SpringBoot整合Spring Security
Spring Security简单使用
所需依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
application.yml
spring:
thymeleaf:
prefix: classpath:/templates/
suffix: .html
controller层
@Controller
public class StudentHandler {
@GetMapping("/index")
public String index(){
return "index";
}
}
在引入security依赖下,随意访问页面,都会跳转到login页面
用户名为 user
密码在控制台随机生成
自定义密码
spring:
thymeleaf:
prefix: classpath:/templates/
suffix: .html
security:
user:
name: root
password: 123456
权限管理
创建MyPasswordEncoder类
package com.woongcha.config;
import org.springframework.security.crypto.password.PasswordEncoder;
public class MyPasswordEncoder implements PasswordEncoder {
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}
继承PasswordEncoder,encode
方法是将传入的参数转成字符串输出,matches
是将s(前台传过来的密码)与charSequence进行比较.
创建Security类
@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("user").password(new MyPasswordEncoder().encode("000")).roles("USER")
.and()
.withUser("admin").password(new MyPasswordEncoder().encode("123")).roles("ADMIN","USER");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN")
.antMatchers("/index").access("hasRole('ADMIN') or hasRole('USER')")
.and()
.formLogin()
.loginPage("/login")
.permitAll()
.and()
.logout()
.permitAll()
.and()
.csrf()
.disable();
}
}
修改Handler
package com.woongcha.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
@Controller
public class StudentHandler {
@GetMapping("/index")
public String index() {
return "index";
}
@GetMapping("/admin")
public String admin() {
return "admin";
}
@GetMapping("/login")
public String login() {
return "login";
}
}
新建三个html页面
admin.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>后台管理系统</h1>
<form action="/logout" method="post">
<input type="submit" value="退出">
</form>
</body>
</html>
index.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<h1>test</h1>
<form action="/logout" method="post">
<input type="submit" value="退出">
</form>
</body>
</html>
login.html
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org">
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form th:action="@{/login}" method="post">
用户名:<input type="text" name="username"/><br/>
密码:<input type="text" name="password"/><br/>
<input type="submit" value="登录"/>
</form>
</body>
</html>
启动后发现,index页面由user----000和admin—123都能登录,而admin用户还可以访问admin界面,user用户无法访问.