SpringSecurity
<!--依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
// 需要先配置一个config的类
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity // 开启WebSecurity模式
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
}
}
@Override
protected void configure(HttpSecurity http) throws Exception {
// 定制请求的授权规则
// 首页所有人可以访问
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/mail/**").hasAnyRole("mail")
}
//在configure()方法中加入以下配置,开启自动配置的登录功能!
http.formLogin();
@Override
protected void configure(HttpSecurity http) throws Exception {
//....
//开启自动配置的注销的功能
// /logout 注销请求
http.logout();
}
<a class="item" th:href="@{/logout}">
注销
</a>
// .logoutSuccessUrl("/"); 注销成功来到首页
http.logout().logoutSuccessUrl("/");
@Override
protected void configure(HttpSecurity http) throws Exception {
//。。。。。。。。。。。
//记住我
http.rememberMe(); //默认保留14天
}
自定义登录的页面
http.formLogin().loginPage("/toLogin");
<a class="item" th:href="@{/toLogin}">
登录
</a>
<form th:action="@{/login}" method="post">
<div class="field">
<label>Username</label>
<div class="ui left icon input">
<input type="text" placeholder="Username" name="username">
<i class="user icon"></i>
</div>
</div>
<div class="field">
<label>Password</label>
<div class="ui left icon input">
<input type="password" name="password">
<i class="lock icon"></i>
</div>
</div>
<input type="submit" class="ui blue submit button"/>
</form>
设置验证处理
http.formLogin()
.usernameParameter("username") // 前端表单传的username
.passwordParameter("password") // 前端表单传的password
.loginPage("/toLogin")
.loginProcessingUrl("/login"); // 登陆表单提交请求
自定义设置一个记住我功能
<input type="checkbox" name="remember"> 记住我
后端验证处理!
//定制记住我的参数!
http.rememberMe().rememberMeParameter("remember");
完整的测试类
package com.me.config;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().antMatchers("/").permitAll()
.antMatchers("/mail/**").hasAnyRole("mail");
http.formLogin();
http.logout().logoutSuccessUrl("/");
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// 这是一个直接设置账号与密码的
auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
.withUser("me").password(new BCryptPasswordEncoder().encode("123456")).roles("mail")
.and()
.withUser("admin").password(new BCryptPasswordEncoder().encode("123456")).roles("mail");
}
}
原视频:https://www.bilibili.com/video/BV1PE411i7CV?p=34