SpringSecurity
一:springSecurity(认证+授权)
1.springSecurity和shiro类似–aop思想(面向切面编程)
2.springBoot整合springSecurity框架
二:实战
1.仅需引入依赖spring-boot-start-security进行少量的配置,即可实现强大的安全管理
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
<version>2.1.3.RELEASE</version>
</dependency>
2.配置,写一个配置类config继承WebSecurityConfigurerAdapter(加注解@EnableWebSecurity)
package cn.pingan.controller;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class config extends WebSecurityConfigurerAdapter {
//1.授权
@Override
protected void configure(HttpSecurity http) throws Exception {
//首页所有人可以访问,功能页只有对应有权限的人才能访问
//请求授权规则
http.authorizeRequests()
.antMatchers("/index").permitAll() //访问这个路径的请求--返回一个首页内容,首页所有人都可以访问
.antMatchers("/level1/**").hasRole("vip1")//功能性请求,需要角色(都需要到默认的登录认证)
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//没有权限的默认会到登录页面
http.formLogin();
//注销 任意一个用户登录成功之后,点击注销之后就退出了并 设置跳转到首页
http.logout().logoutUrl("/index");
}
//2.认证 springBoot 2.1.x 都可以用
//new BCryptPasswordEncoder().encode("123") 加密才能使用
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//这些正常是从数据库中读,我们暂时从缓存中读取----通过and()方法连接即可实现
//auth.jdbcAuthentication()--数据库拿
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("han").password(new BCryptPasswordEncoder().encode("123")).roles("vip1")
.and()
.withUser("zhi").password(new BCryptPasswordEncoder().encode("123")).roles("vip2")
.and()
.withUser("jian").password(new BCryptPasswordEncoder().encode("123")).roles("vip1","vip2","vip3");
}
}
3.controller编写
package cn.pingan.controller;
//import cn.pingan.config.JdbcProperties;
//import cn.pingan.config.PersonProperties;
//import cn.pingan.service.HelloService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
public class HelloController {
@RequestMapping("/index")
public String hello(){
return "index";
}
@RequestMapping("/toLogin")
public String toLogin(){
return "login";
}
@RequestMapping("/level1")
public String level1(){
return "views/level1/";
}
@RequestMapping("/level2")
public String level2(){
return "views/level2/";
}
@RequestMapping("/leve3")
public String leve3(){
return "views/level3/";
}
}