SpringBoot对SpringSecurity的支持

SpringBoot针对SpringSecurity的自动配置在org.springframework.boot.autoconfigure.security包中,主要通过SecurityAutoConfiguration和SecurityProperties来完成配置。

SpringBoot对SpringSecurity的支持_第1张图片

SecuritAutoConfiguration导入了SpringBootWebSecurityConfiguration中的配置。在SpringBootWebSecurityConfiguration配置中,我们获得如下的自动配置:

1、自动配置了一个内存中的用户,账号为user,密码在程序启动时出现。
2、忽略/css/、/js/、/images/和//favicon.ico等静态文件的拦截。
3、自动配置的securityFilterChainRegistration的Bean。

这里写图片描述

SpringSecurity的配置项:

security.user.name=user # 内存中的用户默认账号为user
security.user.password= # 1默认用户的密码
security.user.role=USER #默认用户的角色
security.require-ssl=false # 是否需要ssl支持
security.enable-csrf=false #是否开启“跨站请求伪造”支持,默认关闭
security.basic.enable=true
security.basic.realm=Spring
security.basic.authorize-mode=
security.filter-order=0
security.headers.xss=false
security.headers.cache=false
security.headers.frame=false
security.headers.content-type=false
security.headers.hsts=all
security.session=stateless
security.ignored= # 用,隔开无需拦截的路径

SpringBoot为我们做了如此多的配置,当我们需要自己扩展配置时,只需配置类继承WebSecurityConfigurerAdapter类即可,无需使用@EnableWebSecurity注解。

在SpringBoot中使用Security

初始化项目

SpringBoot对SpringSecurity的支持_第2张图片

添加的Maven依赖

        <dependency>
            <groupId>org.mybatis.spring.bootgroupId>
            <artifactId>mybatis-spring-boot-starterartifactId>
            <version>1.1.1version>
        dependency>
        <dependency>
            <groupId>org.springframework.bootgroupId>
            <artifactId>spring-boot-starter-securityartifactId>
        dependency>
        <dependency>
            <groupId>org.springframework.bootgroupId>
            <artifactId>spring-boot-starter-thymeleafartifactId>
        dependency>
        <dependency>
            <groupId>org.thymeleaf.extrasgroupId>
            <artifactId>thymeleaf-extras-springsecurity4artifactId>
        dependency>
        <dependency>
            <groupId>org.springframework.bootgroupId>
            <artifactId>spring-boot-starter-webartifactId>
        dependency>

        <dependency>
            <groupId>mysqlgroupId>
            <artifactId>mysql-connector-javaartifactId>
            <scope>runtimescope>
        dependency>

application.properties 的选项

spring.datasource.driverClassName=com.mysql.jdbc.Driver
spring.datasource.url=jdbc:mysql://127.0.0.1:3306/sosweet?useUnicode=true&characterEncoding=utf-8&serverTimezone=UTC
spring.datasource.username=root
spring.datasource.password=root

spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
spring.datasource.driver-class-name=com.mysql.jdbc.Driver
spring.datasource.filters=stat
spring.datasource.maxActive=20
spring.datasource.initialSize=1
spring.datasource.maxWait=60000
spring.datasource.minIdle=1
spring.datasource.timeBetweenEvictionRunsMillis=60000
spring.datasource.minEvictableIdleTimeMillis=300000
spring.datasource.validationQuery=select 'x'
spring.datasource.testWhileIdle=true
spring.datasource.testOnBorrow=false
spring.datasource.testOnReturn=false
spring.datasource.poolPreparedStatements=true
spring.datasource.maxOpenPreparedStatements=20

mybatis.mapperLocations=classpath:mapper/**/*.xml
mybatis.typeAliasesPackage=com.sosweet.entity

logging.level.org.springframeworlk.security=INFO

spring.thymeleft.cache=false

你可能感兴趣的:(SpringBoot)