spring-security--基础--4.2--案例：简单资源权限访问

本文链接：https://blog.csdn.net/zhou920786312/article/details/109299546

spring-security–基础–4.2–案例：简单资源权限访问

代码位置

https://gitee.com/DanShenGuiZu/learnDemo/tree/master/spring-security-learn

1、介绍

通过SpringSecurity实现以下功能：

内存2个用户
1. admin：有p1权限
2. user：有p2权限
权限控制
1. 是否登录
  1. 否：不能访问资源
  2. 是：
    1. “/admin/p1”,只有p1权限的用户才能访问
    2. “/user/p2”,只有p2权限的用户才能访问

2、代码

2.1、结构

在这里插入图片描述

2.2、依赖

<!--security    begin-->
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
	<groupId>org.springframework.boot</groupId>
	<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>

<!--security    end-->

2.3、源码

LoginController

package com.feizhou.oauth.hello2;

import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author Administrator
 * @version 1.0
 **/
@RestController
public class LoginController {

	@RequestMapping(value = "/login-success")
	public String loginSuccess(){
		return getUsername()+" login-success 登录成功";
	}

	/**
	 * 测试资源1
	 * @return
	 */
	@GetMapping(value = "/admin/p1")
	public String r1(){
		return " /admin/p1 "+getUsername()+"访问资源1";
	}

	/**
	 * 测试资源2
	 * @return
	 */
	@GetMapping(value = "/user/p2")
	public String r2(){
		return "/user/p2 "+getUsername()+"访问资源2";
	}


	//获取当前用户信息
	private String getUsername(){
		String username = null;
		//当前认证通过的用户身份
		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
		//用户身份
		Object principal = authentication.getPrincipal();
		if(principal == null){
			username = "匿名";
		}
		if(principal instanceof org.springframework.security.core.userdetails.UserDetails){
			UserDetails userDetails =(UserDetails)principal;
			username = userDetails.getUsername();
		}else{
			username = principal.toString();
		}
		return username;
	}
}

MvcConfig2

package com.feizhou.oauth.hello2;

import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

/**
 * 视图配置
 *
 * @author zhoufei
 * @class: MvcConfig
 * @date 2020/10/24 21:03
 * @Verson 1.0 -2020/10/24 21:03
 * @see
 */
@Configuration
public class MvcConfig2 implements WebMvcConfigurer {

	@Override
	public void addViewControllers(ViewControllerRegistry registry){

		//请求/login 跳转到login页面
		registry.addViewController("/login").setViewName("login");
	}
}

WebSecurityConfig2

package com.feizhou.oauth.hello2;


import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;

@EnableWebSecurity
@Configuration
public class WebSecurityConfig2 extends WebSecurityConfigurerAdapter {


	//定义用户信息服务(查询用户信息)
	@Bean
	public UserDetailsService userDetailsService(){
		InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
		manager.createUser(User.withUsername("admin").password("admin").authorities("p1").build());
		manager.createUser(User.withUsername("user").password("user").authorities("p2").build());
		return manager;
	}

	//密码编码器,不加密
	@Bean
	public PasswordEncoder passwordEncoder(){
		//不加密
		return NoOpPasswordEncoder.getInstance();
	}

	//web  url 拦截规则
	@Override
	protected void configure(HttpSecurity http)throws Exception {
		http.authorizeRequests()

				.antMatchers("/admin/p1").hasAuthority("p1")//访问/admin/p1权限，需要有p1权限
				.antMatchers("/user/p2").hasAuthority("p2")//访问/user/p2，需要有p2权限
				.anyRequest().authenticated()//所有其他请求必须认证通过
				.and()
				.formLogin()
				.loginPage("/login")
				.successForwardUrl("/login-success")//自定义登录成功的页面地址
				.permitAll()
				.and()
				.logout()
				.permitAll();
	}
}

login.html

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"
	  xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
<head>
	<title>Spring Security Example </title>
</head>
<body>
<div th:if="${param.error}">
	Invalid username and password.
</div>
<div th:if="${param.logout}">
	You have been logged out.
</div>
<form th:action="@{/login}" method="post">
	<div><label> User Name : <input type="text" name="username"/> </label></div>
	<div><label> Password: <input type="password" name="password"/> </label></div>
	<div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>