一、Spring Security
Spring Security学习视频:狂神说视频
KuangStudy:
https://www.kuangstudy.com/course
Spring Security视频(狂神说):
https://www.bilibili.com/video/BV1KE411i7bC?p=1
百度云课件(狂神说资料):
链接:https://pan.baidu.com/s/1YtuSLNGXDyl9XGeZcYYyPQ
提取码:fazh
官网文档:
https://spring.io/projects/spring-security
https://docs.spring.io/spring-security/site/docs/5.2.0.RELEASE/reference/htmlsingle/
Maven依赖:
https://mvnrepository.com/
图标网站:
https://semantic-ui.com/
一、导入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
二、controller
package com.jin.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
/**
* @Package:com.jin.controller
* @ClassName: RouterController
* @Description:
* @Date: 2021/12/07 22:59
* @Author: Jin
*/
@Controller
public class RouterController {
@RequestMapping({"/","/index"})
public String index(){
return "index";
}
@RequestMapping("/toLogin")
public String toLogin(){
return "views/login";
}
@RequestMapping("/level1/{id}")
public String level1(@PathVariable("id") int id){
return "views/level1/"+id;
}
@RequestMapping("/level2/{id}")
public String level2(@PathVariable("id") int id){
return "views/level2/"+id;
}
@RequestMapping("/level3/{id}")
public String level3(@PathVariable("id") int id){
return "views/level3/"+id;
}
}
三、config
package com.jin.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
/**
* @Package:com.jin.config
* @ClassName: SecurityConfig
* @Description:
* @Date: 2021/12/08 16:17
* @Author: Jin
*/
//AOP:拦截器
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//链式编程
@Override
protected void configure(HttpSecurity http) throws Exception {
// super.configure(http);
//首页所有人可以访问,功能页只有对应有权限的人才能访问
//请求授权的规则
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//没有权限默认会到登录页面,需要开启登录的页面
//login
http.formLogin().loginPage("/toLogin");
//注销.开启了注销功能,注销结束跳到首页
http.logout().logoutSuccessUrl("/");
//防止网站工具:get,post
http.csrf().disable();//关闭csrf功能,登出失败可能的原因
//开启记住我的功能 cookie
http.rememberMe().rememberMeParameter("remember");
}
//认证,springboot 2.1.X可以直接使用
//密码编码:PasswordEcoder
//在Spring Security 5.0+ 新增了很多的加密方法
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// super.configure(auth);
//inMemoryAuthentication内存的数据
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3")
.and()
.withUser("Jin").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")
.and()
.withUser("Ji").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1");
}
}