SpringSecurity入坑第一步:内存的权限验证与受权
构建依赖 pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"

     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"     xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"><modelVersion>4.0.0</modelVersion><groupId>com.shaojie.authority</groupId><artifactId>authority</artifactId><version>1.0-SNAPSHOT</version><parent>    <groupId>org.springframework.boot</groupId>    <artifactId>spring-boot-starter-parent</artifactId>    <version>2.2.0.RELEASE</version>    <relativePath/></parent><properties>    <java.version>1.8</java.version>    <maven.compiler.source>${java.version}</maven.compiler.source>    <maven.compiler.target>${java.version}</maven.compiler.target>    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>    <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>    <spring-cloud.version>Hoxton.RC1</spring-cloud.version></properties><!--治理依赖--><dependencyManagement>    <dependencies>        <dependency>            <groupId>org.springframework.cloud</groupId>            <artifactId>spring-cloud-dependencies</artifactId>            <version>Hoxton.RC1</version>            <type>pom</type>            <scope>import</scope>        </dependency>    </dependencies></dependencyManagement><dependencies>    <!--lombok-->    <dependency>        <groupId>org.projectlombok</groupId>        <artifactId>lombok</artifactId>    </dependency>    <dependency>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-web</artifactId>    </dependency>    <dependency>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-test</artifactId>    </dependency>    <dependency>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-thymeleaf</artifactId>    </dependency>    <!-- Spring Security -->    <dependency>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-security</artifactId>    </dependency>    <!--spring-data-jpa-->    <dependency>        <groupId>org.springframework.boot</groupId>        <artifactId>spring-boot-starter-data-jpa</artifactId>    </dependency>    <!--lombok-->    <dependency>        <groupId>org.projectlombok</groupId>        <artifactId>lombok</artifactId>    </dependency>    <!-- mysql -->    <dependency>        <groupId>mysql</groupId>        <artifactId>mysql-connector-java</artifactId>    </dependency>    <!-- druid 连接池 -->    <dependency>        <groupId>com.alibaba</groupId>        <artifactId>druid</artifactId>        <version>1.1.21</version>    </dependency></dependencies><build>    <plugins>        <plugin>            <groupId>org.springframework.boot</groupId>            <artifactId>spring-boot-maven-plugin</artifactId>        </plugin>    </plugins></build>

</project>
构建权限验证
package com.shaojie.authority.security;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**

  • @author ShaoJie
  • @Date 2019/10/25
    */

@Configuration
// 启动 SpringSecurity 的过滤器链
@EnableWebSecurity
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

@Beanpublic BCryptPasswordEncoder passwordEncoder() {    return new BCryptPasswordEncoder();}/** * 受权 * * @param auth * @throws Exception */// 代替配置文件 <security:authentication-manager></security:authentication-manager>@Overrideprotected void configure(AuthenticationManagerBuilder auth) throws Exception {    // 老版本的角色设置 在  springboot 2.0 当前 不能这样设置

// auth.inMemoryAuthentication()
// .withUser("shaojie").password("123456")
// .authorities("PRODUCT_ADD");

    // inMemoryAuthentication 内存验证    auth.inMemoryAuthentication()            .passwordEncoder(passwordEncoder())            .withUser("shaojie")            .password(passwordEncoder().encode("123456"))            // .roles("PRODUCT_ADD","PRODUCT_LIST");            // authorities 和 roles 都是设置权限 这里应用 roles 不能拜访 403            .authorities("PRODUCT_ADD", "PRODUCT_LIST");}/** * 验证 * * @param http * @throws Exception */// 代替配置文件 <security:http></security:http>@Overrideprotected void configure(HttpSecurity http) throws Exception {    http.authorizeRequests()            // antMatchers 设置拦挡的申请  hasAnyAuthority 设置所领有的角色拜访权限            .antMatchers("/product/add").hasAnyAuthority("PRODUCT_ADD")            .antMatchers("/product/update").hasAnyAuthority("PRODUCT_UPDATE")            .antMatchers("/product/list").hasAnyAuthority("PRODUCT_LIST")            .antMatchers("/product/delete").hasAnyAuthority("PRODUCT_DELETE")            // permitAll 所有的权限都能拜访            .antMatchers("/login").permitAll()            .antMatchers("/**")            // fullyAuthenticated 不容许匿名用户查看            .fullyAuthenticated()            .and()            // httpbasic 登录            // .httpBasic();            // 表单登录 登录申请的页面            .formLogin().loginPage("/login")            // 批改 spring 提供的 默认登陆参数            // .usernameParameter("name")            // .passwordParameter("password")            .and()            // 开启记住我性能            .rememberMe()            .and()            // 开启登出            .logout()            .and()            // 禁用跨域的爱护            .csrf().disable();}

