spring boot Security 简单使用
spring boot Security 简单使用
引入依赖
<!-- security --><dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId></dependency>
配置 SecurityConfig@Configuration
br/>@Configuration
@Autowired UserDetailServiceImpl userDetailService; @Autowired LoginSuccessHandler loginSuccessHandler; @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { //自定义用户验证和加密方式 auth.userDetailsService(userDetailService).passwordEncoder(new BCryptPasswordEncoder()); } @Override protected void configure(HttpSecurity http) throws Exception { http.formLogin() // 定义当需要用户登录时候,转到的登录页面。 // .loginPage("/login.html") //自定义登录页面// .loginProcessingUrl("/login") //自定义登录接口地址 .successHandler(loginSuccessHandler) .and() // 定义哪些URL需要被保护、哪些不需要被保护 .authorizeRequests().antMatchers("/login").permitAll() //不需要保护的URL .anyRequest() // 任何请求,登录后可以访问 .authenticated() .and() .logout().logoutSuccessUrl("/login").permitAll() // 登出 .and() .csrf().disable(); }}
3.用户验证处理
@Component public class UserDetailServiceImpl implements UserDetailsService { /** * 用户校验 * @param s * @return * @throws UsernameNotFoundException */ @Override public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException { Collection<GrantedAuthority> collection = new ArrayList<>();//权限集合 String password = new BCryptPasswordEncoder().encode("123456"); User user = new User(s,password,collection); return user; } }
4.登录成功后处理
@Componentpublic class LoginSuccessHandler implements AuthenticationSuccessHandler { @Override public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException { httpServletResponse.setContentType("application/json;charset=UTF-8"); httpServletResponse.getWriter().write(authentication.getName()); }}
HttpSecurity 类还有很可以使用的函数
请参考:
https://docs.spring.io/spring-security/site/docs/3.2.4.RELEASE/apidocs/org/springframework/security/config/annotation/web/builders/HttpSecurity.html
----end----
声明:本站所有文章资源内容,如无特殊说明或标注,均为采集网络资源。如若本站内容侵犯了原著者的合法权益,可联系本站删除。
