SpringSecurity学习

介绍

SpringSecurity是一个作用于身份认证和权限控制的框架,其针对的主要就是网站的安全问题

页面代码

要使用SpringSecurity的前提是有一个可以正常访问业务逻辑的代码,再使用SpringSecurity实现权限控制和身份验证。

后端代码

java 复制代码
package com.learn.springsecurity_demo.controller;  
  
  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.PathVariable;  
import org.springframework.web.bind.annotation.RequestMapping;  
  
@Controller  
public class RouterController {  
  
    @RequestMapping({"/","/index"})  
    public String index(){  
        return "index";  
    }  
    @RequestMapping("/toLogin")  
    public String tpString(){  
        return "views/login";  
    }  
    @RequestMapping("/level1/{id}")  
    public String level1(@PathVariable("id")int id){  
        return "views/level1/"+id;  
    }  
    @RequestMapping("/level2/{id}")  
    public String level2(@PathVariable("id")int id){  
        return "views/level2/"+id;  
    }  
    @RequestMapping("/level3/{id}")  
    public String level3(@PathVariable("id")int id){  
        return "views/level3/"+id;  
    }  
}

前端代码(网盘链接)

复制代码
通过网盘分享的文件:SpringSecurity_demo.zip
链接: https://pan.baidu.com/s/10Mz_5al1iht44grQ_5rk9A?pwd=eyy5 提取码: eyy5 
--来自百度网盘超级会员v5的分享

编写权限规则

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
}

实现用户和授权

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

注销功能

只需要一行代码即可

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
  
        //注销  
        http.logout();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

Remeber与首页定制

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.context.annotation.Configuration;  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
import org.springframework.web.bind.annotation.RestController;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面,定制登录页面  
        http.formLogin().loginPage("/toLogin").passwordParameter("password").usernameParameter("/username");  
  
        //注销  
        http.logout();  
  
        //Rememberme  
        http.rememberMe().rememberMeParameter("remember");  
  
  
  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}
相关推荐
程序员小羊!4 分钟前
Java教程:JavaWeb ---MySQL高级
java·开发语言·mysql
白仑色11 分钟前
Spring Boot 多环境配置详解
java·spring boot·后端·微服务架构·配置管理
超级小忍14 分钟前
在 Spring Boot 中优化长轮询(Long Polling)连接频繁建立销毁问题
java·spring boot·后端
David爱编程18 分钟前
Java 中 Integer 为什么不是万能的 int 替代品?
java·后端
老马啸西风19 分钟前
个人网站一键引入免费开关评论功能 giscus
java
北风toto42 分钟前
python学习DataFrame数据结构
数据结构·python·学习
Z_W_H_43 分钟前
【springboot】IDEA手动创建SpringBoot简单工程(无插件)
java·spring boot·intellij-idea
HeXDev1 小时前
【SkyWalking】服务端部署与微服务无侵入接入实战指南
java·微服务·架构·skywalking·链路追踪·微服务治理
探索java1 小时前
Java 深入解析:JVM对象创建与内存机制全景图
java·jvm
Sylvia-girl1 小时前
Java---IDEA
java·开发语言·intellij-idea