本文介绍如何在Spring Boot项目中使用Spring Security进行简单的登录验证配置。通过添加依赖、实现MyUserDetailService来加载用户详细信息,以及配置WebSecurityConfig以自定义登录页面和权限控制。
只开启了简单的登陆验证
添加依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
MyUserDetailService
@Override @Primary public UserDetails loadUserByUsername(String s)
throws UsernameNotFoundException {
User user = userMapper.selectByPrimaryKey(s);
if (user != null) {
List<GrantedAuthority> grantedAuthorities = new ArrayList<GrantedAuthority>();
grantedAuthorities.add(new SimpleGrantedAuthority(user.getRole()));
return new org.springframework.security.core.userdetails.User(user.getUsername(),
user.getPassword(), grantedAuthorities);
} else {
throw new UsernameNotFoundException("user<" + s + ">do not exist!");
}
}
WebSecurityConfig
@Configuration @EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true) // 启用方法级别的权限认证
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired private MyUserDetailService myUserDetailService;
@Override protected void configure(HttpSecurity http) throws Exception {
//super.configure(http);
http.csrf().disable();
http.headers().frameOptions().disable();//允许使用frame
http.authorizeRequests().antMatchers("/css/**", "/js/**", "/img/**", "/cdn/**", "/diploma/**")
.permitAll().anyRequest().authenticated().and().formLogin()
.loginPage("/login")// 登录url请求路径 (3)
.defaultSuccessUrl("/").permitAll().and() // 登录成功跳转路径url(4)
.logout().permitAll();
// http.logout().logoutSuccessUrl("/"); // 退出默认跳转页面 (5)
}
@Override protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.userDetailsService(myUserDetailService).passwordEncoder(passwordEncoder());
}
@Bean public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
扫一扫
1108
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