}

构建谬误页面配置
验证没有权限时跳转

package com.shaojie.authority.security;

import org.springframework.boot.web.server.ConfigurableWebServerFactory;
import org.springframework.boot.web.server.ErrorPage;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;

/**

  • @author ShaoJie
  • @Date 2019/10/25
    */

@Configuration
public class ErrorPageConfig {

// 应用 WebServerFactoryCustomizer 接口替换 EmbeddedServletContainerCustomizer 组件实现对嵌入式Servlet容器的配置@Beanpublic WebServerFactoryCustomizer<ConfigurableWebServerFactory> webServerFactoryCustomizer(){    return new WebServerFactoryCustomizer<ConfigurableWebServerFactory>() {        @Override        public void customize(ConfigurableWebServerFactory factory) {            factory.addErrorPages(new ErrorPage(HttpStatus.FORBIDDEN,"/403"));        }    };}

}

login.html
<!DOCTYPE html>
<html lang="en" xmlns:th="http://www.thymeleaf.org">
<head>

<meta charset="UTF-8"><title>Title</title>

</head>
<body>

<h2>登录页面</h2><form th:action="@{/userlogin}" method="post">    账号:<input type="text" name="username"><br>    明码:<input type="password" name="password"><br>    <button type="submit">登录</button></form>

</body>
</html>
值得注意一下这里的<input>的属性name

官网源码 写的很分明 默认就是 username 和 password

 * protected void configure(HttpSecurity http) throws Exception { *         http.authorizeRequests().antMatchers(&quot;/**&quot;).hasRole(&quot;USER&quot;).and().formLogin() *                 .usernameParameter(&quot;username&quot;) // default is username *                 .passwordParameter(&quot;password&quot;) // default is password *                 .loginPage(&quot;/authentication/login&quot;) // default is /login with an HTTP get *                 .failureUrl(&quot;/authentication/login?failed&quot;) // default is /login?error *                 .loginProcessingUrl(&quot;/authentication/login/process&quot;); // default is /login *                                                                         // with an HTTP *                                                                         // post *     }

index.html
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"><title>我的页面</title>

</head>
<body>
以下是网站的性能

<a href="" th:href="@{product/add}">商品的增加</a><br><a href="" th:href="@{product/update}">商品批改</a><br><a href="" th:href="@{product/list}">商品的查问</a><br><a href="" th:href="@{product/delete}">商品的删除</a>

</body>
</html>
403.html
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"><title>谬误页面</title>

</head>
<body>

你没有权限拜访

</body>
</html>
add.html
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"><title>产品的减少</title>

</head>
<body>

产品的减少

</body>
</html>
delete.html
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"><title>产品的删除</title>

</head>
<body>

产品的删除

</body>
</html>

list.html
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"><title>产品的查问</title>

</head>
<body>

产品的查问

</body>
</html>
update.html
<!DOCTYPE html>
<html lang="en">
<head>

<meta charset="UTF-8"><title>产品的批改</title>

</head>
<body>

产品的批改

</body>
</html>
整体应用内存做受权验证, 后续整顿基于JDBC 做权限受权,整体一套下来的话,基本上对于springsecurity有一个根本的理解,入坑第一步倡议以根底动手,大部分的配置倡议查看官网源码 ,对于登出以及记住明码,细节在 源码HttpSecurity类中有具体阐明,这里不做过多的阐明。只提供根底的Demo示例

喜爱编程的,请关注我的博客https://www.lzmvlog.top/