Spring Security学习笔记(一)
介绍
这里学习SpringSecurity,对SpringSecurity进行学习。
基本用法
添加依赖
org.springframework.boot spring-boot-starter-security
添加接口
packagecom.example.demo.web;
importorg.springframework.web.bind.annotation.RequestMapping;
importorg.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/test")
publicclassTest{
@RequestMapping("/test")
publicStringtest(){
return"test";
}
}
启动项目
可以看到日志中,已经有了密码
访问接口,此时已经有了登录页面
输入用户名和密码
用户名:user
密码984cccf2-ba82-468e-a404-7d32123d0f9c
此时已经登录成功
配置用户名和密码
在配置文件中,进行配置
spring:
security:
user:
name:ming
password:123456
roles:admin
输入用户名和密码,可以正常登录
基于内存的认证
需要自定义类继承WebSecurityConfigurerAdapter
实现自定义的配置
这里基于内存的配置,如下
packagecom.example.demo.config;
importorg.springframework.context.annotation.Bean;
importorg.springframework.context.annotation.Configuration;
importorg.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
importorg.springframework.security.crypto.password.NoOpPasswordEncoder;
importorg.springframework.security.crypto.password.PasswordEncoder;
@Configuration
publicclassMyWebSecurityConfigextendsWebSecurityConfigurerAdapter{
@Bean
PasswordEncoderpasswordEncoder(){
returnNoOpPasswordEncoder.getInstance();
}
@Override
protectedvoidconfigure(AuthenticationManagerBuilderauth)throwsException{
auth.inMemoryAuthentication()
.withUser("admin").password("123").roles("admin");
}
}
这里基于内存的配置
HttpSecurity
这里对某些方法进行拦截
packagecom.ming.demo.interceptor;
importorg.springframework.beans.factory.annotation.Autowired;
importorg.springframework.context.annotation.Bean;
importorg.springframework.context.annotation.Configuration;
importorg.springframework.http.HttpMethod;
importorg.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
importorg.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
importorg.springframework.security.config.annotation.web.builders.HttpSecurity;
importorg.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
importorg.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
importorg.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
importorg.springframework.security.crypto.password.PasswordEncoder;
importorg.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;
@Configuration
@EnableWebSecurity
publicclassSecurityConfigextendsWebSecurityConfigurerAdapter{
//基于内存的用户存储
@Override
publicvoidconfigure(AuthenticationManagerBuilderauth)throwsException{
auth.inMemoryAuthentication()
.withUser("itguang").password("123456").roles("USER").and()
.withUser("admin").password("{noop}"+"123456").roles("ADMIN");
}
//请求拦截
@Override
protectedvoidconfigure(HttpSecurityhttp)throwsException{
http.authorizeRequests()
.anyRequest().permitAll()
.and()
.formLogin()
.permitAll()
.and()
.logout()
.permitAll();
}
}
这里成功完成了post请求进行登录验证。
以上就是SpringSecurity学习笔记(一)的详细内容,更多关于SpringSecurity的资料请关注毛票票其它相关文章!
声明:本文内容来源于网络,版权归原作者所有,内容由互联网用户自发贡献自行上传,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任。如果您发现有涉嫌版权的内容,欢迎发送邮件至:czq8825#qq.com(发邮件时,请将#更换为@)进行举报,并提供相关证据,一经查实,本站将立刻删除涉嫌侵权内容。