• Spring Boot保护Web应用程序


    如果在类路径上添加了Spring Boot Security依赖项,则Spring Boot应用程序会自动为所有HTTP端点提供基本身份验证。端点“/”“/home”不需要任何身份验证。所有其他端点都需要身份验证。

    要将Spring Boot Security添加到Spring Boot应用程序,需要在构建配置文件中添加Spring Boot Starter Security依赖项。

    Maven用户可以在pom.xml 文件中添加以下依赖项。

    <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    
    XML

    Gradle用户可以在build.gradle 文件中添加以下依赖项。

    compile("org.springframework.boot:spring-boot-starter-security")
    

    保护Web应用程序

    首先,使用Thymeleaf模板创建不安全的Web应用程序。
    然后,在 src/main/resources/templates 目录下创建一个home.html 文件。

    <!DOCTYPE html>
    <html xmlns = "http://www.w3.org/1999/xhtml" 
       xmlns:th = "http://www.thymeleaf.org" 
       xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
       <head>
          <title>Spring Security示例</title>
       </head>
       <body>
          <h1>欢迎您!</h1>
          <p>点击 <a th:href = "@{/hello}">这里</a> 看到问候语.</p>
       </body>
    </html>
    
    HTML

    使用Thymeleaf模板在HTML文件中定义的简单视图/hello。现在,在src/main/resources/templates目录下创建一个文件:hello.html

    <!DOCTYPE html>
    <html xmlns = "http://www.w3.org/1999/xhtml" 
       xmlns:th = "http://www.thymeleaf.org" 
       xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
       <head>
          <title>Hello World!</title>
       </head>
       <body>
          <h1>Hello world!</h1>
       </body>
    </html>
    
    HTML

    现在,需要为Home和hello视图设置Spring MVC - View控制器。为此,创建一个扩展WebMvcConfigurerAdapter的MVC配置文件。

    package com.yiibai.websecuritydemo;
    
    import org.springframework.context.annotation.Configuration;
    import org.springframework.web.servlet.config.annotation.ViewControllerRegistry;
    import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
    
    @Configuration
    public class MvcConfig extends WebMvcConfigurerAdapter {
       @Override
       public void addViewControllers(ViewControllerRegistry registry) {
          registry.addViewController("/home").setViewName("home");
          registry.addViewController("/").setViewName("home");
          registry.addViewController("/hello").setViewName("hello");
          registry.addViewController("/login").setViewName("login");
       }
    }
    
    Java

    现在,将Spring Boot Starter安全依赖项添加到构建配置文件中。Maven用户可以在pom.xml 文件中添加以下依赖项。

    <dependency>
       <groupId>org.springframework.boot</groupId>
       <artifactId>spring-boot-starter-security</artifactId>
    </dependency>
    
    XML

    Gradle用户可以在build.gradle 文件中添加以下依赖项。

    compile("org.springframework.boot:spring-boot-starter-security")
    

    现在,创建一个Web安全配置文件,该文件用于保护应用程序以使用基本身份验证访问HTTP端点。

    package com.yiibai.websecuritydemo;
    
    import org.springframework.beans.factory.annotation.Autowired;
    import org.springframework.context.annotation.Configuration;
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    
    @Configuration
    @EnableWebSecurity
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
       @Override
       protected void configure(HttpSecurity http) throws Exception {
          http
             .authorizeRequests()
                .antMatchers("/", "/home").permitAll()
                .anyRequest().authenticated()
                .and()
             .formLogin()
                .loginPage("/login")
                .permitAll()
                .and()
                .logout()
                .permitAll();
       }
       @Autowired
       public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
          auth
             .inMemoryAuthentication()
             .withUser("user").password("password").roles("USER");
       }
    }
    
    Java

    现在,在src/main/resources 目录下创建一个login.html 文件,以允许用户通过登录屏幕访问HTTP端点。

    <!DOCTYPE html>
    <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org"
       xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
    
       <head>
          <title>Spring Security示例</title>
       </head>
       <body>
          <div th:if = "${param.error}">
             无效的用户名和密码.
          </div>
          <div th:if = "${param.logout}">
             你已经注销.
          </div>
    
          <form th:action = "@{/login}" method = "post">
             <div>
                <label> 用户名 : <input type = "text" name = "username"/> </label>
             </div>
             <div>
                <label> 密码: <input type = "password" name = "password"/> </label>
             </div>
             <div>
                <input type = "submit" value = "登录"/>
             </div>
          </form>
       </body>
    </html>
    
    HTML

    最后,更新hello.html 文件 - 允许用户从应用程序注销并显示当前用户名,如下所示 -

    <!DOCTYPE html>
    <html xmlns = "http://www.w3.org/1999/xhtml" xmlns:th = "http://www.thymeleaf.org" 
       xmlns:sec = "http://www.thymeleaf.org/thymeleaf-extras-springsecurity3">
    
