• 2020-03-1812:50:53springboot与安全之spring Security Demo版


    注解:@EnableWebSecurity

    WebSecurityConfigurerAdapter:自定义Security策略
    AuthenticationManagerBuilder:自定义认证策略
    HttpSecurity配置登陆、注销功能
    注意:将thymeleaf的依赖加入
    注意版本要保持一致,如果版本不一致可能需要自己去调程序,目前没能自己调通springboot 2.xx版本
    pom:
    <?xml version="1.0" encoding="UTF-8"?>
    <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 https://maven.apache.org/xsd/maven-4.0.0.xsd">
        <modelVersion>4.0.0</modelVersion>
        <parent>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-parent</artifactId>
            <version>1.5.12.RELEASE</version>
            <relativePath/> <!-- lookup parent from repository -->
        </parent>
        <groupId>com.study.springsecurity</groupId>
        <artifactId>study-springsecurity</artifactId>
        <version>0.0.1-SNAPSHOT</version>
        <name>study-springsecurity</name>
        <description>Demo project for Spring Boot</description>
    
        <properties>
            <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
            <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
            <java.version>1.8</java.version>
            <thymeleaf.version>3.0.9.RELEASE</thymeleaf.version>
            <thymeleaf-layout-dialect.version>2.3.0</thymeleaf-layout-dialect.version>
            <thymeleaf-extras-springsecurity4.version>3.0.2.RELEASE</thymeleaf-extras-springsecurity4.version>
        </properties>
    
        <dependencies>
            <dependency>
                <groupId>org.thymeleaf.extras</groupId>
                <artifactId>thymeleaf-extras-springsecurity4</artifactId>
            </dependency>
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-thymeleaf</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.thymeleaf.extras</groupId>
                <artifactId>thymeleaf-extras-springsecurity4</artifactId>
                <version>3.0.2.RELEASE</version>
            </dependency>
    
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-web</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-thymeleaf</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
            </dependency>
    
            <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-test</artifactId>
                <scope>test</scope>
                <exclusions>
                    <exclusion>
                        <groupId>org.junit.vintage</groupId>
                        <artifactId>junit-vintage-engine</artifactId>
                    </exclusion>
                </exclusions>
            </dependency>
        </dependencies>
    
        <build>
            <plugins>
                <plugin>
                    <groupId>org.springframework.boot</groupId>
                    <artifactId>spring-boot-maven-plugin</artifactId>
                </plugin>
            </plugins>
        </build>
    
    </project>

    主程序:

    package com.study.springsecurity;
    
    import org.springframework.boot.SpringApplication;
    import org.springframework.boot.autoconfigure.SpringBootApplication;
    
    @SpringBootApplication
    public class StudySpringsecurityApplication {
    
        public static void main(String[] args) {
            SpringApplication.run(StudySpringsecurityApplication.class, args);
        }
    
    }

    yml:

    server:
      port: 9990
      tomcat:
          uri-encoding: UTF-8
    
    spring:
      thymeleaf:
        prefix: classpath:/templates/
        suffix: .html
        cache: false #开发的时候禁用缓存
      http:
          encoding:
            charset: utf-8
            force: true
            enabled: true

    controller:

    package com.study.springsecurity.controller;
    
    import org.springframework.stereotype.Controller;
    import org.springframework.web.bind.annotation.GetMapping;
    import org.springframework.web.bind.annotation.PathVariable;
    import org.springframework.web.bind.annotation.ResponseBody;
    
    @Controller
    public class KungfuController {
        private final String PREFIX = "pages/";
        /**
         * 欢迎页
         * @return
         */
        @GetMapping("/")
        public String index() {
            return "welcome";
        }
    
        @ResponseBody//该测试是自己没引thymeleaf的依赖导致页面没出来,去看web环境是否有问题写的
        @GetMapping("/hello")
        public String hello(){
            return "笑脸";
        }
        
        /**
         * 登陆页
         * @return
         */
        @GetMapping("/userLogin")
        public String loginPage() {
            return PREFIX+"login";
        }
        
        
        /**
         * level1页面映射
         * @param path
         * @return
         */
        @GetMapping("/level1/{path}")
        public String level1(@PathVariable("path")String path) {
            return PREFIX+"level1/"+path;
        }
        
        /**
         * level2页面映射
         * @param path
         * @return
         */
        @GetMapping("/level2/{path}")
        public String level2(@PathVariable("path")String path) {
            return PREFIX+"level2/"+path;
        }
        
        /**
         * level3页面映射
         * @param path
         * @return
         */
        @GetMapping("/level3/{path}")
        public String level3(@PathVariable("path")String path) {
            return PREFIX+"level3/"+path;
        }
    
