spring security使用

1、依赖

org.springframework.boot
spring-boot-starter-security

2、认证与授权

@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    //授权
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeHttpRequests().antMatchers("/").permitAll()
                .antMatchers("/level1").hasRole("vip1")
                .antMatchers("/level2").hasRole("vip2")
                .antMatchers("/level3").hasRole("vip3");


        http.formLogin().loginPage("/login").loginProcessingUrl("/toLogin").usernameParameter("username").passwordParameter("password");
        http.csrf().disable();
        http.rememberMe().rememberMeParameter("remember");
        http.logout().logoutSuccessUrl("/index");
    }
    //认证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("admin").password(new BCryptPasswordEncoder().encode("123")).roles("vip1", "vip2", "vip3")
                .and()
                .withUser("yan").password(new BCryptPasswordEncoder().encode("123")).roles("vip1", "vip2")
                .and()
                .withUser("gender").password(new BCryptPasswordEncoder().encode("123")).roles("vip1");
    }
}