Spring Security :(二) SpringSecurity 权限控制

接着上一节的代码,这部分是做简单的权限控制

package com.example.springabc.securityConfig;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.stereotype.Component;

/**
 * @ClassName SecurityCofig
 * @Description TODO
 * @Author zhurongfei
 * @Data 2020/7/14 17:23
 * Version 1.0
 **/
@Component
public class SecurityCofig extends WebSecurityConfigurerAdapter {
    /**
     * 添加账户
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //添加用户信息和权限
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("zrf").password(new BCryptPasswordEncoder().encode("zrf")).authorities("find","insert");//添加用户名和密码 authorities权限名称
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).authorities("insert");//添加用户名和密码
    }

    /**
     * 拦截登陆请求
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//       http.authorizeRequests().
//               antMatchers("/**d").fullyAuthenticated().and().httpBasic();
        http.authorizeRequests().
               antMatchers("/find").hasAnyAuthority("find").
               antMatchers("/insert").hasAnyAuthority("insert").
                antMatchers("/**").fullyAuthenticated().and()
                .formLogin();
    }
}
package com.example.springabc.securityConfig;

import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
import org.springframework.boot.web.server.ErrorPage;
import org.springframework.boot.web.servlet.server.ConfigurableServletWebServerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;


/**
 * @ClassName WebServletConfig
 * @Description TODO
 * @Author zhurongfei
 * @Data 2020/7/15 9:32
 * Version 1.0
 **/
@Configuration
public class WebServletConfig {
    @Bean
    public ConfigurableServletWebServerFactory webServerFactory(){
        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();
        ErrorPage errorPage400 = new ErrorPage(HttpStatus.BAD_REQUEST,"/error/400");
        ErrorPage errorPage401 = new ErrorPage(HttpStatus.UNAUTHORIZED,"/error/401");
        ErrorPage errorPage403 = new ErrorPage(HttpStatus.FORBIDDEN,"/error/403");
        ErrorPage errorPage404 = new ErrorPage(HttpStatus.NOT_FOUND,"/error/404");
        ErrorPage errorPage415 = new ErrorPage(HttpStatus.UNSUPPORTED_MEDIA_TYPE,"/error/415");
        ErrorPage errorPage500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR,"/error/500");
        factory.addErrorPages(errorPage400,errorPage401,errorPage403,errorPage404,errorPage415,errorPage500);
        return  factory;
    }
}
package com.example.springabc.controller.error;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

/**
 * @ClassName errorController
 * @Description TODO
 * @Author zhurongfei
 * @Data 2020/7/15 9:39
 * Version 1.0
 **/
@RestController
public class errorController {
    @RequestMapping("/error/400")
    public String error400(){
        return "无法找到该网页!";
    }
    @RequestMapping("/error/401")
    public String error401(){
        return "未经授权,访问由于服务器配置被拒绝。";
    }
    @RequestMapping("/error/403")
    public String error403(){
        return "该用户可能权限不足,访问被禁止!";
    }
    @RequestMapping("/error/404")
    public String error404(){
        return "找不到页面!";
    }
    @RequestMapping("/error/415")
    public String error415(){
        return "找不到页面!";
    }
    @RequestMapping("/error/500")
    public String error500(){
        return "服务器内部出错,请稍后重试!";
    }
}

像这些代码最好不要写,只记录下来,因为写了一样忘,只要能看懂,就行

你可能感兴趣的:(java)