SpringBoot整合Security
1. 引入依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
2. application.yml
spring:
thymeleaf:
mode: HTML
prefix: classpath:/templates/
suffix: .html
servlet:
content-type: text/htm
3.创建HTML页面
index.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>index</title>
</head>
<body>
index
</body>
</html>
success.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>success</title>
</head>
<body>
success
<a th:href="@{/logout}">注销</a>
<a th:href="@{/page1}">页面1</a>
</body>
</html>
u_login.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>login</title>
</head>
<body>
<form action="/loginSuccess" method="post">
用户名 <input type="text" name="username">
密码<input type="password" name="password">
<input type="checkbox" name="remember">记住我
<input type="submit" value="submit">
</form>
</body>
</html>
loginSuccess.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>
<meta charset="UTF-8">
<title>loginSuccess</title>
</head>
<body>
登录成功
<a th:href="@{/page1}">页面1</a>
</body>
</html>
page1.html
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
这是页面1
</body>
</html>
4.controller
package com.lyb.security.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class IndexController {
@RequestMapping("/")
public String index(){
return "index";
}
@RequestMapping("/login")
public String login(){
return "u_login";
}
@RequestMapping("/success")
public String success(){
return "success";
}
@RequestMapping("/loginSuccess")
public String loginSuccess(){
return "loginSuccess";
}
@RequestMapping("/page1")
public String page1(){
return "page1";
}
}
5.config配置文件
// An highlighted block
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/").permitAll() //所有人可以访问
.antMatchers("/success").hasRole("user")
.antMatchers("/page1").hasRole("user"); //user角色才可以访问
http
.formLogin() //开启登录页面
.loginPage("/login")//进入自定义登录页面
.usernameParameter("username")
.passwordParameter("password")
.loginProcessingUrl("/loginSuccess") //登录认证路径
;
http
.logout() //开启注销功能
.logoutSuccessUrl("/"); // 注销成功后跳转的路径
http
.csrf().disable(); //关闭csrf功能
http
.rememberMe() //开启记住我功能
.rememberMeParameter("remember"); //自定义记住我功能
}
/**
* 认证:springboot 2.1.x可以直接使用
* 密码编码passwordEncoder
* 在SpringSecurity5中增加了许多加密方式
*/
//内存中添加用户名密码
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("lyb").password(new BCryptPasswordEncoder().encode("123456")).roles("user")
.and();
}
}
6.项目目录