Spring Security学习笔记（一）

Spring Security学习笔记（一）

介绍

这里学习SpringSecurity，对SpringSecurity进行学习。

基本用法

添加依赖

org.springframework.boot

spring-boot-starter-security

添加接口

package com.example.demo.web;

import org.springframework.web.bind.annotation.RequestMapping;

import org.springframework.web.bind.annotation.RestController;

@RestController

@RequestMapping("/test")

public class Test {

@RequestMapping("/test")

public String test(){

return "test";

}

}

启动项目

可以看到日志中，已经有了密码

访问接口，此时已经有了登录页面

输入用户名和密码

用户名： user

密码 984cccf2-ba82-468e-a404-7d32123d0f9c

此时已经登录成功

配置用户名和密码

在配置文件中，进行配置

spring:

security:

user:

name: ming

password: 123456

roles: admin

输入用户名和密码，可以正常登录

基于内存的认证

需要自定义类继承 WebSecurityConfigurerAdapter

实现自定义的配置

这里基于内存的配置，如下

package com.example.demo.config;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.password.NoOpPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

@Configuration

public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {

@Bean

PasswordEncoder passwordEncoder(){

return NoOpPasswordEncoder.getInstance();

}

@Override

protected void configure(AuthenticationManagerBuilder auth) throws Exception {

auth.inMemoryAuthentication()

.withUser("admin").password("123").roles("admin");

}

}

这里基于内存的配置

HttpSecurity

这里对某些方法进行拦截

package com.ming.demo.interceptor;

import org.springframework.beans.factory.annotation.Autowired;

import org.springframework.context.annotation.Bean;

import org.springframework.context.annotation.Configuration;

import org.springframework.http.HttpMethod;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;

import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.crypto.password.PasswordEncoder;

import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;

@Configuration

@EnableWebSecurity

public class SecurityConfig extends WebSecurityConfigurerAdapter {

//基于内存的用户存储

@Override

public void configure(AuthenticationManagerBuilder auth) throws Exception {

auth.inMemoryAuthentication()

.withUser("itguang").password("123456").roles("USER").and()http://

.withUser("admin").password("{noop}" + "123456").roles("ADMIN");

}

//请求拦截

@Override

protected void configure(HttpSecurity http) throws Exception {

http.authorizeRequests()

.anyRequest().permitAll()

.and()

.formLogin()

.permitAll()

.and()

.logout()

.permitAll();

}

}

这里成功完成了post请求进行登录验证。

以上就是Spring Security学习笔记（一）的详细内容，更多关于Spring Security的资料请关注我们其它相关文章！

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。