SpringBoot与SpringSecurity整合方法附源码

依赖


	
		org.springframework.boot
		spring-boot-starter-web
	
	
	
		org.thymeleaf
		thymeleaf-spring5
	
	
		org.thymeleaf.extras
		thymeleaf-extras-java8time
	
	
	
		org.springframework.boot
		spring-boot-starter-security
	
	
	
 		org.thymeleaf.extras
 		thymeleaf-extras-springsecurity5
 		3.0.4.RELEASE
	
	
		org.springframework.boot
		spring-boot-starter-test
		test
		
			
				org.junit.vintage
				junit-vintage-engine
			
		
	

Controller:

package com.blu.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

@Controller
public class RouterController {

	@RequestMapping({ "/", "/index" })
	public String index() {
		return "index";
	}

	@RequestMapping("/tologin")
	public String toLogin() {
		return "views/login";
	}

	@RequestMapping("/level1/{id}")
	public String level1(@PathVariable("id") int id) {
		return "views/level1/" + id;
	}

	@RequestMapping("/level2/{id}")
	public String level2(@PathVariable("id") int id) {
		return "views/level2/" + id;
	}

	@RequestMapping("/level3/{id}")
	public String level3(@PathVariable("id") int id) {
		return "views/level3/" + id;
	}
	
}

SecurityConfig:

package com.blu.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter{
	
	/**
	 * 授权
	 */
	@Override
	protected void configure(HttpSecurity http) throws Exception {
		
		//所有人可以访问首页,功能页需要指定权限才可以访问
		http.authorizeRequests()
			.antMatchers("/").permitAll()
			.antMatchers("/level1/**").hasRole("vip1")
			.antMatchers("/level2/**").hasRole("vip2")
			.antMatchers("/level3/**").hasRole("vip3");
		
		//没有权限将默认跳转至登录页,需要开启登录的页面
		//loginPage设置跳转至登录页的请求(默认为/login)
		//usernameParameter和passwordParameter配置登录的用户名和密码参数名称,默认就是username和password
		//loginProcessingUrl配置登录请求的url,需要和表单提交的url一致
		http.formLogin().loginPage("/tologin")
						.usernameParameter("username")
						.passwordParameter("password")
						.loginProcessingUrl("/login");
		//禁用CSRF保护
		http.csrf().disable();
		//开启注销功能和注销成功后的跳转页面(默认为登录页面)
		http.logout().logoutSuccessUrl("/");
		//开启记住我功能,Cookie默认保存两周
		http.rememberMe().rememberMeParameter("remember");
		
	}
	
	/**
	 * 认证
	 */
	@Override
	protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		
		auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
			.withUser("BLU").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2","vip3")
			.and()
			.withUser("root").password(new BCryptPasswordEncoder().encode("111111")).roles("vip1","vip2","vip3")
			.and()
			.withUser("guest").password(new BCryptPasswordEncoder().encode("111222")).roles("vip1");
	}
	
}

注:以上方式认证的用户和角色信息是存储在内存中的,在实际开发中应该从数据库中获取,详见:SpringSecurity从数据库中获取用户信息进行验证

index.html

views/login.html




 
 
 登录
 
 




登录

记住我

Spring Security Study by BLU

views/level1/1.html




 
 
 首页
 
 
 




Level-1-1

views/level2/1.html 等其他页面:略

运行效果:

SpringBoot与SpringSecurity整合方法附源码_第1张图片
SpringBoot与SpringSecurity整合方法附源码_第2张图片
SpringBoot与SpringSecurity整合方法附源码_第3张图片
SpringBoot与SpringSecurity整合方法附源码_第4张图片
SpringBoot与SpringSecurity整合方法附源码_第5张图片

项目源码:

链接: https://pan.baidu.com/s/1AtbcCht84NT-69-sSUAQRw

提取码: nh92

到此这篇关于SpringBoot与SpringSecurity整合的文章就介绍到这了,更多相关SpringBoot与SpringSecurity整合内容请搜索脚本之家以前的文章或继续浏览下面的相关文章希望大家以后多多支持脚本之家!

你可能感兴趣的:(SpringBoot与SpringSecurity整合方法附源码)