springboot + springsecurity6.x的配置securityConfig.java
登录页面的DIY
| @Bean |
| public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { |
| http.authorizeHttpRequests(author -> |
| author.requestMatchers("/login").permitAll() |
| .anyRequest().authenticated() |
| ); |
| |
| http.formLogin(login-> |
| login.loginPage("/login").permitAll() |
| .loginProcessingUrl("/login") |
| .defaultSuccessUrl("/index") |
| ); |
| |
| http.csrf(Customizer.withDefaults()); |
| http.logout(logout-> logout.invalidateHttpSession(true)); |
| return http.build(); |
| } |
认证和授权
| @Configuration |
| @EnableWebSecurity |
| public class SecurityConfig { |
| @Bean |
| public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { |
| http.authorizeHttpRequests(author -> |
| |
| author |
| .requestMatchers("/admin/api").hasAuthority("admin:api") |
| .requestMatchers("/user/api").hasAnyAuthority("admin:api","user:api") |
| .requestMatchers("/app/api").permitAll() |
| .requestMatchers("/login").permitAll() |
| .anyRequest().authenticated() |
| ); |
| http.exceptionHandling(e -> e.accessDeniedPage("/noAuth/api")); |
| http.formLogin(login-> |
| login.loginPage("/login").permitAll() |
| .loginProcessingUrl("/login") |
| .defaultSuccessUrl("/index") |
| ); |
| http.csrf(Customizer.withDefaults()); |
| http.logout(logout-> logout.invalidateHttpSession(true)); |
| return http.build(); |
| } |
| |
| @Bean |
| public InMemoryUserDetailsManager inMemoryUserDetailsManager() { |
| UserDetails admin = User.withUsername("admin").password(passwordEncoder().encode("root")) |
| .authorities("admin:api","user:api").build(); |
| UserDetails user = User.withUsername("user").password(passwordEncoder().encode("root")) |
| .authorities("user:api").build(); |
| return new InMemoryUserDetailsManager(admin,user); |
| } |
| |
| @Bean |
| PasswordEncoder passwordEncoder(){ |
| return new BCryptPasswordEncoder(); |
| } |
| } |
| @Configuration |
| @EnableWebSecurity |
| public class SecurityConfig { |
| @Bean |
| public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception { |
| http.authorizeHttpRequests(author -> |
| |
| author |
| .requestMatchers("/admin/api").hasRole("admin") |
| .requestMatchers("/user/api").hasAnyRole("user","admin") |
| .requestMatchers("/app/api").permitAll() |
| .requestMatchers("/login").permitAll() |
| .anyRequest().authenticated() |
| ); |
| |
| http.exceptionHandling(e -> e.accessDeniedPage("/noAuth/api")); |
| |
| http.formLogin(login-> |
| login.loginPage("/login").permitAll() |
| .loginProcessingUrl("/login") |
| .defaultSuccessUrl("/index") |
| ); |
| http.csrf(Customizer.withDefaults()); |
| |
| |
| http.logout(logout-> logout.invalidateHttpSession(true)); |
| return http.build(); |
| } |
| |
| @Bean |
| public InMemoryUserDetailsManager inMemoryUserDetailsManager() { |
| |
| UserDetails admin = User.withUsername("admin").password(passwordEncoder().encode("root")).roles("admin","user").build(); |
| UserDetails user = User.withUsername("user").password(passwordEncoder().encode("root")).roles("user").build(); |
| return new InMemoryUserDetailsManager(admin,user); |
| } |
| |
| @Bean |
| PasswordEncoder passwordEncoder(){ |
| return new BCryptPasswordEncoder(); |
| } |
| } |
ant匹配模式(略)
| ? 表示匹配单个字符 |
| * 表示匹配0到任意个字符 |
| ** 表示匹配到任意个目录 |
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 25岁的心里话
· 闲置电脑爆改个人服务器(超详细) #公网映射 #Vmware虚拟网络编辑器
· 基于 Docker 搭建 FRP 内网穿透开源项目(很简单哒)
· 零经验选手,Compose 一天开发一款小游戏!
· 一起来玩mcp_server_sqlite,让AI帮你做增删改查!!