spring security的簡單例子
1 pom.的主要檔案 我引入的thymeleaf-extras-springsecurity5,springboot2.1.6 <dependencies> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency>
<!-- https://mvnrepository.com/artifact/org.thymeleaf.extras/thymeleaf-extras-springsecurity4 --> <dependency> <groupId>org.thymeleaf.extras</groupId> <artifactId>thymeleaf-extras-springsecurity5</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-test</artifactId> <scope>test</scope> </dependency> </dependencies> 2 controller [@Controller](https://my.oschina.net/u/1774615)
public class KungfuController {
private final String PREFIX = "pages/"; @RequestMapping("/") public String index() { System.out.println("hello word"); return "welcome"; } @RequestMapping("/userlogin") public String loginPage() { return PREFIX+"login1"; } @GetMapping("/level1/{path}") public String level1(@PathVariable("path")String path) { return PREFIX+"level1/"+path; } @GetMapping("/level2/{path}") public String level2(@PathVariable("path")String path) { return PREFIX+"level2/"+path; } @GetMapping("/level3/{path}") public String level3(@PathVariable("path")String path) { return PREFIX+"level3/"+path; }
}
//配置下
@EnableWebSecurity public class mySecurity extends WebSecurityConfigurerAdapter {
//為啥引入這個bean ,因為在securety在5.0後使用系統的登入模板,預設把密碼給加密啦,這個寫的是不讓密碼加密
@Bean public static NoOpPasswordEncoder passwordEncoder() { return (NoOpPasswordEncoder) NoOpPasswordEncoder.getInstance(); } protected void configure(HttpSecurity http) throws Exception { //定製請求的授權規則 http.authorizeRequests().antMatchers("/").permitAll() .antMatchers("/level1/**").hasRole("VIP1") .antMatchers("/level2/**").hasRole("VIP2") .antMatchers("/level3/**").hasRole("VIP3"); //開啟自動登入的功能 http.formLogin(); //開啟自動配置的登出功能 http.logout().logoutSuccessUrl("/"); } public void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().withUser("mao").password("123").roles("VIP1","VIP2") .and().withUser("zhang").password("123").roles("VIP1","VIP3").and() .withUser("li").password("123").roles("VIP2","VIP3"); }
} //該模板都是尚學堂的
<!DOCTYPE html>
<html xmlns:th="http://www.thymeleaf.org"
xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<h1 align="center">歡迎光臨武林祕籍管理系統</h1>
<div sec:authorize="!isAuthenticated()">
<h2 align="center">遊客您好,如果想檢視武林祕籍 <a th:href="@{/login}">請登入</a></h2>
</div>
<div sec:authorize="isAuthenticated()">
<h2><span sec:authentication="name"></span>,您好,您的角色有:
<span sec:authentication="principal.authorities"></span></h2>
<form th:action="@{/logout}" method="post">
<input type="submit" value="登出"/>
</form>
</div>
<hr>
<div sec:authorize="hasRole('VIP1')"> <h3>普通武功祕籍</h3> <ul> <li><a th:href="@{/level1/1}">羅漢拳</a></li> <li><a th:href="@{/level1/2}">武當長拳</a></li> <li><a th:href="@{/level1/3}">全真劍法</a></li> </ul>
</div>
<div sec:authorize="hasRole('VIP2')"> <h3>高階武功祕籍</h3> <ul> <li><a th:href="@{/level2/1}">太極拳</a></li> <li><a th:href="@{/level2/2}">七傷拳</a></li> <li><a th:href="@{/level2/3}">梯雲縱</a></li> </ul>
</div>
<div sec:authorize="hasRole('VIP3')"> <h3>絕世武功祕籍</h3> <ul> <li><a th:href="@{/level3/1}">葵花寶典</a></li> <li><a th:href="@{/level3/2}">龜派氣功</a></li> <li><a th:href="@{/level3/3}">獨孤九劍</a></li> </ul> </div>
</body> </html> 參考文獻: 【1】https://docs.spring.io/spring-security/site/docs/current/guides/html5/helloworld-boot.html
【2】尚學堂