spring boot security
1.这里面安装这个
2.跑起来发现,给了我们一个密码
3.我们直接访问本地的localhost:8080/login,默认用户名是user
4. 这里设置默认的账号密码
5.我们新建一个security文件夹,DemoSecurityConfig类
package com.example18.example_18.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.provisioning.InMemoryUserDetailsManager; @Configuration public class DemoSecurityConfig { @Bean public InMemoryUserDetailsManager userDetailsManager(){ UserDetails join= User.builder() .username("john") .password("{noop}test123") .roles("EMPLOYEE") .build(); UserDetails mary= User.builder() .username("mary") .password("{noop}test123") .roles("EMPLOYEE","MANAGER") .build(); UserDetails susan= User.builder() .username("susan") .password("{noop}test123") .roles("EMPLOYEE","MANAGER","ADMIN") .build(); return new InMemoryUserDetailsManager(join,mary,susan); } }
6.我们访问发现没授权
把上面的账号密码输入,成功了
7.通过角色来分批管理,DemoSecurityConfig 类
package com.example18.example_18.security; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.HttpMethod; import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.core.userdetails.User; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.provisioning.InMemoryUserDetailsManager; import org.springframework.security.web.SecurityFilterChain; @Configuration public class DemoSecurityConfig { @Bean public InMemoryUserDetailsManager userDetailsManager(){ UserDetails join= User.builder() .username("john") .password("{noop}test123") .roles("EMPLOYEE") .build(); UserDetails mary= User.builder() .username("mary") .password("{noop}test123") .roles("EMPLOYEE","MANAGER") .build(); UserDetails susan= User.builder() .username("susan") .password("{noop}test123") .roles("EMPLOYEE","MANAGER","ADMIN") .build(); return new InMemoryUserDetailsManager(join,mary,susan); } @Bean public SecurityFilterChain filterChain(HttpSecurity http) throws Exception{ http.authorizeHttpRequests(configurer -> configurer .requestMatchers(HttpMethod.GET,"/students").hasRole("MANAGER") ); // use HTTP Basic authentication http.httpBasic(Customizer.withDefaults()); //disable Cross site Request Forgery http.csrf(csrf -> csrf.disable()); return http.build(); } }
8.如何利用支持数据库的来查询
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 分享一个免费、快速、无限量使用的满血 DeepSeek R1 模型,支持深度思考和联网搜索!
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· ollama系列01:轻松3步本地部署deepseek,普通电脑可用
· 25岁的心里话
· 按钮权限的设计及实现
2023-11-15 nodejs 后端要学的流程基础图
2023-11-15 45 个 Git 经典操作场景,专治不会合代码[转-来自知乎]
2023-11-15 如果我有一个项目,我git如何恢复到3个月前的日志,然后再强推到github项目上,但是项目的内容不是3个月前的,是最新的