角色访问的控制 pom.xml导入新的依赖 <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>
新建SecurityConfig.java
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//首页所有人都可访问,功能页只有对应有权限的人才能访问
http.authorizeRequests()
.antMatchers("/","/index").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2");
//开启登陆界面 确定角色
http.formLogin();
//开启了注销功能.deleteCookies("remove").invalidateHttpSession(true)删除Cookies和session .logoutSuccessUrl("/")指定注销后要跳转的界面
http.logout().logoutSuccessUrl("/");
}
//认证 每个账号对应的角色
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("kk").password(new BCryptPasswordEncoder().encode("kk")).roles("vip1","vip2")
.and()
.withUser("rr").password(new BCryptPasswordEncoder().encode("rr")).roles("vip1")
.and()
.withUser("qq").password(new BCryptPasswordEncoder().encode("qq")).roles("vip2");
}
}
对应的controller
@Controller
public class RouterController {
@RequestMapping({"/","/index"})
public String index(){
return "index";
}
@RequestMapping("tologin")
public String tologin(){
return "views/login";
}
@RequestMapping("/level1/{id}")
public String level1(@PathVariable("id")int id){
return "views/level1/"+id;
}
@RequestMapping("/level2/{id}")
public String level2(@PathVariable("id")int id){
return "views/level2/"+id;
}
}
七个html
index.xml
<body>
<div sec:authorize="hasRole('vip1')">
<a href="/level1/1">level1/1</a>
<a href="/level1/2">level1/2</a>
<a th:href="@{/level1/3}">level1/3</a>
</div>
<br><br><br>
<div sec:authorize="hasRole('vip2')">
<a href="/level2/1">level2/1</a>
<a th:href="@{/level2/2}">level2/2</a>
<a th:href="@{/level2/3}">level2/3</a>
</div>
<br><br><br><br><br><br>
<!--如果未登陆-->
<div sec:authorize="!isAuthenticated()">
<a href="/login">登陆</a>
</div>
<div sec:authorize="isAuthenticated()">
用户名:<span sec:authentication="name"></span>
<!--角 色:<span sec:authentication="principal.getAuthorities()"></span>-->
<a href="/logout">注销</a>
</div>
</body>
部分人员显示部分信息
在上面的基础上
在HTML index.html中
<div sec:authorize="hasRole('vip1')">以div的形式包裹只能Vip1用户显示的内容
<a href="/level1/1">level1/1</a>
<a href="/level1/2">level1/2</a>
<a th:href="@{/level1/3}">level1/3</a>
</div>
<br><br><br>
<div sec:authorize="hasRole('vip2')">以div的形式包裹只能Vip2用户显示的内容
<a href="/level2/1">level2/1</a>
<a th:href="@{/level2/2}">level2/2</a>
<a th:href="@{/level2/3}">level2/3</a>
</div>
<br><br><br><br><br><br>
<!--如果未登陆-->
<div sec:authorize="!isAuthenticated()">判断是否已登录div包裹链接
<a href="/login">登陆</a>
</div>
<div sec:authorize="isAuthenticated()">
<a href="/logout">注销</a>
</div>
默认网页的更改
SecurityConfig.java文件中
http.formLogin().loginPage("/tologin").usernameParameter("username").passwordParameter("password").loginProcessingUrl("/login");
loginPage链接的新的自设的登陆网页(controller中已配置login.html的requestmapping(“/tologin”))
usernameParameter("username")
passwordParameter("password")自设登陆网页中对应的form的两个input的name
loginProcessingUrl ("/login") 设置/login为中转站
login.html
<form action="/login" method="post">
<input type="text" name="username" placeholder="Username"><br>
<input type="text" name="password" placeholder="Password">
<input type="submit">
</form>
1139
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
