springboot+thymeleaf實現springsecurity
阿新 • • 發佈:2018-12-14
依賴:
<!--Spring Security的依賴--> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <!--Thymeleaf Spring Security依賴--> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity4</artifactId> </dependency>
controller類
@Controller public class MainController { @GetMapping("/") public String root() { return "redirect:/index"; } @GetMapping("/index") public String index() { return "index"; } /** * 獲取登入介面 * * @return */ @GetMapping("/login") public String login() { return "users/login"; } @GetMapping("/login-error") public String loginError(Model model) { model.addAttribute("loginError",true); model.addAttribute("errorMsg","登入失敗,使用者名稱或者密碼錯誤"); return "login"; } @GetMapping("/register") public String register() { return "register"; } @GetMapping("/search") public String search() { return "search"; } } config配置
@EnableWebSecurity @EnableGlobalMethodSecurity(prePostEnabled = true) // 啟用方法安全設定 public class SecurityConfig extends WebSecurityConfigurerAdapter { /** * 方法重寫 * * @param http * @throws Exception */ protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests() .antMatchers("/css/**","/js/**","/fonts/**","/index").permitAll()//都可以訪問 .antMatchers("//**").hasRole("ADMIN")//需要相應的角色才能訪問 .and() .formLogin()//基於Form表單登入驗證 .loginPage("/login").failureUrl("/login-error");//自定義登入介面 } /** * 認證資訊管理 * @param authenticationManagerBuilder * @throws Exception */ @Autowired public void configureGlobal(AuthenticationManagerBuilder authenticationManagerBuilder) throws Exception{ authenticationManagerBuilder.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("wangzhou").password(new BCryptPasswordEncoder().encode("123456")).roles("ADMIN"); // authenticationManagerBuilder.inMemoryAuthentication()//認證資訊儲存於記憶體中 // .withUser("admin").password("123456").roles("ADMIN"); } }
login.html
<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="http://www.thymeleaf.org"> </head> <body> <div class="container blog-content-container"> <form th:action="@{/login}" method="post"> <h2 >請登入</h2> <div class="form-group col-md-5"> <label for="username" class="col-form-label">賬號</label> <input type="text" class="form-control" id="username" name="username" maxlength="50" placeholder="請輸入賬號"> </div> <div class="form-group col-md-5"> <label for="password" class="col-form-label">密碼</label> <input type="password" class="form-control" id="password" name="password" maxlength="30" placeholder="請輸入密碼" > </div> <div class="form-group col-md-5"> <input type="checkbox" name="remember-me"> 記住我 </div> <div class="form-group col-md-5"> <button type="submit" class="btn btn-primary">登入</button> </div> <div class=" col-md-5" th:if="${loginError}"> <p class="blog-label-error" th:text="${errorMsg}"></p> </div> </form> </div> <!-- /container --> </body> </html>
index.html
<!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml" xmlns:sec="http://www.thymeleaf.org/thymeleaf-extras-springsecurity4"> <head > </head> <body> <!-- Page Content --> <div class="container blog-content-container"> <!--<div sec:authentication="isAuthenticated()">--> <p>已有使用者登入</p> <p>登入的使用者為:<span sec:authentication="name"></span></p> <p>使用者角色為:<span sec:authentication="principal.authorities"></span></p> </div> <!--<div sec:authentication="isAnonymous()">--> <!--<p>未有使用者登入</p>--> </div> </div> <!-- /.container --> </body> </html>
結果在登入頁面輸入admin,123456
得到