一、spring security 功能
spring security 的核心功能主要包括:
认证(你是谁),授权(你能干什么),攻击防护(防止伪造身份)
二、简单demo
1.首先在自己新建好的spring boot项目引入以下依赖
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-thymeleaf</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
2.然后在src/main/resources/templates/目录下创建页面:
index.html
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<div align="center">
<h2>index</h2>
<p>Click <a href="@{/test}" target="_blank" rel="external nofollow" >here</a> to test.html.</p>
Hello <span id="name"></span>,welcome to index page!
</div>
</body>
</html>
login.html
<!DOCTYPE html>
<html >
<head>
<title>Spring Security Example </title>
</head>
<body>
<form action="@{/login}" method="post">
<div><label> User Name : <input type="text" name="username"/> </label></div>
<div><label> Password: <input type="password" name="password"/> </label></div>
<div><input type="submit" value="Sign In"/></div>
</form>
</body>
</html>
test.html
<!DOCTYPE html>
<html >
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<div align="center">
<h2>test</h2>
Hello <span id="name"></span>,welcome to test page!
</div>
</body>
</html>
3.编写视图跳转
以下代码的作用,就是省略了写方法跳转页面,详细的解释参考我前面的博客
https://blog.csdn.net/bird_tp/article/details/106098481
@Configuration
public class IntercepterConfig implements WebMvcConfigurer {
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/test").setViewName("test");
registry.addViewController("/index").setViewName("index");
registry.addViewController("/").setViewName("index");
registry.addViewController("/login").setViewName("login");
}
}
4.Spring Security配置
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
/**
* @ClassName: WebSecurityConfig
* @Author: tanp
* @Description: ${description}
* @Date: 2020/6/2 16:20
*/
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
//开启登录配置
http.authorizeRequests()
//表示所有用户都可以直接访问home,/ 两个接口
.antMatchers("/index").permitAll()
//表示剩余的其他接口,登录之后就能访问
.anyRequest().authenticated()
.and().formLogin()
//定义登录页面,未登录时,访问一个需要登录之后才能访问的接口,会自动跳转到该页面
.loginPage("/login").permitAll()
.and().logout().permitAll();
}
}
三、结果验证
根据以上的代码,你就已经就spring security配置到spring boot项目中来了,并且已经实现了一个简单的页面拦截,这是时候,你启动项目,访问index接口,你可以成功跳转inex页面,但你若访问test页面,则会被拦截,然后跳转到login页面去。
当时在实际的企业应用用,肯定需要结合登录对象来(大多数定义为user),根据user对象具有哪些角色,哪些权限,可以访问什么页面,这个在下一篇博客里讲解,这一篇仅仅简单的展示下配置和拦截
![Spring Security - 用户密码配置[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)