Spring Securicty与Spring boot 及 Thymeleaf 整合

在整合Spring Security 及 Thymeleaf 时遇到点问题, 下面都有记录
github项目代码

pom配置文件

<dependency> 
    <groupId>org.springframework.bootgroupId>
    <artifactId>spring-boot-starter-securityartifactId>
dependency>


<dependency>
    <groupId>org.thymeleaf.extrasgroupId>
    <artifactId>thymeleaf-extras-springsecurity4artifactId>
    <version>3.0.2.RELEASEversion>
dependency>

从一个简单的demo开始

后台代码Config类部分,Controller类略

/**
 * @author mengqa
 * @create 2018-05-07 14:15
 **/
@EnableWebSecurity // 开启Security
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/css/**", "/js/**", "/fonts/**", "/index").permitAll() // 都可以访问
                .antMatchers("/users/**").hasRole("ADMIN") // 需要相关的角色才能访问
                .and()
                .formLogin()
                .loginPage("/login").failureUrl("/login-error"); // 自定义登录页面
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
       auth.inMemoryAuthentication() // 内存中
                .withUser("mqa").password("{noop}123456").roles("ADMIN");
    }

}

前台代码

index.html :


<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Titletitle>
head>
<body>

<div th:replace="~{common/header :: header}">div>

<div>

    <div sec:authorize="isAuthenticated()">
        <p>已有用户登录p>
        <p>登录者:<span sec:authentication="name">span>p>
        <p>角色:<span sec:authentication="principal.authorities">span>p>
    div>
    <div sec:authorize="isAnonymous()">
        <p>未有用户登录p>
    div>
div>

<div th:replace="~{common/footer :: footer}">div>

body>
html>

header.html :


<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Titletitle>
head>
<body>

<div th:fragment="header">
    <h1>权限测试h1>
    <a href="/" th:href="@{~/index}">首页a>

    <div sec:authorize="isAuthenticated()">
        登录者:<span sec:authentication="name">span>
        <form action="/logout" th:action="@{/logout}" method="post">
            <input type="submit" value="退出"/>
        form>
    div>
    <div sec:authorize="isAnonymous()">
        <a href="/login" th:href="@{~/login}">登录a>
    div>
div>

body>
html>

login.html :


<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Titletitle>
head>
<body>

<div th:replace="~{common/header :: header}">div>

<h3>登录h3>

<form th:action="@{~/login}" method="POST">
    用户名 : <br>
    <input type="text" id="username" name="username" />
    <br>
    密码: <br>
    <input type="text" id="password" name="password" />
    <br>
    <button type="submit">登录button>
    <div>
        <div th:if="${loginError}">
            <p th:text="${errorMsg}">p>
        div>
    div>
form>

<div th:replace="~{common/footer :: footer}">div>
body>
html>

遇到问题

1.使用正确的用户名登录会报错 :spring security 5 There is no PasswordEncoder mapped for the id “null” 错误

是因为spring security 升级到了5.0版本问题, 
要求设置密码时需要这样设置


    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
       auth.inMemoryAuthentication() // 内存中
                .withUser("mqa").password("{noop}123456").roles("ADMIN");
    }

没有 {noop} 会报错, 大概意思就是为了更加安全,所以就需要添加这个类型,
原文地址: https://www.cnblogs.com/majianming/p/7923604.html

2 sec:标签 html里要用的话必须注意的是, 注意结尾是springsecurity4 , 不是3

<html xmlns="http://www.w3.org/1999/xhtml"
      xmlns:th="http://www.thymeleaf.org"
      xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">

同时pom里是这段


<dependency>
    <groupId>org.springframework.bootgroupId>
    <artifactId>spring-boot-starter-securityartifactId>
dependency>

<dependency>
    <groupId>org.thymeleaf.extrasgroupId>
    <artifactId>thymeleaf-extras-springsecurity4artifactId>
    <version>3.0.2.RELEASEversion>
dependency>

这样下面这段代码就可用了


<div sec:authorize="isAuthenticated()">
    <p>已有用户登录p>
    <p>登录者:<span sec:authentication="name">span>p>
    <p>角色:<span sec:authentication="principal.authorities">span>p>
div>
<div sec:authorize="isAnonymous()">
    <p>未有用户登录p>
div>

你可能感兴趣的:(后端框架或组件相关,前端框架或组件相关)