博客中涉及的源码,下载地址在博客文章底部,有需要的小伙伴自行下载
SpringSecurity 是针对 Spring 项目的安全框架,也是 Spring Boot 底层安全模块的技术选项。他可以实现强大的 web 安全控制。对于安全控制,我们需要引入 spring-boot-starter-securiy 模块。
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
几个类:
具体的参考 Spring 官网:https://spring.io/guides/gs/securing-web/
配置 thymeleaf 模板依赖(springboot 2.3 版本)
// 其他有可能需要配置以下配置,2.3不需要
<properties>
<thymeleaf.version>3.0.9.RELEASE</thymeleaf.version>
<thymeleaf-layout-dialect.version>2.3.0</thymeleaf-layout-dialect.version>
</properties>
以下都需要配置
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
}
控制请求的访问权限:
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
// 定制请求的授权规则
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("VIP1")
.antMatchers("/level2/**").hasRole("VIP2")
.antMatchers("/level2/**").hasRole("VIP3");
}
}
定义认证规则
注意:Security5 与之前的传输密码有部分的不同
参考我这篇博客:https://blog.csdn.net/qq_45738810/article/details/108912554
@EnableWebSecurity
public class MySecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// super.configure(auth);
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("zhangsan").password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1", "VIP2")
.and()
.withUser("lisi").password(new BCryptPasswordEncoder().encode("123456")).roles("VIP2", "VIP3")
.and()
.withUser("wangwu").password(new BCryptPasswordEncoder().encode("123456")).roles("VIP1", "VIP3");
}
开启自动配置的登录功能
@Override
protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("VIP1")
.antMatchers("/level2/**").hasRole("VIP2")
.antMatchers("/level2/**").hasRole("VIP3");
// 开启自动登录功能
http.formLogin();
}
定制页面
http.formLogin().usernameParameter("username").passwordParameter("password").loginPage("/userlogin");
<form th:action="@{/logout}">
<input type="submit" value="注销" />
</form>
@Override
protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/level1/**").hasRole("VIP1")
.antMatchers("/level2/**").hasRole("VIP2")
.antMatchers("/level2/**").hasRole("VIP3");
// 开启自动登录功能
http.formLogin();
// 开启注销功能
http.logout(); // 注销成功会返回 /login?logout 页面
// http.logout().logoutSuccessUrl("/"); 注销成功以后来到首页
}
http.rememberMe();
定制:
<form th:action="@{/userlogin}" method="post">
用户名:<input name="username" /><br />
密码:<input name="password" /><br />
<input type="checkbox" name="remeber" /> 记住我<br />
<input type="submit" value="登陆" />
</form>
@Override
protected void configure(HttpSecurity http) throws Exception {
.....跟上面一致,省略了
// 记住我
http.rememberMe().rememberMeParameter("remeber");
}
<properties>
<thymeleaf-extras-springsecurity5.version>3.0.4.RELEASE</thymeleaf-extras-springsecurity5.version>
</properties>
<dependency>
<groupId>org.thymeleaf.extras</groupId>
<artifactId>thymeleaf-extras-springsecurity5</artifactId>
<version>3.0.4.RELEASE</version>
</dependency>
<!DOCTYPE html>
<html
xmlns:th="http://www.thymeleaf.org"
xmlns:sec="http://www.thymeleaf.org/extras/spring-security"
></html>
示例:
<div sec:authorize="!isAuthenticated()">
// 不登入显示以下
<h2 align="center">
游客您好,如果想查看武林秘籍 <a th:href="@{/userlogin}">请登录</a>
</h2>
</div>
<div sec:authorize="isAuthenticated()">
// 登录显示这个
<h2>
<span sec:authentication="name"></span>,您好,您的角色有:
<span sec:authentication="principal.authorities"></span>
</h2>
<form th:action="@{/logout}">
<input type="submit" value="注销" />
</form>
</div>
<div sec:authorize="hasRole('VIP1')">
<h3>普通武功秘籍</h3>
<ul>
<li><a th:href="@{/level1/1}">罗汉拳</a></li>
<li><a th:href="@{/level1/2}">武当长拳</a></li>
<li><a th:href="@{/level1/3}">全真剑法</a></li>
</ul>
</div>
https://www.thymeleaf.org/doc/articles/springsecurity.html https://github.com/thymeleaf/thymeleaf-extras-springsecurity 该文档介绍了不同版本的 thymeleaf、 springsecurity 、thymeleaf-extras-springsecurity 对应使用以及一些使用示例
源码下载: 链接:https://pan.baidu.com/s/1oT_Dro3yi4xvSJqccU8D2g 提取码:ljj7