python222网站实战(SpringBoot+SpringSecurity+MybatisPlus+thymeleaf+layui)-基于SpringSecurity实现后台管理登录

锋哥原创的Springboot+Layui python222网站实战：

python222网站实战课程视频教程（SpringBoot+Python爬虫实战） ( 火爆连载更新中... )_哔哩哔哩_bilibilipython222网站实战课程视频教程（SpringBoot+Python爬虫实战） ( 火爆连载更新中... )共计23条视频，包括：python222网站实战课程视频教程（SpringBoot+Python爬虫实战） ( 火爆连载更新中... )、第2讲 架构搭建实现、第3讲 页面系统属性动态化设计实现等，UP主更多精彩视频，请关注UP账号。https://www.bilibili.com/video/BV1yX4y1a7qM/config包下新建 WebSecurityConfig.java

package com.python222.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;


/**
 * spring security 配置
 * @author Administrator
 *
 */
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{

   @Value("${springUserName}")
   private String springUserName;

   @Value("${springPassword}")
   private String springPassword;

   /**
    * 配置用户认证
    */
   @Override
   protected void configure(AuthenticationManagerBuilder auth) throws Exception {
      auth.inMemoryAuthentication()
            .passwordEncoder(new BCryptPasswordEncoder()).withUser(springUserName).password(new BCryptPasswordEncoder().encode(springPassword))
             .roles("ADMIN");
   }

    /**
    * 请求授权
    */
   @Override
   protected void configure(HttpSecurity http) throws Exception {
      http.csrf().disable().cors().disable().headers().disable()
       .authorizeRequests()
       .antMatchers("/","/images/**","/articleImages/**","/systemImages/**","/randomImages/**","/post/**","/article/**","/refresh","/checkCode","/search/**","/static/**").permitAll() // 配置不需要身份认证的请求地址
       .anyRequest().authenticated() // 其他所有访问路径需要身份认证
       .and()
       .formLogin()
       .loginPage("/login") // 指定登录请求地址
       .defaultSuccessUrl("/admin") // 登录成功后的默认跳转页面
       .permitAll()
       .and()
       .logout()
       .logoutSuccessUrl("/login")
       .permitAll();

   }


}

application.yml里面，也配置下 用户名和密码：

springUserName: python222
springPassword: 123456

IndexController写一个login请求转发login模版方法

/**
 * 登录请求
 *
 * @return
 */
@RequestMapping("/login")
public String login() {
    return "login";
}

admin请求跳转后台管理主页

/**
 * 进入后台管理请求
 *
 * @return
 */
@RequestMapping("/admin")
public String toAdmin() {
    return "admin/main";
}