使用Spring Security对接口实现访问权限

 

1         <!-- 加入security依赖 -->
2         <dependency>
3             <groupId>org.springframework.boot</groupId>
4             <artifactId>spring-boot-starter-security</artifactId>
5         </dependency>

 

 1 package com.example.demo.api.rest.api.config;
 2 
 3 import org.springframework.context.annotation.Bean;
 4 import org.springframework.context.annotation.Configuration;
 5 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 6 import org.springframework.security.core.userdetails.User;
 7 import org.springframework.security.core.userdetails.UserDetailsService;
 8 import org.springframework.security.crypto.factory.PasswordEncoderFactories;
 9 import org.springframework.security.provisioning.InMemoryUserDetailsManager;
10 import org.springframework.security.web.SecurityFilterChain;
11 
12 @Configuration
13 @SuppressWarnings("all")
14 public class WebSecurityConfig {
15 
16     private final static String ACCOUNT_CLIENT_AUTHORITY = "admin";
17 
18     //配置BASIC Auth账号密码
19     @Bean
20     UserDetailsService userDetailsService() {
21         InMemoryUserDetailsManager users = new InMemoryUserDetailsManager();
22         users.createUser(User.withUsername("aaa")
23                 .password(PasswordEncoderFactories.createDelegatingPasswordEncoder().encode("bbb"))
24                 .authorities(ACCOUNT_CLIENT_AUTHORITY).build());
25         return users;
26     }
27 
28     /**
29      * 配置不同接口访问权限
30      *
31      * @param http
32      * @return
33      * @throws Exception
34      * @ 备注:.authorizeRequests().antMatchers("/api/BasicAuth_no").permitAll() 允许访问/api/BasicAuth_no
35      */
36     @Bean
37     SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
38         return http
39                 .authorizeRequests().antMatchers("/api/BasicAuth-no").permitAll()
40                 .antMatchers("/**").hasAuthority(ACCOUNT_CLIENT_AUTHORITY).anyRequest().authenticated()
41                 .and()
42                 .httpBasic()
43                 .and()
44                 .csrf()
45                 .disable()
46                 .build();
47     }
48 }

然后写两个接口

 1 package com.example.demo.api.rest.api.controller;
 2 
 3 import org.springframework.web.bind.annotation.RequestBody;
 4 import org.springframework.web.bind.annotation.RequestMapping;
 5 import org.springframework.web.bind.annotation.RestController;
 6 
 7 @RestController
 8 @SuppressWarnings("all")
 9 @RequestMapping("api")
10 public class ApiController {
11 
12     /**
13      * http://localhost:8080/api/testBasicAuth-no
14      * @param body
15      * @return
16      */
17     @RequestMapping("BasicAuth-no")
18     public String BasicAuth_no(@RequestBody String body){
19         System.out.println(body);
20         return "不需要访问权限";
21     }
22 
23     @RequestMapping("BasicAuth-yes")
24     public String BasicAuth_yes(@RequestBody String body){
25         System.out.println(body);
26         return "需要访问权限";
27     }
28 }

测试1,访问:BasicAuth-no(不需要访问权限)

 

 

测试2,访问:BasicAuth-yes(需要访问权限)

一、没有使用账号密码,提示401

 

 二、使用账号密码,访问通过

 

posted @ 2022-11-25 21:04  勤快的懒羊羊  阅读(783)  评论(0编辑  收藏  举报