介绍

这里学习SpringSecurity，对SpringSecurity进行学习。

基本用法

添加依赖

<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId></dependency>

添加接口

package com.example.demo.web;import org.springframework.web.bind.annotation.RequestMapping;import org.springframework.web.bind.annotation.RestController;@RestController@RequestMapping("/test")public class Test { @RequestMapping("/test") public String test(){ return "test"; }}

启动项目

可以看到日志中，已经有了密码

访问接口，此时已经有了登录页面

输入用户名和密码

用户名： user
密码 984cccf2-ba82-468e-a404-7d32123d0f9c

此时已经登录成功

配置用户名和密码

在配置文件中，进行配置

spring:
security:
user:
name: ming
password: 123456
roles: admin

输入用户名和密码，可以正常登录

基于内存的认证

需要自定义类继承 WebSecurityConfigurerAdapter
实现自定义的配置
这里基于内存的配置，如下

package com.example.demo.config;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.password.NoOpPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;@Configurationpublic class MyWebSecurityConfig extends WebSecurityConfigurerAdapter { @Bean PasswordEncoder passwordEncoder(){ return NoOpPasswordEncoder.getInstance(); } @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("admin").password("123").roles("admin"); }}

这里基于内存的配置

HttpSecurity

这里对某些方法进行拦截

package com.ming.demo.interceptor;import org.springframework.beans.factory.annotation.Autowired;import org.springframework.context.annotation.Bean;import org.springframework.context.annotation.Configuration;import org.springframework.http.HttpMethod;import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;import org.springframework.security.config.annotation.web.builders.HttpSecurity;import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;import org.springframework.security.crypto.password.PasswordEncoder;import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;@Configuration@EnableWebSecuritypublic class SecurityConfig extends WebSecurityConfigurerAdapter { //基于内存的用户存储 @Override public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication() .withUser("itguang").password("123456").roles("USER").and() .withUser("admin").password("{noop}" + "123456").roles("ADMIN"); } //请求拦截 @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .anyRequest().permitAll() .and() .formLogin() .permitAll() .and() .logout() .permitAll(); }}

这里成功完成了post请求进行登录验证。

以上就是Spring Security学习笔记（一）的详细内容，更多关于Spring Security的资料请关注其它相关文章！