Springboot整合Spring-security

Springboot整合spring-security

1.创建springboot项目

2.引入相关依赖。

	spring-boot-starter-security
	mysql-connector-java
	persistence-api(mybaits注解支持)
	spring-security-core
	spring-boot-starter-thymeleaf
	//springboot对thymeleaf的支持
	thymeleaf-spring5
	thymeleaf-extras-java8time
	thymeleaf-extras-springsecurity5

3.编写domain、mapper的映射代码,使之能够正常对数据库进行增删改查。(配置application.properties)

4.编写spring-security的配置类。(SecurityConfig)

	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import javax.sql.DataSource;
	@EnableWebSecurity
	public class SecurityConfig extends WebSecurityConfigurerAdapter {
	
	    @Autowired
	    private DataSource dataSource;
	    @Override
	    protected void configure(HttpSecurity http) throws Exception {
	        http.authorizeRequests().antMatchers("/").permitAll()
	                .antMatchers("/level1/**").hasRole("vip1")
	                .antMatchers("/level2/**").hasRole("vip2")
	                .antMatchers("/level3/**").hasRole("vip3");
	        http.formLogin()
	                .usernameParameter("username")
	                .passwordParameter("password")
	                .loginPage("/toLogin")
	                .loginProcessingUrl("/login");
	        http.rememberMe().rememberMeParameter("remember");
	        http.csrf().disable();
	        http.logout().logoutSuccessUrl("/");
	    }
	
	//    @Override
	//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	//        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
	//                .withUser("kuangshen").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2","vip3")
	//                .and()
	//                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3")
	//                .and()
	//                .withUser("guest").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2");
	//    }
	
	    @Override
	    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	        auth.jdbcAuthentication()
	                .dataSource(dataSource)
	                .usersByUsernameQuery("select username,password,enable from user where username = ?")
	                .authoritiesByUsernameQuery("select username,authority from role where username = ?")
	                .passwordEncoder(new BCryptPasswordEncoder());
	    }
	}

5.编写controller层代码,对页面的跳转进行控制。

6.编写前端页面,在前端页面中能够输出用户名。(对用户名是否显示进行控制)

	
    
    
	
用户名:

7.对前端页面的信息显示进行控制。(若登陆用户拥有改角色,则显示)

	

8.数据库如图所示。

	user表
		username
		password(加密)
		enable
	role表
		username
		authority(ROLE_vip1:数据需要有前缀)

你可能感兴趣的:(spring,java)