springBoot整合SpringSecurity(学习自狂神)

1.导入坐标

        
            org.springframework.boot
            spring-boot-starter-security
        
        
            org.springframework.boot
            spring-boot-starter-thymeleaf
        
        
            org.springframework.boot
            spring-boot-starter-web
        


        
            org.thymeleaf.extras
            thymeleaf-extras-springsecurity5
            3.0.4.RELEASE
        

2.写配置类config和controller

package com.example.controller;


import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;

@Controller
public class IndexController {

    @GetMapping({"/","/index"})
    public String index(){
        return "index";
    }
    @GetMapping("toLoginForm")
    public String toLoginForm(){
        return "views/login";
    }

    @GetMapping("/level1/{id}")
    public String level1(@PathVariable("id")int id){
        return "views/level1"+"/"+id;
    }
    @GetMapping("/level2/{id}")
    public String level2(@PathVariable("id")int id){
        return "views/level2"+"/"+id;
    }
    @GetMapping("/level3/{id}")
    public String level3(@PathVariable("id")int id){
        return "views/level3"+"/"+id;
    }
}
package com.example.config;

import javafx.util.converter.DateStringConverter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        //在这里定制请求的授权规则

        //首页所有可以访问,其他页面的定制请求与授权
        /**
         * authorizeRequests() :认证请求
         * antMatchers :添加地址
         * permitAll() :允许所有人访问
         * hasRole("vip1") :设置访问权限 (此处为vip1权限可访问)
         */
        httpSecurity.authorizeRequests().antMatchers("/").permitAll()
        .antMatchers("/level1/**").hasRole("vip1")
        .antMatchers("/level2/**").hasRole("vip2")
        .antMatchers("/level3/**").hasRole("vip3");

        /**
         * formLogin() :没有权限,返回登录页。
         * loginPage() : 自定义登录页
         * loginProcessingUrl("/login") :到默认登陆页登录 ,  "/login"是安全框架的默认登陆接口
         * httpSecurity.formLogin().loginPage("/toLoginForm") :正常使用这个去自己的登录页面,"/toLoginForm"是controller的路径
         * usernameParameter("username").passwordParameter("password") :接收前端发来的账号,密码
         * csrf().disable() :关闭防get ,post入侵工具
         */
        //没有权限,返回登录页。
        httpSecurity.formLogin();
        //在自定意页面输入帐号啊密码,在默认登录页登录
        httpSecurity.formLogin().loginPage("/toLoginForm").loginProcessingUrl("/login").usernameParameter("username").passwordParameter("password");
        //  关闭安全防护
        httpSecurity.csrf().disable();

        /**
         * logout() :开启注销功能 安全框架默认的注销接口是  , "/logout" 注意前后端的交互
         * logoutSuccessUrl("/") : 注销后跳转的页面
         * rememberMe() :记住我功能
         * rememberMeParameter("remember") :接收前端数据
         */
        //注销跳转到首页
        httpSecurity.logout().logoutSuccessUrl("/");
        //定制记住我的参数!
        httpSecurity.rememberMe().rememberMeParameter("remember");
        // .logoutSuccessUrl("/"); 注销成功来到首页

    }

    /**
     * 授权
     * @param auth
     * @throws Exception
     */
    @Override
    public void configure(AuthenticationManagerBuilder auth) throws Exception {

        /**
         * inMemoryAuthentication() :取内存的数据
         * passwordEncoder(new BCryptPasswordEncoder()) :选择密码加密方式 为 BCryptPasswordEncoder()
         * roles :用户权限
         * new BCryptPasswordEncoder().encode("root") :将"root"进行加密
         */
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("root").password(new BCryptPasswordEncoder().encode("root")).roles("vip1","vip2","vip3");



    }
}

springBoot整合SpringSecurity(学习自狂神)_第1张图片

 

你可能感兴趣的:(1024程序员节)