SpringSecurity

SpringSecurity

 

1、环境搭建

1、导包，使用maven搭建项目

 maven网址：https://mvnrepository.com/

搜索需要导入的包名

<!--        thymeleaf-extras-springsecurity4-->
         <!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity4 -->
         <dependency>
             <groupId>org.thymeleaf.extras</groupId>
             <artifactId>thymeleaf-extras-springsecurity4</artifactId>
             <version>3.0.4.RELEASE</version>
         </dependency>
 ​
         <!--        security-->
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-starter-security</artifactId>
         </dependency>
         
         <!--        thymeleaf模板引擎-->
         <dependency>
             <groupId>org.thymeleaf</groupId>
             <artifactId>thymeleaf-spring5</artifactId>
         </dependency>
         <dependency>
             <groupId>org.thymeleaf.extras</groupId>
             <artifactId>thymeleaf-extras-java8time</artifactId>
         </dependency>

2、关闭thymeleaf缓存

spring.thymeleaf.cache=false

3、导入静态资源和相应页面代码

 

4、建立controller层

package com.company.controller;
 ​
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 ​
 @Controller
 public class MyController {
 ​//跳转到首页
     @RequestMapping({"/","/index"})
     public String index(){
         return "index";
     }
 ​
//登录页面
     @RequestMapping("/toLogin")
     public String login(){
         return "views/login";
     }
 ​
//restful风格传参，利用地址传递的参数，调用views文件下不同的页面  1.html2.html3.html
//如：http://localhost:8080/level1/1
//下面的一样
     @RequestMapping("/level1/{id}")
     public String level1(@PathVariable("id") int id){
//拼接
         return "views/level1/"+id;
     }
 ​
     @RequestMapping("/level2/{id}")
     public String level2(@PathVariable("id") int id){
         return "views/level2/"+id;
     }
 ​
     @RequestMapping("/level3/{id}")
     public String level3(@PathVariable("id") int id){
         return "views/level3/"+id;
     }
 }

 

2、权限与认证

运用了 Aop 切面编程思想

package com.company.config;


import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * aop 思想
     * 将所添加的东西，横切进原来的代码，不影响以前的代码
     *
     * */


    //权限
    //链式编程
    @Override
    protected void configure(HttpSecurity http) throws Exception {

//        所有人均可访问首页，但功能页需要的到相应的权限
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/level1/**").hasRole("v1")
                .antMatchers("/level2/**").hasRole("v2")
                .antMatchers("/level3/**").hasRole("v3");

        //在没有权限的情况下，跳转到登录页面
        http.formLogin().loginPage("/toLogin");

        //注销
        //注销成功后，回到首页
        http.csrf().disable();
        http.logout().logoutSuccessUrl("/");

        //记住登录信息
        http.rememberMe().rememberMeParameter("remember");
    }

    //认证
    //需对密码进行加密 password(new BCryptPasswordEncoder().encode("123456"))
    //不然，则会报错
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("1").password(new BCryptPasswordEncoder().encode("123456")).roles("v1","v2","v3")
                .and()
                .withUser("2").password(new BCryptPasswordEncoder().encode("123456")).roles("v2","v3")
                .and()
                .withUser("3").password(new BCryptPasswordEncoder().encode("123456")).roles("v3");
    }
}