Springboot整合Spring-security

最新推荐文章于 2025-04-17 17:52:16 发布

置顶李白爱耍酷

最新推荐文章于 2025-04-17 17:52:16 发布

阅读量200

点赞数

文章标签： spring java

本文链接：https://blog.youkuaiyun.com/weixin_43423541/article/details/108322503

版权

Springboot整合spring-security

1.创建springboot项目

2.引入相关依赖。

	spring-boot-starter-security
	mysql-connector-java
	persistence-api（mybaits注解支持）
	spring-security-core
	spring-boot-starter-thymeleaf
	//springboot对thymeleaf的支持
	thymeleaf-spring5
	thymeleaf-extras-java8time
	thymeleaf-extras-springsecurity5

3.编写domain、mapper的映射代码，使之能够正常对数据库进行增删改查。（配置application.properties）

4.编写spring-security的配置类。(SecurityConfig)

	import org.springframework.beans.factory.annotation.Autowired;
	import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
	import org.springframework.security.config.annotation.web.builders.HttpSecurity;
	import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
	import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
	import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
	import javax.sql.DataSource;
	@EnableWebSecurity
	public class SecurityConfig extends WebSecurityConfigurerAdapter {
	
	    @Autowired
	    private DataSource dataSource;
	    @Override
	    protected void configure(HttpSecurity http) throws Exception {
	        http.authorizeRequests().antMatchers("/").permitAll()
	                .antMatchers("/level1/**").hasRole("vip1")
	                .antMatchers("/level2/**").hasRole("vip2")
	                .antMatchers("/level3/**").hasRole("vip3");
	        http.formLogin()
	                .usernameParameter("username")
	                .passwordParameter("password")
	                .loginPage("/toLogin")
	                .loginProcessingUrl("/login");
	        http.rememberMe().rememberMeParameter("remember");
	        http.csrf().disable();
	        http.logout().logoutSuccessUrl("/");
	    }
	
	//    @Override
	//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	//        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
	//                .withUser("kuangshen").password(new BCryptPasswordEncoder().encode("123456")).roles("vip2","vip3")
	//                .and()
	//                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3")
	//                .and()
	//                .withUser("guest").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2");
	//    }
	
	    @Override
	    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
	        auth.jdbcAuthentication()
	                .dataSource(dataSource)
	                .usersByUsernameQuery("select username,password,enable from user where username = ?")
	                .authoritiesByUsernameQuery("select username,authority from role where username = ?")
	                .passwordEncoder(new BCryptPasswordEncoder());
	    }
	}

5.编写controller层代码，对页面的跳转进行控制。

6.编写前端页面，在前端页面中能够输出用户名。（对用户名是否显示进行控制）

	<!--如果未登陆-->
    <div sec:authorize="!isAuthenticated()">
        <a th:href="@{/toLogin}">登陆</a>
    </div>
    <!--如果已登陆-->
	<div sec:authorize="isAuthenticated()">
        <i>用户名:</i><span sec:authentication="principal.username"></span>
    </div>

7.对前端页面的信息显示进行控制。（若登陆用户拥有改角色，则显示）

	<div sec:authorize="hasAnyRole('vip1','vip2')">
    <a href="/level1/1">level1,111</a><br/>
    <a href="/level1/2">level1,222</a><br/>
    <a href="/level1/3">level1,333</a><br/>
    </div>

8.数据库如图所示。

	user表
		username
		password（加密）
		enable
	role表
		username
		authority（ROLE_vip1:数据需要有前缀）