1.添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
重启访问即可跳转到对应的默认登录界面
默认账号 user;密码随机生成
2. 自定义登录界面
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>登录</title>
</head>
<body>
<h2>自定义登录页面</h2>
<form action="/authentication/form" method="post">
<table>
<tr>
<td>用户名:</td>
<td><input type="text" name="username"></td>
</tr>
<tr>
<td>密码:</td>
<td><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2">
<button type="submit">登录</button>
</td>
</tr>
</table>
</form>
</body>
</html>
自定义SpringSecurity的配置类
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
// Security 默认的service
@Autowired
private UserDetailsService userDetailsService;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 配置自定义的账号密码
/*auth.inMemoryAuthentication()
.withUser("zhang")
.password("{noop}123")
.roles("USER");// 用户具有的角色*/
// 关联自定义的认证的Service
// auth.userDetailsService(userDetailsService);
//加密认证 在配置类中指定解密器
auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
}
/**
* http请求的配置
* @param http
* @throws Exception
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin()
.loginPage("/login.html") // 指定自定义的登录界面
.loginProcessingUrl("/login.do") // 必须和登录表单的 action一致
.and()
.authorizeRequests() // 定义哪些资源被保护
.antMatchers("/login.html")
.permitAll() // login.html可以匿名访问
.anyRequest()
.authenticated(); //出来登录页面其他都需要认证
http.csrf().disable();// 禁用跨越攻击
}
//获取对应的加密的密文
public static void main(String[] args) {
BCryptPasswordEncoder encoder = new BCryptPasswordEncoder();
System.out.println(encoder.encode("123456"));
}
}
数据库认证
创建一个service继承UserDetailService
import org.springframework.security.core.userdetails.UserDetailsService;
public interface UserService extends UserDetailsService {
}
serviceImpl中重写loadUserByUsername方法
import com.example.demo.Service.UserService;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Service;
import java.util.ArrayList;
import java.util.List;
@Service
public class UserServiceImpl implements UserService {
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
// 模拟数据库操作 根据账号查询
String password = "$2a$10$9tzTU0L5cM7e25RPo.KGnOfzUzeulD0CzOoawooYSiUlrPABkCPXG";
// 假设查询出来的用户的角色
List<SimpleGrantedAuthority> list = new ArrayList<>();
list.add(new SimpleGrantedAuthority("USER1"));
UserDetails userDetails = new User(s,password,list);
return userDetails;
}
}