SpringSecurity底层是利用filter来实现。filter是JavaEE的规范。对于权限的控制是比较靠前的。比拦截器靠前。
1.授权
(1)定义不同的用户权限,用户,管理员,版主。
//权限:普通用户
String AUTHORITY_USER = "user";
String AUTHORITY_ADMIN = "admin";
String AUTHORITY_MODERATOR = "moderator";
(2)为不同用户授权
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter implements CommunityConstant {
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/resources/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//授权
http.authorizeRequests()
.antMatchers(
"/user/setting",
"/user/upload",
"/discuss/add",
"/comment/add/**",
"/letter/**",
"/notice/**",
"/like",
"/follow",
"/unfollow"
)
.hasAnyAuthority(
AUTHORITY_USER,
AUTHORITY_ADMIN,
AUTHORITY_MODERATOR
)
http.exceptionHandling()
.authenticationEntryPoint(new AuthenticationEntryPoint() {
//没有登录
@Override
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationExceptio