SpringSecurity学习

介绍

SpringSecurity是一个作用于身份认证和权限控制的框架,其针对的主要就是网站的安全问题

页面代码

要使用SpringSecurity的前提是有一个可以正常访问业务逻辑的代码,再使用SpringSecurity实现权限控制和身份验证。

后端代码

java 复制代码
package com.learn.springsecurity_demo.controller;  
  
  
import org.springframework.stereotype.Controller;  
import org.springframework.web.bind.annotation.PathVariable;  
import org.springframework.web.bind.annotation.RequestMapping;  
  
@Controller  
public class RouterController {  
  
    @RequestMapping({"/","/index"})  
    public String index(){  
        return "index";  
    }  
    @RequestMapping("/toLogin")  
    public String tpString(){  
        return "views/login";  
    }  
    @RequestMapping("/level1/{id}")  
    public String level1(@PathVariable("id")int id){  
        return "views/level1/"+id;  
    }  
    @RequestMapping("/level2/{id}")  
    public String level2(@PathVariable("id")int id){  
        return "views/level2/"+id;  
    }  
    @RequestMapping("/level3/{id}")  
    public String level3(@PathVariable("id")int id){  
        return "views/level3/"+id;  
    }  
}

前端代码(网盘链接)

复制代码
通过网盘分享的文件:SpringSecurity_demo.zip
链接: https://pan.baidu.com/s/10Mz_5al1iht44grQ_5rk9A?pwd=eyy5 提取码: eyy5 
--来自百度网盘超级会员v5的分享

编写权限规则

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
}

实现用户和授权

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

注销功能

只需要一行代码即可

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面  
        http.formLogin();  
  
        //注销  
        http.logout();  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}

Remeber与首页定制

java 复制代码
package com.learn.springsecurity_demo.config;  
  
import org.springframework.context.annotation.Configuration;  
import org.springframework.security.authentication.AuthenticationManager;  
import org.springframework.security.authentication.event.AuthenticationFailureProxyUntrustedEvent;  
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;  
import org.springframework.security.config.annotation.web.builders.HttpSecurity;  
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;  
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;  
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;  
import org.springframework.web.bind.annotation.RestController;  
  
@EnableWebSecurity  
public class SecurityConfig extends WebSecurityConfigurerAdapter {  
  
    //链式编程  
    @Override  
    protected void configure(HttpSecurity http) throws Exception{  
        //授权规则  
        http.authorizeRequests()  
                .antMatchers("/").permitAll()  
                .antMatchers("/level1/**").hasRole("vip1")  
                .antMatchers("level2/**").hasRole("vip2")  
                .antMatchers("level3/").hasRole("vip3");  
  
        //开启登录页面,定制登录页面  
        http.formLogin().loginPage("/toLogin").passwordParameter("password").usernameParameter("/username");  
  
        //注销  
        http.logout();  
  
        //Rememberme  
        http.rememberMe().rememberMeParameter("remember");  
  
  
  
    }  
  
    //认证,与用户密码加密  
    @Override  
    protected void configure(AuthenticationManagerBuilder auth) throws Exception{  
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())  
                //正常在数据库里进行  
                .withUser("cat").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")  
                .and()  //使用and进行连接多个用户  
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3");  
    }  
}
相关推荐
晓宜18 分钟前
Java25 新特性介绍
java·python·算法
LGL6030A20 分钟前
数据结构学习(2)——多功能链表的实现(C语言)
数据结构·学习·链表
iconball27 分钟前
个人用云计算学习笔记 --18(NFS 服务器、iSCSI 服务器)
linux·运维·笔记·学习·云计算
Seven9730 分钟前
SpringIOC、DI及Bean线程安全面试题解析
java
TitosZhang31 分钟前
BIO、NIO、AIO详解
java·redis·nio
Arva .1 小时前
Spring Boot 配置文件
java·spring boot·后端
IT_Octopus1 小时前
https私人证书 PKIX path building failed 报错解决
java·spring boot·网络协议·https
肥肠可耐的西西公主1 小时前
后端(JavaWeb)学习笔记(CLASS 1):maven
笔记·学习·maven
程序员清风1 小时前
网易三面:Java中默认使用的垃圾回收器及特点分版本说说?
java·后端·面试
这周也會开心1 小时前
本地部署javaweb项目到Tomcat的三种方法
java·tomcat