package com.sao.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//Aop:拦截器!横切
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
//链式编程
@Override
protected void configure(HttpSecurity http) throws Exception {
//首页所有人都可以访问,功能页只能有对应有权限的人才能访问
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//没有权限,就默认跳到登陆页面,需要开启登录页面// /login
//定制登录页面loginPage("/toLogin")
http.formLogin().loginPage("/toLogin").usernameParameter("username").passwordParameter("password").loginProcessingUrl("/login");
//防止网站工具:get post
http.csrf().disable();//关闭csrf功能,登录失败可能存在的原因
//注销。开启注销功能。跳转首页,
http.logout().logoutSuccessUrl("/");
//开启记住我功能 cookie,默认保存两周,自定义接收前端参数
http.rememberMe().rememberMeParameter("remember");
}
//认证,springboot 2.1.x 可以直接使用
//密码编码:PasswordEncoder
//在SpringSecurity5.0+新增了很多的加密方法
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//这些数据正常一个从数据库里面读取
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("sao").password(new BCryptPasswordEncoder().encode("123")).roles("vip3","vip2")
.and()
.withUser("laosao").password(new BCryptPasswordEncoder().encode("123")).roles("vip1")
.and()
.withUser("root").password(new BCryptPasswordEncoder().encode("123")).roles("vip1","vip2","vip3");
}
}
springboot-security用户认证授权注销记住我及首页定制
最新推荐文章于 2022-10-15 17:30:47 发布