时间:2021-05-20
依赖
<dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <!-- Thymeleaf --> <dependency> <groupId>org.thymeleaf</groupId> <artifactId>thymeleaf-spring5</artifactId> </dependency> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-java8time</artifactId> </dependency> <!-- SpringSecurity --> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <!-- Thymeleaf 与 SpringSecurity 整合包 --> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> <version>3.0.4.RELEASE</version> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> <exclusions> <exclusion> <groupId>org.junit.vintage</groupId> <artifactId>junit-vintage-engine</artifactId> </exclusion> </exclusions> </dependency></dependencies>Controller:
package com.blu.controller;import org.springframework.stereotype.Controller;import org.springframework.web.bind.annotation.PathVariable;import org.springframework.web.bind.annotation.RequestMapping;@Controllerpublic class RouterController { @RequestMapping({ "/", "/index" }) public String index() { return "index"; } @RequestMapping("/tologin") public String toLogin() { return "views/login"; } @RequestMapping("/level1/{id}") public String level1(@PathVariable("id") int id) { return "views/level1/" + id; } @RequestMapping("/level2/{id}") public String level2(@PathVariable("id") int id) { return "views/level2/" + id; } @RequestMapping("/level3/{id}") public String level3(@PathVariable("id") int id) { return "views/level3/" + id; } }SecurityConfig:
package com.blu.config;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter{ /** * 授权 */ @Override protected void configure(HttpSecurity http) throws Exception { //所有人可以访问首页,功能页需要指定权限才可以访问 http.authorizeRequests() .antMatchers("/").permitAll() .antMatchers("/level1/**").hasRole("vip1") .antMatchers("/level2/**").hasRole("vip2") .antMatchers("/level3/**").hasRole("vip3"); //没有权限将默认跳转至登录页,需要开启登录的页面 //loginPage设置跳转至登录页的请求(默认为/login) //usernameParameter和passwordParameter配置登录的用户名和密码参数名称,默认就是username和password //loginProcessingUrl配置登录请求的url,需要和表单提交的url一致 http.formLogin().loginPage("/tologin") .usernameParameter("username") .passwordParameter("password") .loginProcessingUrl("/login"); //禁用CSRF保护 http.csrf().disable(); //开启注销功能和注销成功后的跳转页面(默认为登录页面) http.logout().logoutSuccessUrl("/"); //开启记住我功能,Cookie默认保存两周 http.rememberMe().rememberMeParameter("remember"); } /** * 认证 */ @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()) .withUser("BLU").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2","vip3") .and() .withUser("root").password(new BCryptPasswordEncoder().encode("111111")).roles("vip1","vip2","vip3") .and() .withUser("guest").password(new BCryptPasswordEncoder().encode("111222")).roles("vip1"); } }注:以上方式认证的用户和角色信息是存储在内存中的,在实际开发中应该从数据库中获取,详见:SpringSecurity从数据库中获取用户信息进行验证
index.html
<!DOCTYPE html><html lang="en" xmlns:th="http:///s/1AtbcCht84NT-69-sSUAQRw提取码: nh92
到此这篇关于SpringBoot与SpringSecurity整合的文章就介绍到这了,更多相关SpringBoot与SpringSecurity整合内容请搜索以前的文章或继续浏览下面的相关文章希望大家以后多多支持!
声明:本页内容来源网络,仅供用户参考;我单位不保证亦不表示资料全面及准确无误,也不保证亦不表示这些资料为最新信息,如因任何原因,本网内容或者用户因倚赖本网内容造成任何损失或损害,我单位将不会负任何法律责任。如涉及版权问题,请提交至online#300.cn邮箱联系删除。
本文讲述springboot整合springsecurity在方法上使用注解实现权限控制,使用自定义userdetailservice,从mysql中加载用户信
1简介在之前的文章《Springboot集成SpringSecurity实现JWT认证》讲解了如何在传统的Web项目中整合SpringSecurity和JWT,
SpringSecurity基本原理在之前的文章《SpringBoot+SpringSecurity基本使用及个性化登录配置》中对SpringSecurity进
本文介绍了SpringBoot集成jsp(附源码)+遇到的坑,分享给大家1、大体步骤(1)创建Mavenwebproject;(2)在pom.xml文件添加依赖
经过SpringBoot的整合封装与自动化配置,在SpringBoot中整合Redis已经变得非常容易了,开发者只需要引入SpringDataRedis依赖,然