本文详细介绍了如何在Spring Boot项目中配置Spring Security安全框架,包括引入相关依赖、配置HttpSecurity对象来设定路由策略和访问权限,以及使用自定义密码编码器进行用户认证。
引入依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.6.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<groupId>com.example</groupId>
<artifactId>springbootdemo</artifactId>
<version>0.0.1-SNAPSHOT</version>
<name>springbootdemo</name>
<description>Demo project for Spring Boot</description>
<properties>
<java.version>1.8</java.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-jdbc</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.mybatis.spring.boot</groupId>
<artifactId>mybatis-spring-boot-starter</artifactId>
<version>2.1.0</version>
</dependency>
<dependency>
<groupId>mysql</groupId>
<artifactId>mysql-connector-java</artifactId>
<scope>runtime</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>
</project>
配置Security
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity httpSecurity) throws Exception{
//路由策略和访问的简单配置
httpSecurity
.formLogin() //启动默认登录
.failureUrl("/login?error") //失败跳转页面
.defaultSuccessUrl("/helloSpringboot") // 成功跳转页面
.permitAll(); //登录页面全部权限可访问
super.configure(httpSecurity);
}
/**
* 配置内存用户
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception{
/*auth
.inMemoryAuthentication()
.withUser("xiaoli").password("123").roles("ADMIN")
.and()
.withUser("xiaoming").password("123").roles("USER");*/
auth
.inMemoryAuthentication()
.passwordEncoder(new MyPasswordEncoder())
.withUser("xiaoming").password("123").roles("ADMIN")
.and()
.passwordEncoder(new MyPasswordEncoder())
.withUser("xiaolizi").password("123").roles("USER");
}
}
上面是原始的,在新版本更新后 官方不推荐不加密 所以只能自己构造一个没有加密的。
public class MyPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}
不这样写会出现一直出现There is no PasswordEncoder mapped for the id “null” 这样的问题。
- @EnableWebSecurity 开启Security安全框架
- configure 方法:
- configureGlobal 方法
扫一扫
733
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
