SpringSecurity学习

介绍

SpringSecurity是一个作用于身份认证和权限控制的框架,其针对的主要就是网站的安全问题

页面代码

要使用SpringSecurity的前提是有一个可以正常访问业务逻辑的代码,再使用SpringSecurity实现权限控制和身份验证。

后端代码

java 复制代码
package com.learn.springsecurity_demo.controller;  
  
  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.PathVariable;  
import org.springframework.web.bind.annotation.RequestMapping;  
  
@Controller  
public class RouterController {  
  
    @RequestMapping({"/","/index"})  
    public String index(){  
        return "index";  
    }  
    @RequestMapping("/toLogin")  
    public String tpString(){  
        return "views/login";  
    }  
    @RequestMapping("/level1/{id}")  
    public String level1(@PathVariable("id")int id){  
        return "views/level1/"+id;  
    }  
    @RequestMapping("/level2/{id}")  
    public String level2(@PathVariable("id")int id){  
        return "views/level2/"+id;  
    }  
    @RequestMapping("/level3/{id}")  
    public String level3(@PathVariable("id")int id){  
        return "views/level3/"+id;  
    }  
}

前端代码(网盘链接)

复制代码
通过网盘分享的文件:SpringSecurity_demo.zip
链接: https://pan.baidu.com/s/10Mz_5al1iht44grQ_5rk9A?pwd=eyy5 提取码: eyy5 
--来自百度网盘超级会员v5的分享

编写权限规则

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
}

实现用户和授权

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

注销功能

只需要一行代码即可

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
  
        //注销  
        http.logout();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

Remeber与首页定制

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.context.annotation.Configuration;  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
import org.springframework.web.bind.annotation.RestController;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面,定制登录页面  
        http.formLogin().loginPage("/toLogin").passwordParameter("password").usernameParameter("/username");  
  
        //注销  
        http.logout();  
  
        //Rememberme  
        http.rememberMe().rememberMeParameter("remember");  
  
  
  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}
相关推荐
paopaokaka_luck2 分钟前
基于SpringBoot+Vue的DIY手工社预约管理系统(Echarts图形化、腾讯地图API)
java·vue.js·人工智能·spring boot·后端·echarts
自在极意功。3 分钟前
贪心算法深度解析:从理论到实战的完整指南
java·算法·ios·贪心算法
骁的小小站3 小时前
Verilator 和 GTKwave联合仿真
开发语言·c++·经验分享·笔记·学习·fpga开发
计算机学姐4 小时前
基于微信小程序的高校班务管理系统【2026最新】
java·vue.js·spring boot·mysql·微信小程序·小程序·mybatis
一路向北⁢4 小时前
基于 Apache POI 5.2.5 构建高效 Excel 工具类:从零到生产级实践
java·apache·excel·apache poi·easy-excel·fast-excel
颜颜yan_6 小时前
UU远程——让工作、学习、娱乐跨设备无缝衔接,“远程”更像“身边”
学习·娱乐·远程工作
毕设源码-赖学姐7 小时前
【开题答辩全过程】以 基于Android的校园快递互助APP为例,包含答辩的问题和答案
java·eclipse
damo017 小时前
stripe 支付对接
java·stripe
麦麦鸡腿堡8 小时前
Java的单例设计模式-饿汉式
java·开发语言·设计模式
假客套8 小时前
Request method ‘POST‘ not supported,问题分析和解决
java