Spring Security教程

一、Spring Security

KuangStudy

Spring Security学习视频：狂神说视频

KuangStudy:
https://www.kuangstudy.com/course

Spring Security视频(狂神说)：
https://www.bilibili.com/video/BV1KE411i7bC?p=1

百度云课件(狂神说资料):
链接：https://pan.baidu.com/s/1YtuSLNGXDyl9XGeZcYYyPQ 
提取码：fazh

官网文档：
https://spring.io/projects/spring-security
https://docs.spring.io/spring-security/site/docs/5.2.0.RELEASE/reference/htmlsingle/

Maven依赖：
https://mvnrepository.com/

图标网站：
https://semantic-ui.com/

一、导入依赖

<dependency>
    <groupId>org.springframework.boot</groupId>
    <artifactId>spring-boot-starter-security</artifactId>
</dependency>

二、controller

package com.jin.controller;

import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;

/**
 * @Package:com.jin.controller
 * @ClassName: RouterController
 * @Description:
 * @Date: 2021/12/07 22:59
 * @Author: Jin
 */
@Controller
public class RouterController {
    
    
    @RequestMapping({
    
    "/","/index"})
    public String index(){
    
    
        return "index";
    }
    @RequestMapping("/toLogin")
    public String toLogin(){
    
    
        return "views/login";
    }
    @RequestMapping("/level1/{id}")
    public String level1(@PathVariable("id") int id){
    
    
        return "views/level1/"+id;
    }
    @RequestMapping("/level2/{id}")
    public String level2(@PathVariable("id") int id){
    
    
        return "views/level2/"+id;
    }
    @RequestMapping("/level3/{id}")
    public String level3(@PathVariable("id") int id){
    
    
        return "views/level3/"+id;
    }
}

三、config

package com.jin.config;

import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

/**
 * @Package:com.jin.config
 * @ClassName: SecurityConfig
 * @Description:
 * @Date: 2021/12/08 16:17
 * @Author: Jin
 */
//AOP:拦截器
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    
    
    //链式编程
    @Override
    protected void configure(HttpSecurity http) throws Exception {
    
    
//        super.configure(http);
        //首页所有人可以访问，功能页只有对应有权限的人才能访问
        //请求授权的规则
        http.authorizeRequests()
                .antMatchers("/").permitAll()
                .antMatchers("/level1/**").hasRole("vip1")
                .antMatchers("/level2/**").hasRole("vip2")
                .antMatchers("/level3/**").hasRole("vip3");

        //没有权限默认会到登录页面，需要开启登录的页面
        //login
        http.formLogin().loginPage("/toLogin");

        //注销.开启了注销功能，注销结束跳到首页
        http.logout().logoutSuccessUrl("/");
        //防止网站工具：get,post
        http.csrf().disable();//关闭csrf功能，登出失败可能的原因

        //开启记住我的功能 cookie
        http.rememberMe().rememberMeParameter("remember");
    }


    //认证,springboot 2.1.X可以直接使用
    //密码编码：PasswordEcoder
    //在Spring Security 5.0+ 新增了很多的加密方法
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
    
    
//        super.configure(auth);
        //inMemoryAuthentication内存的数据
        auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
                .withUser("root").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2","vip3")
                .and()
                .withUser("Jin").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1","vip2")
                .and()
                .withUser("Ji").password(new BCryptPasswordEncoder().encode("123456")).roles("vip1");
    }
}