Spring Security 基本配置 

package com.mengxuegu.security.config;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;


/**
 * alt+/ 导包
 * ctrl+o 覆盖
 * @Auther: 梦学谷 www.mengxuegu.com
 */
@EnableWebSecurity // 开启springsecurity过滤链 filter
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {


    Logger logger = LoggerFactory.getLogger(getClass());

    @Bean
    public PasswordEncoder passwordEncoder(){
        // 明文+随机盐值-》加密存储
        return new BCryptPasswordEncoder();
    }

    /**
     * 认证管理器:
     * 1. 认证信息(用户名,密码)
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        String password = passwordEncoder().encode("123456");
        logger.info("加密之后存储的密码:"+password);
        auth.inMemoryAuthentication().withUser("root").password(password).authorities("ADMIN");
    }

    /**
     * 资源权限配置:
     * 1. 被拦截的资源
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        System.out.println("用户认证");
//       http.httpBasic() // 采用 httpBasic认证方式
        http.formLogin() // 表单登录方式
                .loginPage("/login/page")   //配置登录页面
                .loginProcessingUrl("/login/form")  //登录表单提交处理url,默认是/login
                .usernameParameter("name")
                .passwordParameter("pwd")
            .and()
            .authorizeRequests() // 认证请求
            .antMatchers("/login/page").permitAll()
            .anyRequest().authenticated() //所有访问该应用的http请求都要通过身份认证才可以访问
        ; // 注意不要少了分号
    }

    /**
     * 一般针对静态资源放行
     * @param web
     */
    @Override
    public void configure(WebSecurity web) {
        web.ignoring().antMatchers("/dist/**","/modules/**","/plugins/**");
    }
}
posted @ 2020-11-01 23:08  xl4ng  阅读(191)  评论(0编辑  收藏  举报