这里学习SpringSecurity,对SpringSecurity进行学习。
基本用法添加依赖
-
<dependency>
-
<groupId>org.springframework.boot</groupId>
-
<artifactId>spring-boot-starter-security</artifactId>
-
</dependency>
添加接口
-
package com.example.demo.web;
-
-
import org.springframework.web.bind.annotation.RequestMapping;
-
import org.springframework.web.bind.annotation.RestController;
-
-
@RestController
-
@RequestMapping("/test")
-
public class Test {
-
@RequestMapping("/test")
-
public String test(){
-
return "test";
-
}
-
}
启动项目
可以看到日志中,已经有了密码
访问接口,此时已经有了登录页面
输入用户名和密码
-
用户名: user
-
密码 984cccf2-ba82-468e-a404-7d32123d0f9c
此时已经登录成功
配置用户名和密码
在配置文件中,进行配置
-
spring:
-
security:
-
user:
-
name: ming
-
password: 123456
-
roles: admin
` 输入用户名和密码,可以正常登录
基于内存的认证
需要自定义类继承 WebSecurityConfigurerAdapter 实现自定义的配置 这里基于内存的配置,如下
-
package com.example.demo.config;
-
-
import org.springframework.context.annotation.Bean;
-
import org.springframework.context.annotation.Configuration;
-
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
-
import org.springframework.security.crypto.password.PasswordEncoder;
-
-
-
@Configuration
-
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
-
@Bean
-
PasswordEncoder passwordEncoder(){
-
return NoOpPasswordEncoder.getInstance();
-
}
-
-
@Override
-
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-
auth.inMemoryAuthentication()
-
.withUser("admin").password("123").roles("admin");
-
}
-
}
这里基于内存的配置
HttpSecurity
这里对某些方法进行拦截
-
package com.ming.demo.interceptor;
-
-
import org.springframework.beans.factory.annotation.Autowired;
-
import org.springframework.context.annotation.Bean;
-
import org.springframework.context.annotation.Configuration;
-
import org.springframework.http.HttpMethod;
-
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
-
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-
import org.springframework.security.crypto.password.PasswordEncoder;
-
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
-
-
@Configuration
-
@EnableWebSecurity
-
public class SecurityConfig extends WebSecurityConfigurerAdapter {
-
//基于内存的用户存储
-
@Override
-
public void configure(AuthenticationManagerBuilder auth) throws Exception {
-
auth.inMemoryAuthentication()
-
.withUser("itguang").password("123456").roles("USER").and()
-
.withUser("admin").password("{noop}" + "123456").roles("ADMIN");
-
}
-
-
-
-
-
-
//请求拦截
-
@Override
-
protected void configure(HttpSecurity http) throws Exception {
-
http.authorizeRequests()
-
.anyRequest().permitAll()
-
.and()
-
.formLogin()
-
.permitAll()
-
.and()
-
.logout()
-
.permitAll();
-
}
-
-
-
}
`
这里成功完成了post请求进行登录验证。
小明菜市场
