java.util.List;

/**
 * Created by fangzhipeng on 2017/5/15.
 */

@RestController
@RequestMapping("/blogs")
public class BlogController {

    @Autowired
    BlogService blogService;
    @GetMapping
    public ModelAndView list(Model model) {

        List<Blog> list =blogService.getBlogs();
        model.addAttribute("blogsList", list);
        return new ModelAndView("blogs/list", "blogModel", model);
    }

    @PreAuthorize("hasAuthority('ROLE_ADMIN')")  //
    @GetMapping(value = "/{id}/deletion")
    public ModelAndView delete(@PathVariable("id") Long id, Model model) {
        blogService.deleteBlog(id);
        model.addAttribute("blogsList", blogService.getBlogs());
        return new ModelAndView("blogs/list", "blogModel", model);
    }
}

 普通用户登陆,删除博客:

admin用户登陆删除博客:

 4.从数据库中读取用户的认证信息

 需要添加数据库的依赖和JPA的依赖:

 <!--  sql-->
        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-data-jpa</artifactId>
        </dependency>

        <dependency>
            <groupId>mysql</groupId>
            <artifactId>mysql-connector-java</artifactId>
        </dependency>

  yml文件:

server:
  port: 8080

#logging:
#  level:
#    root: WARN
#    org.springframework.web: INFO
#    org.springframework.security: INFO

spring:
  thymeleaf:
    mode: HTML5
    encoding: UTF-8
    cache: false

  datasource:
    driver-class-name: com.mysql.jdbc.Driver
    url: jdbc:mysql://localhost:3306/springcloud?useUnicode=true&characterEncoding=utf8&characterSetResults=utf8
    username: root
    password: 133309

  jpa:
    hibernate:
      ddl-auto: update
    show-sql: true

 创建User实体:

package com.wx.testsecurity15.entity;

import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;

import javax.persistence.*;
import java.io.Serializable;
import java.util.Collection;
import java.util.List;


@Entity
public class User implements UserDetails, Serializable {
	//UserDetails 是Spring Security认证信息的核心接口
	@Id
	@GeneratedValue(strategy = GenerationType.IDENTITY)
	private Long id;

	@Column(nullable = false,  unique = true)
	private String username;

	@Column
	private String password;

	@ManyToMany(cascade = CascadeType.ALL, fetch = FetchType.EAGER)
	@JoinTable(name = "user_role", joinColumns = @JoinColumn(name = "user_id", referencedColumnName = "id"),
		inverseJoinColumns = @JoinColumn(name = "role_id", referencedColumnName = "id"))
	private List<Role> authorities;
	/**authorities为权限点的集合*/
	public User() {
	}

	public Long getId() {
		return id;
	}
	public void setId(Long id) {
		this.id = id;
	}

	/**
	 * getAuthorities()方法返回的是该用户设置的权限信息
	 * @return
	 */
	@Override
	public Collection<? extends GrantedAuthority> getAuthorities() {
		return authorities;
	}

	public void setAuthorities(List<Role> authorities) {
		this.authorities = authorities;
	}

	/**
	 * getUsername()方法为UserDetails的方法,这个方法不一定返回username,也可以是其他的用户信息
	 * 例如手机号码,邮箱地址,
	 * @return
	 */
	@Override
	public String getUsername() {
		return username;
	}

	public void setUsername(String username) {
		this.username = username;
	}

	@Override
	public String getPassword() {
		return password;
	}

	public void setPassword(String password) {
		this.password = password;
	}

	@Override
	public boolean isAccountNonExpired() {
		return true;
	}

	@Override
	public boolean isAccountNonLocked() {
		return true;
	}

	@Override
	public boolean isCredentialsNonExpired() {
		return true;
	}

	@Override
	public boolean isEnabled() {
		return true;
	}


}

这个实体类实现了UserDeatils接口,并且重写了他的方法,ok,看一下这个UserDeatils接口:

因为关联到了角色类所以需要角色类,ok

package com.wx.testsecurity15.entity;

import org.springframework.security.core.GrantedAuthority;

import javax.persistence.*;

@Entity
public class Role implements GrantedAuthority {
    //Role类实现接口GrantedAuthority,
	@Id
	@GeneratedValue(strategy = GenerationType.IDENTITY)
	private Long id;

	@Column(nullable = false)
	private String name;

	public Long getId() {
		return id;
	}

	public void setId(Long id) {
		this.id = id;
	}
    /** */
	@Override
	public String getAuthority() {
		return name;
	}

	public void setName(String name) {
		this.name = name;
	}

	@Override
	public String toString() {
		return name;
	}
}

 角色类实现了GrantedAuthority,接口,getAuthority权限点可以是任何的字符串,不一定是角色的字符串,本例权限点是从数据库中读取的Role表的nama字段

