spring boot 3.x 配置spring security
2024-10-21 03:22:13
参考文章:https://spring.io/guides/gs/securing-web/
导入maven
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
配置spring security
package com.example.springboottest.config;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.SecurityFilterChain;
@Configuration
@EnableWebSecurity
public class BaseConfiguration {
/**
* 用户信息服务(配置用户账号、密码、角色)
* @param passwordEncoder 密码加密器
* @return 在内存用户详细信息管理器中
*/
@Bean
public InMemoryUserDetailsManager userDetailsService(PasswordEncoder passwordEncoder) {
UserDetails user = User.withUsername("user")
.password(passwordEncoder.encode("123456"))
.roles("user")
.build();
UserDetails admin = User.withUsername("admin")
.password(passwordEncoder.encode("123456"))
.roles("user", "admin")
.build();
return new InMemoryUserDetailsManager(user, admin);
}
/**
* 过滤链
* @param http http安全实例
* @return 安全过滤链实例
* @throws Exception
*/
@Bean
public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
http
.authorizeHttpRequests(resp -> {
resp.requestMatchers("/", "/index").permitAll();
resp.requestMatchers("/hello").hasRole("admin");
})
.formLogin(form -> {
form.loginPage("/login").defaultSuccessUrl("/index").permitAll();
})
.logout(logout -> {
logout.permitAll();
});
return http.build();
}
/**
* 密码加密器
* @return 密码加密器的实例
*/
@Bean
public PasswordEncoder passwordEncoder() {
PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
return encoder;
}
}
login页面
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org">
<head>
<title>Spring Security Example </title>
</head>
<body>
<form th:action="@{/login}" method="post">
<div><label> User Name : <input type="text" name="username"/> </label></div>
<div><label> Password: <input type="password" name="password"/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>
最新文章
- 吐槽CodeDom
- 基础篇之 Create Type
- meeting room I & II
- finla变量,方法和类
- Java API —— File类
- PHP扩展开发(5) - PHP常量的定义和读取
- Oracle中使用透明网关链接到Sqlserver[Z]
- svn 提交 working copy is not up-to-date
- JavaScript学习一之数据校验
- (五)jdk8学习心得之默认方法
- 我对领域驱动设计(DDD)的学习成果
- java开发之——[接口回调]
- Sharding-JDBC读写分离
- 第07章:MongoDB-CRUD操作--文档--创建
- 设计模式学习---UML常见关系的实现
- 【LOJ】#2546. 「JSOI2018」潜入行动
- 【DB2】查看表空间对应的物理文件地址
- [转载]如何在C++03中模拟C++11的右值引用std::move特性
- Codeforces Round #FF (Div. 1) A. DZY Loves Sequences 动态规划
- day 7 引用
热门文章
- 【机器学习】李宏毅——自注意力机制(Self-attention)
- js修改数组中的属性名
- [数据与分析可视化] D3入门教程2-在d3中构建形状
- [WPF]ICommand最佳使用方法
- scratch图形化编程教程
- Echarts自适应屏幕,无需刷新网页,可根据屏幕大小完美展现,内有详细代码注释,我可真是个小机灵~~O(∩_∩)O哈哈~
- 玩转web3第一篇——web3-react
- Java 进阶P-4.2+P-4.3
- 报错One record is expected, but the query result is multiple records
- Task记录1.CancellationToken 取消Task任务的操作