源码
https://github.com/cloudIshore/springboot-springSecurity
thymeleaf-springsecurity
导包
<!-- thymeleaf-extras-springsecurity5 -->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<!-- security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- thymeleaf -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
config
package com.cloud.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/index").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//设定登录页面:loginPage("/login")
//设定登录页面跳转url <form th:action="@{/toLogin}" method="post">
//设定登录成功跳转页面 defaultSuccessUrl("/index1") 与controller @RequestMapping("index1") 一致
http.formLogin().loginPage("/login").loginProcessingUrl("/toLogin").defaultSuccessUrl("/index");
//get方式提交注销,用post方式提交,不用
http.csrf().disable();
//自定义注销成功返回界面:/index
http.logout().logoutSuccessUrl("/index");
//自定义记住我 “remember”,登录界面 <input type="checkbox" name="remember">记住我
http.rememberMe().rememberMeParameter("remember");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("use1").password(new BCryptPasswordEncoder().encode("password")).roles("roles1","roles2","roles3")
.and()
.withUser("use2").password(new BCryptPasswordEncoder().encode("password")).roles("roles1");
}
}
controller
package com.cloud.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class RouterController {
@RequestMapping({"index","/"})
public String index(){
return "index";
}
//index界面跳转登录界面。登录验证 http.formLogin().loginPage("/login") 做了。
@RequestMapping("/login")
public String login(){
return "views/login";
}
@RequestMapping("/level1/{id}")
public String level1(@PathVariable("id")int id){
return "views/level1/"+id;
}
@RequestMapping("/level2/{id}")
public String level2(@PathVariable("id")int id){
return "views/level2/"+id;
}
@RequestMapping("/level3/{id}")
public String level3(@PathVariable("id")int id){
return "views/level3/"+id;
}
}
index界面
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org" xmlns:sec=http://www.thymeleaf.org/extras/spring-security>
<!--未登录 未登录显示登录-->
<div sec:authorize="!isAuthenticated()">
<a class="item" th:href="@{/login}" th:method="post">
<i class="address card icon"></i> 登录
</a>
</div>
<!-- 已登录,显示用户名 -->
<div sec:authorize="isAuthenticated()">
<a class="item">
用户名:<span sec:authentication="name"></span>
</a>
</div>
<!--注销 默认跳转:/logout-->
<div sec:authorize="isAuthenticated()">
<a class="item" th:href="@{/logout}" >
<i class="sign-out icon"></i> 注销
</a>
</div>
<!-- 根据权限显示页面 sec:authorize="hasAnyRole('vip1')" -->
<div class="column" sec:authorize="hasAnyRole('vip1')"></div>