SpringSecurity学习

介绍

SpringSecurity是一个作用于身份认证和权限控制的框架，其针对的主要就是网站的安全问题

页面代码

要使用SpringSecurity的前提是有一个可以正常访问业务逻辑的代码，再使用SpringSecurity实现权限控制和身份验证。

后端代码

java 复制代码

package com.learn.springsecurity_demo.controller;  
  
  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.PathVariable;  
import org.springframework.web.bind.annotation.RequestMapping;  
  
@Controller  
public class RouterController {  
  
    @RequestMapping({"/","/index"})  
    public String index(){  
        return "index";  
    }  
    @RequestMapping("/toLogin")  
    public String tpString(){  
        return "views/login";  
    }  
    @RequestMapping("/level1/{id}")  
    public String level1(@PathVariable("id")int id){  
        return "views/level1/"+id;  
    }  
    @RequestMapping("/level2/{id}")  
    public String level2(@PathVariable("id")int id){  
        return "views/level2/"+id;  
    }  
    @RequestMapping("/level3/{id}")  
    public String level3(@PathVariable("id")int id){  
        return "views/level3/"+id;  
    }  
}

前端代码(网盘链接)

通过网盘分享的文件：SpringSecurity_demo.zip
链接: https://pan.baidu.com/s/10Mz_5al1iht44grQ_5rk9A?pwd=eyy5 提取码: eyy5 
--来自百度网盘超级会员v5的分享

编写权限规则

java 复制代码

package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
}

实现用户和授权

java 复制代码

package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

注销功能

只需要一行代码即可

java 复制代码

package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
  
        //注销  
        http.logout();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

Remeber与首页定制

java 复制代码

package com.learn.springsecurity_demo.config;  
  
import org.springframework.context.annotation.Configuration;  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
import org.springframework.web.bind.annotation.RestController;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面,定制登录页面  
        http.formLogin().loginPage("/toLogin").passwordParameter("password").usernameParameter("/username");  
  
        //注销  
        http.logout();  
  
        //Rememberme  
        http.rememberMe().rememberMeParameter("remember");  
  
  
  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}