       <head>
          <title>Hello World!</title>
       </head>
       <body>
          <h1 th:inline = "text">您好,[[${#httpServletRequest.remoteUser}]]!</h1>
          <form th:action = "@{/logout}" method = "post">
             <input type = "submit" value = "注销"/>
          </form>
       </body>
    
    </html>
    
    HTML

    主 Spring Boot应用程序的代码如下 -

    package com.yiibai.websecuritydemo;
    
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    
    @SpringBootApplication
    public class WebsecurityDemoApplication {
       public static void main(String[] args) {
          SpringApplication.run(WebsecurityDemoApplication.class, args);
       }
    }
    
    Java

    下面给出了构建配置文件的完整代码。

    Maven构建文件 - pom.xml 的内容如下:

    <?xml version  =  "1.0" encoding  =  "UTF-8"?>
    <project xmlns = "http://maven.apache.org/POM/4.0.0" 
       xmlns:xsi = "http://www.w3.org/2001/XMLSchema-instance"
       xsi:schemaLocation = "http://maven.apache.org/POM/4.0.0 
       http://maven.apache.org/xsd/maven-4.0.0.xsd">
    
       <modelVersion>4.0.0</modelVersion>
       <groupId>com.yiibai</groupId>
       <artifactId>websecurity-demo</artifactId>
       <version>0.0.1-SNAPSHOT</version>
       <packaging>jar</packaging>
       <name>websecurity-demo</name>
       <description>Demo project for Spring Boot</description>
    
       <parent>
          <groupId>org.springframework.boot</groupId>
          <artifactId>spring-boot-starter-parent</artifactId>
          <version>1.5.9.RELEASE</version>
          <relativePath/> <!-- lookup parent from repository -->
       </parent>
    
       <properties>
          <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
          <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
          <java.version>1.8</java.version>
       </properties>
    
       <dependencies>
          <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
          </dependency>
    
          <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-thymeleaf</artifactId>
          </dependency>
    
          <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-web</artifactId>
          </dependency>
    
          <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-test</artifactId>
             <scope>test</scope>
          </dependency>
    
          <dependency>
             <groupId>org.springframework.security</groupId>
             <artifactId>spring-security-test</artifactId>
             <scope>test</scope>
          </dependency>
       </dependencies>
    
       <build>
          <plugins>
             <plugin>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-maven-plugin</artifactId>
             </plugin>
          </plugins>
       </build>
    
    </project>
    
    XML

    Gradle构建文件 – build.gradle

    buildscript {
       ext {
          springBootVersion = '1.5.9.RELEASE'
       }
       repositories {
          mavenCentral()
       }
       dependencies {
          classpath("org.springframework.boot:spring-boot-gradle-plugin:${springBootVersion}")
       }
    }
    
    apply plugin: 'java'
    apply plugin: 'eclipse'
    apply plugin: 'org.springframework.boot'
    
    group = 'com.yiibai'
    version = '0.0.1-SNAPSHOT'
    sourceCompatibility = 1.8
    
    repositories {
       mavenCentral()
    }
    dependencies {
       compile('org.springframework.boot:spring-boot-starter-security')
       compile('org.springframework.boot:spring-boot-starter-thymeleaf')
       compile('org.springframework.boot:spring-boot-starter-web')
    
       testCompile('org.springframework.boot:spring-boot-starter-test')
       testCompile('org.springframework.security:spring-security-test')
    }
    

    现在,创建一个可执行的JAR文件,并使用以下Maven或Gradle命令运行Spring Boot应用程序。

    Maven用户请使用下面给出的命令 -

    mvn clean install
    
    Shell

    在“BUILD SUCCESS”之后,可以在target目录下找到JAR文件。
    Gradle用户可以使用如下所示的命令 -

    gradle clean build
    

    在“BUILD SUCCESSFUL”之后,可以在build/libs 目录下找到JAR文件。

    现在,使用下面显示的命令运行JAR文件 -

    java –jar <JARFILE>
    
    Shell

    在Web浏览器中访问URL => http://localhost:8080/ ,将看到如下图所示。

    输入用户名和密码(user/password),然后点击登录 -

  • 相关阅读:
    Unity3D 学习笔记一
    Java 常用类 -Math
    Java 常用类 -String VS StringBuffer
    Java 日期类 Calendar SimpleDateFormat
    Java 日期类 Calendar
    Java异常处理-自定义异常
    Java异常处理-Exception 和 RuntimeException 区别
    Java异常处理-throws和throw关键字
    Java异常处理-捕获和处理异常
    Java异常处理-异常的概念
  • 原文地址:https://www.cnblogs.com/borter/p/12423895.html
Copyright © 2020-2023  润新知