SpringSecurity02 表单登录、SpringSecurity配置类

1 功能需求

  springSecuriy默认的登录窗口是一个弹出窗口,而且会默认对所有的请求都进行拦截;要求更改登录页面(使用表单登录)、排除掉一些请求的拦截

 

2 编写一个springSecurity配置类

  继承 WebSecurityConfigurerAdapter 类,并重写两个configure方法   

package cn.xiangxu.spring_security_system;

//import cn.xiangxu.spring_security_system.service.MyUserService;
import cn.xiangxu.spring_security_system.utils.MyPasswordEncoder;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

/**
 * 权限服务类
 */
@Configuration // 等同于XML中的beans
@EnableWebSecurity // 开启webSecurity功能
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

//    @Autowired
//    private MyUserService myUserService;

//    @Override
//    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
//
//        // 直接将用户信息和权限写死
////        auth.inMemoryAuthentication()
////                .withUser("admin")
////                .password("123456")
////                .roles("ADMIN");
////        auth.inMemoryAuthentication()
////                .withUser("wys")
////                .password("123456")
////                .roles("ADMIN");
////        auth.inMemoryAuthentication()
////                .withUser("demo")
////                .password("123456")
////                .roles("USER");
//
//        auth.userDetailsService(myUserService).passwordEncoder(new MyPasswordEncoder()); // 利用自定义的UserService进行管理
//    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()
                .antMatchers("/").permitAll() // 主页面请求拦截排除
                .anyRequest().authenticated()  // 除主页面外的所有请求都会被拦截
                .and()
                .logout().permitAll() // 注销请求拦截排除
                .and()
                .formLogin(); // 设置使用表单登录的方式
        http.csrf().disable(); // 关闭csrf验证
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        // 拦截排除设置
        web.ignoring().antMatchers("/js/**", "/css/**", "/images/**");
    }


}
权限配置类

  技巧01:@Configuration 就相当于xml配置文件中的beans,@Bean就相当于XML配置文件中的bean

  

3 编写一些接口用于测试

  注意:为了简便,我直接将测试接口写在了启动类中

package cn.xiangxu.spring_security_system;

import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;

@SpringBootApplication
@RestController
//@EnableGlobalMethodSecurity(prePostEnabled = true) // 开启@PreAuthorize注解
public class SpringSecuritySystemApplication {

    public static void main(String[] args) {
        SpringApplication.run(SpringSecuritySystemApplication.class, args);
    }

    @GetMapping(value = "/")
    public String home() {
        return "Welcome to study springSecurity.";
    }

    @GetMapping(value = "/hello")
    public String hello() {
        return "hello boy";
    }

//    @PreAuthorize("hasRole('ROLE_ADMIN')") // 设定权限校验:只用ADMIN角色才能调用该接口
    @GetMapping("/roleAuth")
    public String role() {
        return "admin role";
    }
}
View Code

  3.1 访问主页面 http://127.0.0.1:8080/ 时跳过了登录验证

    原因:我们在springSecurity配置类中排除了 http://127.0.0.1:8080/ 请求(即:http://127.0.0.1:8080/ 会默认不进行登录验证)

    

  3.2 访问hello页面 http://127.0.0.1:8080/hello 时自动跳转到了登录页面

    技巧01:登录名默认是user,登录密码在控制台打印出来了

    

 

posted @ 2017-12-06 15:35  寻渝记  阅读(365)  评论(0编辑  收藏  举报