SpringSecurity学习

介绍

SpringSecurity是一个作用于身份认证和权限控制的框架,其针对的主要就是网站的安全问题

页面代码

要使用SpringSecurity的前提是有一个可以正常访问业务逻辑的代码,再使用SpringSecurity实现权限控制和身份验证。

后端代码

java 复制代码
package com.learn.springsecurity_demo.controller;  
  
  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.PathVariable;  
import org.springframework.web.bind.annotation.RequestMapping;  
  
@Controller  
public class RouterController {  
  
    @RequestMapping({"/","/index"})  
    public String index(){  
        return "index";  
    }  
    @RequestMapping("/toLogin")  
    public String tpString(){  
        return "views/login";  
    }  
    @RequestMapping("/level1/{id}")  
    public String level1(@PathVariable("id")int id){  
        return "views/level1/"+id;  
    }  
    @RequestMapping("/level2/{id}")  
    public String level2(@PathVariable("id")int id){  
        return "views/level2/"+id;  
    }  
    @RequestMapping("/level3/{id}")  
    public String level3(@PathVariable("id")int id){  
        return "views/level3/"+id;  
    }  
}

前端代码(网盘链接)

复制代码
通过网盘分享的文件:SpringSecurity_demo.zip
链接: https://pan.baidu.com/s/10Mz_5al1iht44grQ_5rk9A?pwd=eyy5 提取码: eyy5 
--来自百度网盘超级会员v5的分享

编写权限规则

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
}

实现用户和授权

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

注销功能

只需要一行代码即可

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
  
        //注销  
        http.logout();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

Remeber与首页定制

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.context.annotation.Configuration;  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
import org.springframework.web.bind.annotation.RestController;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面,定制登录页面  
        http.formLogin().loginPage("/toLogin").passwordParameter("password").usernameParameter("/username");  
  
        //注销  
        http.logout();  
  
        //Rememberme  
        http.rememberMe().rememberMeParameter("remember");  
  
  
  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}
相关推荐
黑客老李1 分钟前
EDUSRC:智慧校园通用漏洞挖掘(涉校园解决方案商)
服务器·前端·网络·安全·web安全
艾迪的技术之路7 分钟前
redisson使用lock导致死锁问题
java·后端·面试
今天背单词了吗98025 分钟前
算法学习笔记:8.Bellman-Ford 算法——从原理到实战,涵盖 LeetCode 与考研 408 例题
java·开发语言·后端·算法·最短路径问题
天天摸鱼的java工程师28 分钟前
使用 Spring Boot 整合高德地图实现路线规划功能
java·后端
东阳马生架构43 分钟前
订单初版—2.生单链路中的技术问题说明文档
java
weixin_472339461 小时前
网络安全之重放攻击:原理、危害与防御之道
安全·web安全
咖啡啡不加糖1 小时前
暴力破解漏洞与命令执行漏洞
java·后端·web安全
weixin_472339461 小时前
网络安全之注入攻击:原理、危害与防御之道
安全·web安全
风象南1 小时前
SpringBoot敏感配置项加密与解密实战
java·spring boot·后端