需要dao层去查询用户和其关联的角色:

package com.wx.testsecurity15.dao;


import com.wx.testsecurity15.entity.User;
import org.springframework.data.jpa.repository.JpaRepository;

public interface UserDao extends JpaRepository<User, Long> {

	User findByUsername(String username);
}

service层:

package com.wx.testsecurity15.service.impl;

import com.wx.testsecurity15.dao.UserDao;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;

/**
 * 该剧用户名获取该用户的所有信息,包括用户信息和权限点
 */
@Service
public class UserService implements UserDetailsService {

    @Autowired
    private UserDao userRepository;
    @Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        return userRepository.findByUsername(username);
    }
}

实现UserDetailsService接口,这个UserService就可以注入配置类中,ok配置类:


package com.wx.security15server.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    // @formatter:off
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .antMatchers("/css/**", "/index").permitAll()
                .antMatchers("/user/**").hasRole("USER")
                .antMatchers("/blogs/**").hasRole("USER")
                .and()
                .formLogin().loginPage("/login").failureUrl("/login-error")
                .and()
                .exceptionHandling().accessDeniedPage("/401");
        http.logout().logoutSuccessUrl("/");
    }
    // @formatter:on

    // @formatter:off
   /* @Autowired
    UserDetailsService userDetailsService;*/

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        //通过AuthenticationManagerBuilder在内存中创建了一个认证用户信息,
        //用户名为IronMan,密码为123456,有USER的角色
        auth.inMemoryAuthentication()
                .withUser("IronMan").password("123456").roles("USER");
        //auth.userDetailsService(userDetailsService());
        //auth.userDetailsService(userDetailsService);
    }
    // @formatter:on


//	@Bean
//	public UserDetailsService userDetailsService() {
//		InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager(); // 在内存中存放用户信息
//		manager.createUser(User.withUsername("forezp").password("123456").roles("USER").build());
//		manager.createUser(User.withUsername("admin").password("123456").roles("USER","ADMIN").build());
//		return manager;
//	}
}

 

 

 

 

 

 

