springsecurity-01-0511
springsecurity-01-0511课堂代码
BaseController
package com.springsecurity.springsecurity.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @Controller public class BaseController { @RequestMapping({"/","/index"}) public String index(){ return "index"; } @RequestMapping("/tologin") public String toLogin(){ return "login"; } @RequestMapping("/welcome") public String toWelcome(){ return "welcome"; } @RequestMapping("/article-list") public String toArticleList(){ return "article/article-list"; } @RequestMapping("/product-brand") public String toProductBrand(){ return "product/product-brand"; } @RequestMapping("/product-category") public String toProductCategory(){ return "product/product-category"; } @RequestMapping("/product-list") public String toProductList(){ return "product/product-list"; } @RequestMapping("/member-list") public String toMemberList (){ return "member/member-list"; } @RequestMapping("/member-del") public String toMemberDel(){ return "member/member-del"; } @RequestMapping("/admin-role") public String toAdminRole (){ return "admin/admin-role"; } @RequestMapping("/admin-permission") public String toAdminPermission(){ return "admin/admin-permission"; } @RequestMapping("/admin-list") public String toAdminList(){ return "admin/admin-list"; } }
SecurityConfig
package com.springsecurity.springsecurity; import org.springframework.scheduling.annotation.EnableScheduling; import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { // 授权:设置权限(权限划分)和页面(四个菜单项)的访问关联 // admin 页面需要有admin权限 // article页面需要有article权限 // 等等 @Override protected void configure(HttpSecurity http) throws Exception { // 关闭springsecurity阻止Frame http.headers().frameOptions().disable(); // 请求访问需要的权限 http.authorizeRequests().antMatchers("/admin-role","/admin-permission","/admin-list").hasRole("admin") .antMatchers("/article-*").hasRole("article") .antMatchers("/member-*").hasRole("member") .antMatchers("/product-*").hasRole("product"); // 开启登录页面 默认/login springsecurity自带的 // http.formLogin(); // /login提交表单默认的用户名和密码的请求参数是:username和password,还能验证登录失败/login?err,登录成功跳转到首页 http.formLogin().loginPage("/tologin").loginProcessingUrl("/login"); // <from action="/login"> <input name="username"/> <input name=password/> // 阻止网络攻击的检测----/tologin关联/login出现 http.csrf().disable(); // 开启注销, 默认访问/logout,当用户确认注销跳转到/login?logout登录页面 http.logout(); // 开启记住用户 将用户信息保存在cookie中 http.rememberMe(); } // 认证:用户和权限绑定 @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { // 用户持久化:数据库 内存 // 101用户对应的权限article // SpringSecurity5.0 版本对于密码进行不同规则的加密 // passwordEncoder() // BCryptPasswordEncoder加密格式对密码进行加密 auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()) .withUser("101").password(new BCryptPasswordEncoder().encode("1")).roles("article").and() .withUser("102").password(new BCryptPasswordEncoder().encode("1")).roles("product").and() .withUser("103").password(new BCryptPasswordEncoder().encode("1")).roles("member").and() .withUser("104").password(new BCryptPasswordEncoder().encode("1")).roles("admin"); } }
浙公网安备 33010602011771号