spring boot Security 简单使用

原创

北极冷冷冷 2019-06-04 17:27:28 博主文章分类：springboot ©著作权

文章标签 spring boot Securit Security 简单使用 文章分类 spring boot 后端开发

©著作权归作者所有：来自51CTO博客作者北极冷冷冷的原创作品，请联系作者获取转载授权，否则将追究法律责任

spring boot Security 简单使用

引入依赖

 <!-- security -->
 <dependency>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-security</artifactId>
 </dependency>

配置 SecurityConfig @Configuration public class SecurityConfig extends WebSecurityConfigurerAdapter {

 		@Autowired
 		UserDetailServiceImpl userDetailService;
 		@Autowired
 		LoginSuccessHandler loginSuccessHandler;

 		@Override
 		protected void configure(AuthenticationManagerBuilder auth) throws Exception {
 				//自定义用户验证和加密方式
 				auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder());
 		}

 		@Override
 		protected void configure(HttpSecurity http) throws Exception {
 				http.formLogin()                    //  定义当需要用户登录时候，转到的登录页面。
 		//          .loginPage("/login.html") //自定义登录页面
 //                .loginProcessingUrl("/login") //自定义登录接口地址
 								.successHandler(loginSuccessHandler)
 								.and()
 								// 定义哪些URL需要被保护、哪些不需要被保护
 								.authorizeRequests().antMatchers("/login").permitAll() //不需要保护的URL
 								.anyRequest()               // 任何请求,登录后可以访问
 								.authenticated()
 								.and()
 								.logout().logoutSuccessUrl("/login").permitAll() // 登出
 								.and()
 								.csrf().disable();
 		}
 }

3.用户验证处理

		@Component
		public class UserDetailServiceImpl implements UserDetailsService {
				/**
				 * 用户校验
				 * @param s
				 * @return
				 * @throws UsernameNotFoundException
				 */
				@Override
				public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
						Collection<GrantedAuthority> collection = new ArrayList<>();//权限集合
						String password = new BCryptPasswordEncoder().encode("123456");
						User user = new User(s,password,collection);

						return user;
				}

		}

4.登录成功后处理

@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
		@Override
		public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {

				httpServletResponse.setContentType("application/json;charset=UTF-8");

				httpServletResponse.getWriter().write(authentication.getName());
		}
}

HttpSecurity 类还有很可以使用的函数请参考: https://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html

----end----