视频课程地址: Spring Boot 整合 Security 权限控制
- 修改 pom 文件, 使其支持 jdk1.8
<plugin.compiler.version>2.0.2</plugin.compiler.version>
<!-- 设置 java sdk 版本 -->
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>${plugin.compiler.version}</version>
<configuration>
<source>${system.java.version}</source>
<target>${system.java.version}</target>
</configuration>
</plugin>- 修改 Security 配置文件使其支持跨域(使用 SpringBoot 内置跨域(不友好))
@Override
protected void configure(HttpSecurity http) throws Exception {
// 允许直接访问/路径
http.authorizeRequests().antMatchers("/").permitAll()
// 使其支持跨域
.requestMatchers(CorsUtils :: isPreFlightRequest).permitAll()
// 其他路径需要授权访问
.anyRequest().authenticated()
// 指定登录页面
.and().formLogin().loginPage("/user/login")
// 登录成功后的默认路径
.defaultSuccessUrl("/").permitAll()
// 退出登录后的默认路径
.and().logout().logoutSuccessUrl("/user/login").permitAll();
}使用html 页面进行跨域, 即每次请求将后台的跨域字符串写到前端页面隐藏域, 每次请求的时候在携带这两个隐藏域值访问后台请求(不推荐)
在 config 目录中创建 CorsConfig 跨域配置文件(用户自定义实现跨域)
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
* <p>
* http://www.apache.org/licenses/LICENSE-2.0
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package com.edurt.config;
import org.springframework.core.Ordered;
import org.springframework.core.annotation.Order;
import org.springframework.stereotype.Component;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* CorsConfig <br/>
* 描述 : CorsConfig <br/>
* 作者 : qianmoQ <br/>
* 版本 : 1.0 <br/>
* 创建时间 : 2018-03-20 下午3:15 <br/>
* 联系作者 : <a href="mailTo:[email protected]">qianmoQ</a>
*/
@Component
@Order(Ordered.HIGHEST_PRECEDENCE)
public class CorsConfig implements Filter {
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
HttpServletResponse response = (HttpServletResponse) res;
HttpServletRequest request = (HttpServletRequest) req;
// 配置跨域请求的主机/ip
response.setHeader("Access-Control-Allow-Origin", "*");
// 配置跨域请求的方法
response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
// 配置跨域请求的缓冲时间
response.setHeader("Access-Control-Max-Age", "3600");
// 配置跨域的 header 头信息
response.setHeader("Access-Control-Allow-Headers", "x-requested-with, authorization");
if ("OPTIONS".equalsIgnoreCase(request.getMethod())) {
response.setStatus(HttpServletResponse.SC_OK);
} else {
chain.doFilter(req, res);
}
}
@Override
public void init(FilterConfig filterConfig) {
}
@Override
public void destroy() {
}
}spring Security 3默认关闭csrf,Spring Security 4默认启动了csrf. 加上
.csrf().disable()即可关闭csrf
- 修改App 应用入口文件配置扫描路径
package com.edurt;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.context.annotation.ComponentScan;
/**
* Hello world!
*/
@SpringBootApplication
// 设置扫描路径
@ComponentScan(value = "com.edurt")
public class App {
public static void main(String[] args) {
SpringApplication.run(App.class, args);
}
}