基于狂神说springboot中讲到的SpringSecurity的总结笔记

SpringSecurity

<!--依赖-->
<dependency>
     <groupId>org.springframework.boot</groupId>
     <artifactId>spring-boot-starter-security</artifactId>
 </dependency>
// 需要先配置一个config的类
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 
@EnableWebSecurity // 开启WebSecurity模式
public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        
    }
}


@Override
protected void configure(HttpSecurity http) throws Exception {
    // 定制请求的授权规则
    // 首页所有人可以访问
    http.authorizeRequests().antMatchers("/").permitAll()
                .antMatchers("/mail/**").hasAnyRole("mail")
}

//在configure()方法中加入以下配置,开启自动配置的登录功能!
http.formLogin();
@Override
protected void configure(HttpSecurity http) throws Exception {
    //....
    //开启自动配置的注销的功能
       // /logout 注销请求
    http.logout();
}
<a class="item" th:href="@{/logout}">
   注销
</a>
// .logoutSuccessUrl("/"); 注销成功来到首页
http.logout().logoutSuccessUrl("/");
@Override
protected void configure(HttpSecurity http) throws Exception {
    //。。。。。。。。。。。
    //记住我
    http.rememberMe(); //默认保留14天
}

自定义登录的页面

http.formLogin().loginPage("/toLogin");
<a class="item" th:href="@{/toLogin}">
         登录
    </a>

<form th:action="@{/login}" method="post">
    <div class="field">
        <label>Username</label>
        <div class="ui left icon input">
            <input type="text" placeholder="Username" name="username">
            <i class="user icon"></i>
        </div>
    </div>
    <div class="field">
        <label>Password</label>
        <div class="ui left icon input">
            <input type="password" name="password">
            <i class="lock icon"></i>
        </div>
    </div>
    <input type="submit" class="ui blue submit button"/>
</form>

设置验证处理

http.formLogin()
    .usernameParameter("username") // 前端表单传的username
    .passwordParameter("password") // 前端表单传的password
    .loginPage("/toLogin")
    .loginProcessingUrl("/login"); // 登陆表单提交请求

自定义设置一个记住我功能

<input type="checkbox" name="remember"> 记住我

后端验证处理!

//定制记住我的参数!
http.rememberMe().rememberMeParameter("remember");

完整的测试类

package com.me.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/").permitAll()
                .antMatchers("/mail/**").hasAnyRole("mail");

        http.formLogin();
        http.logout().logoutSuccessUrl("/");
    }

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
		// 这是一个直接设置账号与密码的
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("me").password(new BCryptPasswordEncoder().encode("123456")).roles("mail")
                .and()
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("mail");
    }

}

原视频:https://www.bilibili.com/video/BV1PE411i7CV?p=34

上一篇:SpringSecurity基本原理和使用


下一篇:spring security 授权方式(自定义)及源码跟踪