    
    }

    springsecurity核心代码:

    package com.study.springsecurity.config;
    
    import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
    import org.springframework.security.config.annotation.web.builders.HttpSecurity;
    import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
    import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
    import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
    
    @EnableWebSecurity
    public class MySecurityConfig extends WebSecurityConfigurerAdapter {
    
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            //super.configure(http);
            //定制请求的授权规则
            http.authorizeRequests().antMatchers("/").permitAll()
                    .antMatchers("/level1/**").hasRole("VIP1")
                    .antMatchers("/level2/**").hasRole("VIP2")
                    .antMatchers("/level3/**").hasRole("VIP3");
            //开启自动配置的登陆功能
            //定制loginPage后,loginPage的post请求就是登陆
            http.formLogin().usernameParameter("user").passwordParameter("pwd").loginPage("/userLogin");
    
            //开启自动配置的注销功能
            //logoutSuccessUrl:注销成功后请求的地址
            http.logout().logoutSuccessUrl("/");
    
            //记住我功能
            //rememberMeParameter:记住我功能的参数
            http.rememberMe()/*.rememberMeParameter("remeber")*/;
        }
    
        //定义认证规则
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            //super.configure(auth);
            //基于内存的
            //https://blog.csdn.net/syc000666/article/details/96862574
            auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                    .withUser("zs").password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1","VIP2")
                    .and()
                    .withUser("李四").password(new BCryptPasswordEncoder().encode("123456")).roles("VIP2","VIP3")
                    .and()
                    .withUser("王五").password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1","VIP3");
        }
    }

    页面代码:

    <!DOCTYPE html>
    <html xmlns:th="http://www.thymeleaf.org"
          xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
    <title>Insert title here</title>
    </head>
    <body>
    <h1 align="center">欢迎光临武林秘籍管理系统</h1>
    <div sec:authorize="!isAuthenticated()">
    <h2 align="center">游客您好,如果想查看武林秘籍 <a th:href="@{/userLogin}">请登录</a></h2>
    </div>
    <div sec:authorize="isAuthenticated()">
        <h2 align="center"><span sec:authentication="name"></span>,您好,您的角色有
        <span sec:authentication="principal.authorities"></span></h2>
        <form th:action="@{/logout}" method="post">
            <input type="submit" value="注销"/>
        </form>
    </div>
    <hr>
    <div sec:authorize="hasRole('VIP1')">
    <h3>普通武功秘籍</h3>
    <ul>
        <li><a th:href="@{/level1/1}">罗汉拳</a></li>
        <li><a th:href="@{/level1/2}">武当长拳</a></li>
        <li><a th:href="@{/level1/3}">全真剑法</a></li>
    </ul>
    </div>
    
    <div sec:authorize="hasRole('VIP2')">
    <h3>高级武功秘籍</h3>
    <ul>
        <li><a th:href="@{/level2/1}">太极拳</a></li>
        <li><a th:href="@{/level2/2}">七伤拳</a></li>
        <li><a th:href="@{/level2/3}">梯云纵</a></li>
    </ul>
    </div>
    
    <div sec:authorize="hasRole('VIP3')">
    <h3>绝世武功秘籍</h3>
    <ul>
        <li><a th:href="@{/level3/1}">葵花宝典</a></li>
        <li><a th:href="@{/level3/2}">龟派气功</a></li>
        <li><a th:href="@{/level3/3}">独孤九剑</a></li>
    </ul>
    </div>
    
    
    </body>
    </html>
    <!DOCTYPE html>
    <html xmlns:th="http://www.thymeleaf.org">
    <head>
    <meta charset="UTF-8">
    <title>Insert title here</title>
    </head>
    <body>
        <h1 align="center">欢迎登陆武林秘籍管理系统</h1>
        <hr>
        <div align="center">
            <form th:action="@{/userLogin}" method="post">
                用户名:<input name="user"/><br>
                密码:<input name="pwd"/><br/>
                <input type="checkbox" name="remeber"/>记住我<br/>
                <input type="submit" value="登陆">
            </form>
        </div>
    </body>
    </html>

    其余文件可以去尚硅谷官网获取(免费),地址:

    http://www.atguigu.com/download_detail.shtml?v=38

  • 相关阅读:
    25个自适应菜单教程和脚本
    15+最好的视差滚动技术指南
    15个最好的视差滚动教程
    36个创意广告海报欣赏
    26个新鲜有魅力的自适应网站设计实例
    32+激发灵感的HTML5/CSS3网页设计教程
    15+ 易响应的CSS框架快速开启你的敏捷网站项目
    25个令人难忘的广告设计
    15个华丽的wordPress全屏商务主题
    30个精美的美元折纸艺术
  • 原文地址:https://www.cnblogs.com/lxw-all/p/12518561.html
Copyright © 2020-2023  润新知