角色访问的控制 pom.xml导入新的依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
新建SecurityConfig.java
@EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { //首页所有人都可访问,功能页只有对应有权限的人才能访问 http.authorizeRequests() .antMatchers("/","/index").permitAll() .antMatchers("/level1/**").hasRole("vip1") .antMatchers("/level2/**").hasRole("vip2"); //开启登陆界面 确定角色 http.formLogin(); //开启了注销功能.deleteCookies("remove").invalidateHttpSession(true)删除Cookies和session .logoutSuccessUrl("/")指定注销后要跳转的界面 http.logout().logoutSuccessUrl("/"); } //认证 每个账号对应的角色 @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()) .withUser("kk").password(new BCryptPasswordEncoder().encode("kk")).roles("vip1","vip2") .and() .withUser("rr").password(new BCryptPasswordEncoder().encode("rr")).roles("vip1") .and() .withUser("qq").password(new BCryptPasswordEncoder().encode("qq")).roles("vip2"); } }
对应的controller
@Controller public class RouterController { @RequestMapping({"/","/index"}) public String index(){ return "index"; } @RequestMapping("tologin") public String tologin(){ return "views/login"; } @RequestMapping("/level1/{id}") public String level1(@PathVariable("id")int id){ return "views/level1/"+id; } @RequestMapping("/level2/{id}") public String level2(@PathVariable("id")int id){ return "views/level2/"+id; } }
七个html
index.xml
<body> <div sec:authorize="hasRole('vip1')"> <a href="/level1/1">level1/1</a> <a href="/level1/2">level1/2</a> <a th:href="@{/level1/3}">level1/3</a> </div> <br><br><br> <div sec:authorize="hasRole('vip2')"> <a href="/level2/1">level2/1</a> <a th:href="@{/level2/2}">level2/2</a> <a th:href="@{/level2/3}">level2/3</a> </div> <br><br><br><br><br><br> <!--如果未登陆--> <div sec:authorize="!isAuthenticated()"> <a href="/login">登陆</a> </div> <div sec:authorize="isAuthenticated()"> 用户名:<span sec:authentication="name"></span> <!--角 色:<span sec:authentication="principal.getAuthorities()"></span>--> <a href="/logout">注销</a> </div>
</body>
部分人员显示部分信息
在上面的基础上
在HTML index.html中
<div sec:authorize="hasRole('vip1')">以div的形式包裹只能Vip1用户显示的内容 <a href="/level1/1">level1/1</a> <a href="/level1/2">level1/2</a> <a th:href="@{/level1/3}">level1/3</a> </div> <br><br><br> <div sec:authorize="hasRole('vip2')">以div的形式包裹只能Vip2用户显示的内容 <a href="/level2/1">level2/1</a> <a th:href="@{/level2/2}">level2/2</a> <a th:href="@{/level2/3}">level2/3</a> </div> <br><br><br><br><br><br> <!--如果未登陆--> <div sec:authorize="!isAuthenticated()">判断是否已登录div包裹链接 <a href="/login">登陆</a> </div> <div sec:authorize="isAuthenticated()"> <a href="/logout">注销</a> </div>
默认网页的更改
SecurityConfig.java文件中
http.formLogin().loginPage("/tologin").usernameParameter("username").passwordParameter("password").loginProcessingUrl("/login");
loginPage链接的新的自设的登陆网页(controller中已配置login.html的requestmapping(“/tologin”))
usernameParameter("username")
passwordParameter("password")自设登陆网页中对应的form的两个input的name
loginProcessingUrl ("/login") 设置/login为中转站
login.html
<form action="/login" method="post"> <input type="text" name="username" placeholder="Username"><br> <input type="text" name="password" placeholder="Password"> <input type="submit"> </form>