pom.xml的依赖:
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
springsecurity的配置文件:WebSecurityConfig.java
import org.aspectj.weaver.ast.And;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Autowired
private PasswordEncoder passwordEncoder;
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
// auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
//这里的roles这个角色完全没有意义,就是个lable标签。实际意义在后面的ROLE_user这个上。
auth.inMemoryAuthentication()
.withUser("user1").password(passwordEncoder.encode("123")).roles("user").authorities("perms1").and()
.withUser("user2").password(passwordEncoder.encode("123")).roles("user").authorities("perms2","ROLE_user").and()
.withUser("admin").password(passwordEncoder.encode("123")).roles("admin").authorities("adminperms1","adminperms2","ROLE_admin").and()
.withUser("supper").password(passwordEncoder.encode("123")).roles("admin","user").authorities("adminperms1","adminperms2","perms1","perms2","ROLE_admin","ROLE_user").and()
.passwordEncoder(passwordEncoder);
//配置auth的加密方式为passwordEncoder
}
@Override
public void configure(WebSecurity web) throws Exception {
//这个是用来忽略一些url地址,对其不进行校验,通常用在一些静态文件中。
web.ignoring().antMatchers("/js/**","/css/**","/images/**");
}
@Override
protected void configure(HttpSecurity http) throws Exception {
//以下五步是表单登录进行身份认证最简单的登陆环境
http.authorizeRequests().antMatchers("/domylogin","/mylogin.html","/login").permitAll().and()
//表单登陆 1
.formLogin()
.loginPage("/mylogin.html")
.loginProcessingUrl("/domylogin")
.defaultSuccessUrl("/home.html")
.failureUrl("/mylogin.html")
.and() //2
.authorizeRequests() //下面的都是授权的配置 3
.anyRequest() //任何请求 4
.authenticated() //访问任何资源都需要身份认证 5
.and().csrf().disable();
}
}
使用了PasswordEncoder,添加PasswordEncoder的注入配置:PasswordEncoderConfig.java
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class PasswordEncoderConfig {
@Bean
public PasswordEncoder passwordEncoder() {
return new BCryptPasswordEncoder();
}
}
标签:配置,springframework,springsecurity,passwordEncoder,import,org,security,annotation From: https://blog.51cto.com/lenglingx/6390792