spring:
目录:
code:
pom:
<dependencies>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-webmvc</artifactId>
<version>5.1.5.RELEASE</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<version>3.0.1</version>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.8</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
<version>5.1.4.RELEASE</version>
</dependency>
</dependencies>
Config:
@Configuration
@ComponentScan(basePackages = "com.security.springmvc",excludeFilters = {@ComponentScan.Filter(type = FilterType.ANNOTATION,value = Controller.class)})
public class ApplicationConfig {
//配置Controller的bean和数据库等
}
//Springmvc提供了拦截,授权认证的机制,不需要再定义拦截器了
@Configuration //相当于springmvc.xml文件
@EnableWebMvc
@ComponentScan(basePackages="com.security.springmvc"
,includeFilters={@ComponentScan.Filter(type= FilterType.ANNOTATION.ANNOTATION,value= Controller.class)})
public class WebConfig implements WebMvcConfigurer {
//配置视频解析器
@Bean
public InternalResourceViewResolver viewResolver(){
InternalResourceViewResolver viewResolver = new InternalResourceViewResolver();
viewResolver.setPrefix("/WEB-INF/view"); //创建视图位置前缀
viewResolver.setSuffix(".jsp"); //后缀 jsp作为视图文件
return viewResolver;
}
public void addViewControllers(ViewControllerRegistry registry){
registry.addViewController("/").setViewName("login"); //加前后缀指向login页面
}
}
/***重要**/
//springsercurity提供了用户登陆,登出,会话管理等认证功能,只需配置即可使用
//注意在init。SpringApplicationInitializer中添加进去
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//配置用户信息(查询用户信息)
@Bean
public UserDetailsService userDetailsService(){
//内存查询
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("zhangsan").password("123").authorities("p1").build()); //有p1权限
manager.createUser(User.withUsername("lisi").password("456").authorities("p2").build());
return manager;
}
//密码编码器
@Bean
public PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
//安全拦截机制(重要)
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/r/r1").hasAnyAuthority("p1") //访问r1必须有p1权限
.antMatchers("/r/r2").hasAnyAuthority("p2") //访问r2必须有p2权限
.antMatchers("/r/**").authenticated() //所有/r/**请求必须认证通过
.anyRequest().permitAll() //除了/r/**,其他的请求可以访问
.and()
.formLogin() //允许表单登陆
.successForwardUrl("/login-success"); //自定义登陆成功的页面地址
}
}
Controller:
@RestController
public class LoginController {
//之前配置中的跳转地址
@RequestMapping(value = "/login-success",produces = {"text/plain;charset=UTF-8"})
public String loginSuccess(){
return "success";
}
@GetMapping(value = "/r/r1",produces = {"text/plain;charset=UTF-8"})
public String r1(){
return "resource1";
}
@GetMapping(value = "r/r2",produces = {"text/plain;charset=UTF-8"})
public String r2(){
return "resource2";
}
}
Init:
public class SpringApplicationInitializer extends AbstractAnnotationConfigDispatcherServletInitializer {
//spring容器,相当于加载applicationContext.xml
@Override
protected Class<?>[] getRootConfigClasses() {
return new Class[]{ApplicationConfig.class, WebSecurityConfig.class}; //指定rootContext的配置类
}
//servletContext,相当与加载springmvc.xml
@Override
protected Class<?>[] getServletConfigClasses() {
return new Class[]{WebConfig.class}; //指定servletConext的配置类
}
//url-mapping
@Override
protected String[] getServletMappings() {
return new String[]{"/"}; //默认根路径
}
}
public class SpringSecurityApplicationInitializer extends AbstractSecurityWebApplicationInitializer {
public SpringSecurityApplicationInitializer(){
// super(WebSecurityConfig.class); 若当前环境没有使用spring或者springMVC需要传入超类读取
}
}
spring-boot:
目录:
code:
pom.xml
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.3.RELEASE</version>
</parent>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--jsp依赖-->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<!--jsp页面使用jst1标签-->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-tomcat</artifactId>
</dependency>
<!--编译jsp-->
<dependency>
<groupId>org.springframework.embed</groupId>
<artifactId>tomcat-enbed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.18.0</version>
</dependency>
</dependencies>
applicaion.properties:
server.port=8080
server.servlet.context-path=/security-springboot
spring.application.name = security-springboot
spring.mvc.view.prefix=/WEB-INF/views/
spring.mvc.suffix=.jsp
SecuritySpringBootApp
@SpringBootApplication
public class SecuritySpringBootApp {
public static void main(String[] args) {
SpringApplication.run(SecuritySpringBootApp.class,args);
}
}
config:
@Configuration
public class WebConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry){
registry.addViewController("/").setViewName("redirect:/login");
}
}
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//配置用户信息(查询用户信息)
@Bean
public UserDetailsService userDetailsService(){
//内存查询
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("zhangsan").password("123").authorities("p1").build()); //有p1权限
manager.createUser(User.withUsername("lisi").password("456").authorities("p2").build());
return manager;
}
//密码编码器
@Bean
public PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
//安全拦截机制(重要)
@Override
public void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/r/r1").hasAnyAuthority("p1") //访问r1必须有p1权限
.antMatchers("/r/r2").hasAnyAuthority("p2") //访问r2必须有p2权限
.antMatchers("/r/**").authenticated() //所有/r/**请求必须认证通过
.anyRequest().permitAll() //除了/r/**,其他的请求可以访问
.and()
.formLogin() //允许表单登陆
.successForwardUrl("/login-success"); //自定义登陆成功的页面地址
}
}