1、引入 Spring Security 模块

<dependency>
   <groupId>org.springframework.boot</groupId>
   <artifactId>spring-boot-starter-security</artifactId>
</dependency>

2、编写 Spring Security 配置类
参考官网：https://spring.io/projects/spring-security

package com.kuang.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity // 开启WebSecurity模式
public class SecurityConfig extends WebSecurityConfigurerAdapter {

   @Override
   protected void configure(HttpSecurity http) throws Exception {
          // 定制请求的授权规则
   // 首页所有人可以访问
   http.authorizeRequests().antMatchers("/").permitAll()
  .antMatchers("/level1/**").hasRole("vip1");
  // 开启自动配置的登录功能
		// /login 请求来到登录页
		// /login?error 重定向到这里表示登录失败
		http.formLogin();
		
		//开启自动配置的注销的功能
	    //logout 注销请求
	   	http.logout();
	   	
	   //记住我
	   http.rememberMe();
  }
     //定义认证规则
   @Override
   protected void configure(AuthenticationManagerBuilder auth) throws Exception {
   
  }
}