Spring Security學(xué)習(xí)筆記（一）

更新時(shí)間：2020年09月03日 09:23:28 作者：mySoul

這篇文章主要介紹了Spring Security的相關(guān)資料，幫助大家開(kāi)始學(xué)習(xí)Spring Security框架，感興趣的朋友可以了解下

介紹

這里學(xué)習(xí)SpringSecurity，對(duì)SpringSecurity進(jìn)行學(xué)習(xí)。

基本用法

添加依賴(lài)

<dependency>
  <groupId>org.springframework.boot</groupId>
  <artifactId>spring-boot-starter-security</artifactId>
</dependency>

添加接口

package com.example.demo.web;

import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class Test {
  @RequestMapping("/test")
  public String test(){
    return "test";
  }
}

啟動(dòng)項(xiàng)目

可以看到日志中，已經(jīng)有了密碼

訪問(wèn)接口，此時(shí)已經(jīng)有了登錄頁(yè)面

輸入用戶(hù)名和密碼

用戶(hù)名： user
密碼 984cccf2-ba82-468e-a404-7d32123d0f9c

此時(shí)已經(jīng)登錄成功

配置用戶(hù)名和密碼

在配置文件中，進(jìn)行配置

spring:
security:
user:
name: ming
password: 123456
roles: admin

輸入用戶(hù)名和密碼，可以正常登錄

基于內(nèi)存的認(rèn)證

需要自定義類(lèi)繼承 WebSecurityConfigurerAdapter
實(shí)現(xiàn)自定義的配置
這里基于內(nèi)存的配置，如下

package com.example.demo.config;

import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


@Configuration
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
  @Bean
  PasswordEncoder passwordEncoder(){
    return NoOpPasswordEncoder.getInstance();
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
        .withUser("admin").password("123").roles("admin");
  }
}

這里基于內(nèi)存的配置

HttpSecurity

這里對(duì)某些方法進(jìn)行攔截

package com.ming.demo.interceptor;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.rememberme.TokenBasedRememberMeServices;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
  //基于內(nèi)存的用戶(hù)存儲(chǔ)
  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth.inMemoryAuthentication()
        .withUser("itguang").password("123456").roles("USER").and()
        .withUser("admin").password("{noop}" + "123456").roles("ADMIN");
  }





  //請(qǐng)求攔截
  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http.authorizeRequests()
        .anyRequest().permitAll()
        .and()
        .formLogin()
        .permitAll()
        .and()
        .logout()
        .permitAll();
  }


}

這里成功完成了post請(qǐng)求進(jìn)行登錄驗(yàn)證。

以上就是Spring Security學(xué)習(xí)筆記（一）的詳細(xì)內(nèi)容，更多關(guān)于Spring Security的資料請(qǐng)關(guān)注腳本之家其它相關(guān)文章！

您可能感興趣的文章: