首先引入依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
两个前端页面 第一个login.html:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
登录页面 <p th:text="${msg}"></p>
<form action="/login_check" method="post">
<input type="text" name="username" /></br> </br> <input type="text"
name="password" /></br> </br> <input type="submit" value="登录" /></br>
</form>
</body>
</html>
第二个页面index.html
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Insert title here</title>
</head>
<body>
<form action="/login" method="post">
<input type="submit" value="退出" /></br>
</form>
你好啊! <p th:text="${user}"></p>
</body>
</html>
java代码:controller
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class IndexController {
@RequestMapping("/index")
@ResponseBody
public ModelAndView index() {
ModelAndView mode=new ModelAndView();
mode.addObject("user", "qushen");
mode.setViewName("index");
return mode;
}
@RequestMapping("/login")
public ModelAndView login() {
ModelAndView mode=new ModelAndView();
mode.addObject("msg", "后台消息模板返回成功...");
mode.setViewName("login");
return mode;
}
}
下面就是 Security的java类配置文件:
首先先写一个加密方式 MyPasswordEncoder.java:
import org.springframework.security.crypto.password.PasswordEncoder;
public class MyPasswordEncoder implements PasswordEncoder{
@Override
public String encode(CharSequence RawPassword) {
return RawPassword.toString();
}
@Override
public boolean matches(CharSequence RawPassword, String EncodePassword) {
return EncodePassword.equals(RawPassword.toString());
}
}
然后写Security的主要配置文件:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("qushen").password("123456").roles("ADMIN").and().passwordEncoder(new MyPasswordEncoder());
}
@Bean
@Override
protected AuthenticationManager authenticationManager() throws Exception {
return super.authenticationManager();
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable(); // 关闭跨站检测
http.authorizeRequests().anyRequest().fullyAuthenticated(); // 所有的请求全验证
http.formLogin().loginPage("/login").loginProcessingUrl("/login_check").failureUrl("/login").defaultSuccessUrl("/index").permitAll();
http.logout().permitAll();
}
}