时空恋旅人
关注
专栏目录
Spring Boot11--使用Spring Security进行安全控制
Java_Mrsun的博客
06-30 274
我们在编写Web应用时,经常需要对页面做一些安全控制,比如:对于没有访问权限的用户需要转到登录表单页面。要实现访问控制的方法多种多样,可以通过Aop、拦截器实现,也可以通过框架实现(如:Apache Shiro、Spring Security)。本文将具体介绍在Spring Boot中如何使用Spring Security进行安全控制。&lt;dependency&gt; ...
Spring Security详解(二)认证之核心配置详解
Jagger的博客
06-22 1万+
文章目录2.核心配置详解2.1 测试用例2.2 @EnableWebSecurityWebSecurityConfigurationSpringWebMvcImportSelectorEnableGlobalAuthentication2.3 @EnableGlobalMethodSecurityGlobalMethodSecuritySelectorGlobalMethodSecurityConfiguration2.4 SecurityBuilderWebSecurityHttpSecurityAu
避坑指南(三):Spring Security Oauth2框架如何初始化AuthenticationManager
银河架构师的博客
01-13 8073
说明 顾名思义,即为“身份认证管理器”, 说白了,就是各种类型登录方式、或者Authentication(*AuthenticationToken)辅助认证Provider的管理对象。 比如,如果只是采用表单登录认证,那么完全可以使用默认的AuthenticationManager,认证用户势必要提供UserDetailsService、PasswordEncoder,如此一来,系统会根...
spring security使用总结
Koikoi12的博客
08-11 3166
三种配置方法 configure(WebSecurity) 通过重载,配置Spring Security的Filter链 configure(HttpSecurity) 通过重载,配置如何通过拦截器保护请求,用来拦截请求,配置白名单和过滤 configure(AuthenticationManagerBuilder) 通过重载,配置user-detail服务,身份认证接口调用 用户存储方式 基于内存 auth.inMemoryAuthentication() .withUser(“admin”).passw
SpringSecurity学习
weixin_57128596的博客
02-26 5284
目录 基于尚硅谷web学习 Security配置: 两个核心接口UserDetailsService与PasswordEncoder: 2.PasswordEncoder 给密码加密 Web项目权限控制方案 (11条消息) SpringSecurity回顾_Fairy要carry的博客-CSDN博客 configure(AuthenticationManagerBuilder auth): configure(HttpSecurity http) 注解(对于处理请求方法的) 用户注销:.
spring boot 整合 spring security 之使用数据库验证
蜗牛跑的快
11-26 5434
spring boot 整合 spring security 参见上一篇文章.重写WebSecurityConfigurerAdapter中的configureGlobal方法@Autowired public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { auth.authenticat
HttpSecurity常用方法详解
qq_30641461的博客
10-11 1万+
requestMatchers() 取得RequestMatcherConfigurer对象并配置允许过滤的路由; 如requestMatchers().anyRequest()等同于http.authorizeRequests().anyRequest().access(“permitAll”); 如下面两个例子: @Override public void configure(HttpSecurity http) throws Exception { //只允许路由由test开头的需要
spring-boot-starter-security-2.1.3.RELEASE.jar
02-27
java运行依赖jar包
spring-boot-security-saml, Spring Security saml与 Spring Boot的集成.zip
09-17
spring-boot-security-saml, Spring Security saml与 Spring Boot的集成 spring-boot-security-saml这个项目在处理 spring-security-saml 和 Spring Boot 之间的平滑集成的同时,在处理内部的配置的gritty和锅炉板的...
jasypt-spring-boot-starter 3.0.5依赖的pom及jar
最新发布
05-19
4. **易于集成**:与其他Spring Boot组件无缝集成,如Spring Security,使得加密操作与整个应用流程更加协调。 5. **灵活的加密算法选择**:支持多种加密算法,如BasicEncryptionProvider和...
quickfixj-spring-boot-starter:用于QuickFIXJ的Spring Boot Starter
01-30
Spring Boot Starter是Spring Boot的一种机制,用于预配置和打包常见的功能模块,如Web、Data JPA、Security等。quickfixj-spring-boot-starter将QuickFIXJ集成到Spring Boot的生态系统中,使得开发者无需关心底层...
spring-boot-security
07-16
Spring Boot Security是一个强大的工具,它集成了Spring Security框架,使得在Spring Boot应用中实现安全控制变得简单高效。Spring Security是一个全面的、可高度定制的安全框架,适用于Java Web应用程序,包括认证...
初体验——spring boot 整合 spring security 登录认证(一)
qq_39717742的博客
08-10 325
一、Spring securitySpring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架 它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应...
Spring Boot中使用Spring Security进行安全控制
weixin_34221036的博客
05-28 203
我们在编写Web应用时,经常需要对页面做一些安全控制,比如:对于没有访问权限的用户需要转到登录表单页面。要实现访问控制的方法多种多样,可以通过Aop、拦截器实现,也可以通过框架实现(如:Apache Shiro、Spring Security)。 本文将具体介绍在Spring Boot中如何使用Spring Security进行安全控...
java 安全配置_java – Spring启动安全配置 – 必须指定authenticationManager
weixin_29146701的博客
02-16 840
这是我的主要应用程序配置@SpringBootApplicationpublic class Application {public static void main(String[] args) {new SpringApplicationBuilder(Application.class).banner((environment,aClass,printStream) ->System....
Spring Boot中整合Spring Security并自定义验证代码
热门推荐
嗡汤圆的博客
02-25 5万+
最终效果 1、实现页面访问权限限制 2、用户角色区分,并按照角色区分页面权限 3、实现在数据库中存储用户信息以及角色信息 4、自定义验证代码
使用java 编程的注解的方式定制spring security
一个烂人的随手笔记
09-08 7371
上一批博客 介绍了用 xml配置的方式来使用spring security 现在改造成完全使用注解的方式进行 定制 spring security 编程方式替换 在web.xml中定义的spring 的 filterChain<!-- spring security --> <filter> <filter-name>springSecurityFilterChain</filter-
SpringBoot入门 -Security安全控制
我爱编程持之以恒
11-15 1186
本文记录在SpringBoot使用SpringSecurity进行安全访问控制。 一 什么是Security   Spring Security是一个能够为基于Spring的企业应用系统提供声明式的安全访问控制解决方案的安全框架。它提供了一组可以在Spring应用上下文中配置的Bean,充分利用了Spring IoC,DI(控制反转Inversion of Control ,DI:Dependency Injection 依赖注入)和AOP(面向切面编程)功能,为应用系统提供声明式的安全访问控制功能,减
基于java config的springSecurity(二)--自定义认证
xiejx618的专栏
01-11 2万+
可参考的资料: http://blog.csdn.net/xiejx618/article/details/42523337 http://blog.csdn.net/xiejx618/article/details/22902343 本文在前文的基础上将基于内存的AuthenticationProvider改为自定义的AuthenticationProvider 1.修改
spring-boot-starter-security作用
05-18
`spring-boot-starter-security` 是 Spring Boot 安全框架的启动器。它提供了一系列组件和依赖库,可以很方便地在 Spring Boot 应用程序中实现基本的安全功能,例如认证、授权、密码加密等。 通过使用 `spring-boot...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

时空恋旅人

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值