spring boot Security 简单使用
引入依赖
<!-- security -->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
配置 SecurityConfig@Configuration
br/>@Configuration
@Autowired
UserDetailServiceImpl userDetailService;
@Autowired
LoginSuccessHandler loginSuccessHandler;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//自定义用户验证和加密方式
auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder());
}
@Override
protected void configure(HttpSecurity http) throws Exception {
http.formLogin() // 定义当需要用户登录时候,转到的登录页面。
// .loginPage("/login.html") //自定义登录页面
// .loginProcessingUrl("/login") //自定义登录接口地址
.successHandler(loginSuccessHandler)
.and()
// 定义哪些URL需要被保护、哪些不需要被保护
.authorizeRequests().antMatchers("/login").permitAll() //不需要保护的URL
.anyRequest() // 任何请求,登录后可以访问
.authenticated()
.and()
.logout().logoutSuccessUrl("/login").permitAll() // 登出
.and()
.csrf().disable();
}
}
3.用户验证处理
@Component
public class UserDetailServiceImpl implements UserDetailsService {
/**
* 用户校验
* @param s
* @return
* @throws UsernameNotFoundException
*/
@Override
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
Collection<GrantedAuthority> collection = new ArrayList<>();//权限集合
String password = new BCryptPasswordEncoder().encode("123456");
User user = new User(s,password,collection);
return user;
}
}
4.登录成功后处理
@Component
public class LoginSuccessHandler implements AuthenticationSuccessHandler {
@Override
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
httpServletResponse.getWriter().write(authentication.getName());
}
}
HttpSecurity 类还有很可以使用的函数
请参考:
https://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html
----end----
免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。