springboot整合SpringSecurity基于内存数据实现认证和授权
发布于2021-05-29 23:22 阅读(1371) 评论(0) 点赞(12) 收藏(2)
1.需要的依赖
<!--thylemeaf与springsecurity整合-->
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity4</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<!--security-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--web-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--thymeleaf-->
<dependency>
<groupId>org.thymeleaf</groupId>
<artifactId>thymeleaf-spring5</artifactId>
</dependency>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-java8time</artifactId>
</dependency>
2.静态资源(首页、登录页…比较简陋在我资源可以免费获取)
目录结构
3. controller页面跳转
package com.kuang.controller;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
public class RouterController {
// 首页
@RequestMapping({"/","/index"})
public String index(){
return "index";
}
// 到登录页面
@RequestMapping("/toLogin")
public String toLogin(){
return "views/login";
}
//分别到各个页面
@RequestMapping("/level1/{id}")
public String level1(@PathVariable("id")int id){
return "views/level1/"+id;
}
@RequestMapping("/level2/{id}")
public String level2(@PathVariable("id")int id){
return "views/level2/"+id;
}
@RequestMapping("/level3/{id}")
public String level3(@PathVariable("id")int id){
return "views/level3/"+id;
}
}
4.继承WebSecurityConfigurerAdapter
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
//链式编程
//授权
@Override
protected void configure(HttpSecurity http) throws Exception{
//所有人可以访问首页,功能页只有对应的权限才能访问
//访问规则
http.authorizeRequests()
.antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("vip1")
.antMatchers("/level2/**").hasRole("vip2")
.antMatchers("/level3/**").hasRole("vip3");
//没有权限默认跳转登录页面
http.formLogin().
loginPage("/toLogin").
usernameParameter("user"). // 表单提交的用户名要与name对应
passwordParameter("pwd"). // 表单提交的密码
loginProcessingUrl("/login");
//网站攻击 关闭
http.csrf().disable();
//开启注销功能
http.logout().logoutSuccessUrl("/");
//开启记住我功能
http.rememberMe().rememberMeParameter("remember");
}
// 利用内存数据进行认证
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
// 密码需要加密
.passwordEncoder(new BCryptPasswordEncoder())
.withUser("weihuadi").password(new BCryptPasswordEncoder().encode("123")).roles("vip2","vip3")
.and()
.withUser("root").password(new BCryptPasswordEncoder().encode("123")).roles("vip1","vip2","vip3")
.and()
.withUser("guest").password(new BCryptPasswordEncoder().encode("123")).roles("vip1");
}
}
5.测试
5.1 首页
5.2 登录页面
5.3 我登录了root页面(可以展示所有页面)
5.4 点击注销回到首页,并清除cookie和session
5.5 thymeleaf整合security对权限的判断和控制
原文链接:https://blog.csdn.net/weixin_49092628/article/details/117359081
所属网站分类: 技术文章 > 博客
作者:我是个大美女
链接:http://www.javaheidong.com/blog/article/207899/68acdcedcb6adb0ec25a/
来源:java黑洞网
任何形式的转载都请注明出处,如有侵权 一经发现 必将追究其法律责任
昵称:
评论内容:(最多支持255个字符)
---无人问津也好,技不如人也罢,你都要试着安静下来,去做自己该做的事,而不是让内心的烦躁、焦虑,坏掉你本来就不多的热情和定力