<?xml version="1.0" encoding="UTF-8"?>

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

	xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">

	<modelVersion>4.0.0</modelVersion>

	<groupId>com.mb</groupId>

	<artifactId>tuia</artifactId>

	<version>0.0.1-SNAPSHOT</version>

	<packaging>jar</packaging>

	<name>tuia</name>

	<description>tuia project for Spring Boot</description>

	<parent>

		<groupId>org.springframework.boot</groupId>

		<artifactId>spring-boot-starter-parent</artifactId>

		<version>2.0.4.RELEASE</version>

		<relativePath/> <!-- lookup parent from repository -->

	</parent>

	<properties>

		<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>

		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>

		<java.version>1.8</java.version>

	</properties>

	<dependencies>

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-web</artifactId>

		</dependency>

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-thymeleaf</artifactId>

		</dependency>

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-test</artifactId>

			<scope>test</scope>

		</dependency>

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-security</artifactId>

		</dependency>

		<dependency>

			<groupId>org.springframework.boot</groupId>

			<artifactId>spring-boot-starter-data-jpa</artifactId>

		</dependency>

		<dependency>

			<groupId>org.thymeleaf.extras</groupId>

			<artifactId>thymeleaf-extras-springsecurity4</artifactId>

		</dependency>

		<dependency>

			<groupId>mysql</groupId>

			<artifactId>mysql-connector-java</artifactId>

			<version>5.1.40</version>

		</dependency>

		<dependency>

			<groupId>org.apache.commons</groupId>

			<artifactId>commons-lang3</artifactId>

			<version>3.4</version>

		</dependency>

		<dependency>

			<groupId>alipay</groupId>

			<artifactId>taobao-sdk-java-auto</artifactId>

			<version>1.0</version>

		</dependency>

	</dependencies>

	<build>

		<plugins>

			<plugin>

				<groupId>org.springframework.boot</groupId>

				<artifactId>spring-boot-maven-plugin</artifactId>

			</plugin>

		</plugins>

	</build>

</project>

package com.mb.tuia.Config;

import com.mb.tuia.Service.CustomUserService;

import com.mb.tuia.utils.MyPasswordEncoder;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.core.userdetails.UserDetailsService;

@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter { 

    @Bean

    UserDetailsService customUserService() {

        return new CustomUserService();

    }

    @Override

    protected void configure(HttpSecurity http) throws Exception {

        http

                .authorizeRequests() // 3

                .antMatchers("/index", "/css/**").permitAll() //4

                .antMatchers("/admin/**").hasAnyRole("ROLE_ADMIN", "ROLE_USER")

                .antMatchers("/user/**").hasAnyRole("ADMIN","USER")

                .antMatchers("/member/**").hasAnyRole("ADMIN")

                .and()                // 6

                .formLogin()

                .loginPage("/login").failureUrl("/login-error")

                //以下为iframe

                .and()

                .csrf().disable()

                .headers().frameOptions().sameOrigin();

    }

    @Autowired

    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception { // 7

        auth.userDetailsService(customUserService()).passwordEncoder(new MyPasswordEncoder());

    }

}

package com.mb.tuia.utils;

import org.springframework.security.crypto.password.PasswordEncoder;

public class MyPasswordEncoder implements PasswordEncoder {

    @Override

    public String encode(CharSequence charSequence) {

       // return charSequence.toString();

        return MD5Util.encrypt((String)charSequence);

    }

    @Override

    public boolean matches(CharSequence charSequence, String s) {

        return s.equals(MD5Util.encrypt((String)charSequence));

      //  return s.equals(charSequence.toString());

    }

}

在程序中获得当前登陆用户对应的对象。

UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext()

                .getAuthentication()

                .getPrincipal();