//spring-boot中的依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
需要定义一个配置类 继承自WebSecurityConfigurerAdapter,引用@EnableWebSecurity注解,让其被spring容器托管。这里运用的是aop的思想,在不改动源代码的情况下,为项目配置权限管理
package com.yk.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//链式编程需要注意
http.authorizeRequests()
//首页 所有用户都能访问
.antMatchers("/").permitAll()
// /level1/** 只有具有vip1权限的用户才能访问
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3")
.and()
.formLogin();
.and()
//注销,并且重定向到指定页面
.logout().logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//涉及到密码之类的操作需要对其进行转码这里用的是BCryptPasswordEncoder
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
//为用户admin授权
.withUser("admin").password(new BCryptPasswordEncoder().encode("111")).roles("vip1");
}
}