Security配置类
使用SpringBoot整合Security安全登录配置
依赖
<!-- spring security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!-- thymeleaf -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
配置类
/**
* 权限配置
*/
@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启全局注解
@EnableWebSecurity//开启服务
public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
// 配置拦截规则
http.csrf().disable()
.authorizeRequests()
.antMatchers("/css/**","/img/**","/js/**","/plugins/**","/*.html").permitAll()//都可以访问
.antMatchers("/admin/**").hasRole("LEVEL1")//需要相应的角色才能访问
.anyRequest()
.authenticated()
.and()
.httpBasic();
// 配置登录功能
http.formLogin()
.loginPage("/login") // 登录页
.loginProcessingUrl("/login") //自定义登录页面后端接口地址
.usernameParameter("userName") //登录页面用户名属性名
.passwordParameter("passWord") //登录页面密码属性名
.defaultSuccessUrl("/admin") // 登入成功后,跳转至指定页面
.failureUrl("/login")//登录失败页面
.permitAll() ;
//关闭跨站请求伪造保护
//http.csrf().disable();
//支持内置框架iframe
http.headers().frameOptions().sameOrigin();
// 注销成功跳转首页
http.logout()
//自定义退出配置
//.logoutUrl()
.logoutSuccessUrl("/login");//不配置默认登录页,指定退出到指定页
//开启记住我功能
http.rememberMe().rememberMeParameter("remeber");
}
/**
* 自定义认证数据源
*/
/*@Override
protected void configure(AuthenticationManagerBuilder builder) throws Exception{
builder.userDetailsService(userDetailService())
.passwordEncoder(passwordEncoder());
}
@Bean
public UserDetailServiceImpl userDetailService (){
return new UserDetailServiceImpl () ;
}
*//**
* 密码加密
*//*
@Bean
public BCryptPasswordEncoder passwordEncoder(){
return new BCryptPasswordEncoder();
}*/
//硬编码几个用户
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("spring").password("123456").roles("LEVEL1","LEVEL2");
auth.inMemoryAuthentication()
.withUser("summer").password("123456").roles("LEVEL2","LEVEL3");
auth.inMemoryAuthentication()
.withUser("autumn").password("123456").roles("LEVEL1","LEVEL3");
}
}
自定义认证用户
需要实现UserDetailsService 接口,根据 username从数据库读取对应的密码、权限并封装到User中,权限都添加在GrantedAuthority集合里
@Component
public class UserDetailServiceImpl implements UserDetailsService {
@Reference(version = "1.0",interfaceClass = SellerService.class)
private SellerService sellerService;
@Override
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
Seller seller = sellerService.findOne(username);
//认证权限
List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_LEVEL1"));
System.out.println(seller.getStatus());
if (seller != null){
if (seller.getStatus().equals("1")){
return new User(username,seller.getPassword(),grantedAuthorities);
}else {
return null;
}
}
return null;
}
}
控制器
注意此处进首页时,由于配置了角色权限,只允许登录后才可以访问admin下的文件,所以会自动重定向到登录页(/login),登录成功才会跳转到访问页(“/admin”,“/admin/index”,”/admin/index.html)
/**
* 首页
*/
@RequestMapping(value = {"/admin","/admin/index","/admin/index.html"})
public String index (){
return "/admin/index" ;
}
/**
* 登录页
*/
@RequestMapping("/login")
public String loginPage (){
return "/login" ;
}
版权声明:本文为weixin_45534157原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。