这一节,我们会用一个最简单的示例来展示spring security的魅力,通过这个示例我们会发现和spring boot相结合,实现应用的安全控制这个复杂功能竟会如此简单
环境:
spring-boot版本号:1.5.4.RELEASE
1.示例项目结构
2.配置类SecurityConfig.java
/**
*
*/
package nariis.chengf.security.samples.javaconfig.helloworld;
import org.springframework.context.annotation.Bean;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
/**
* @author: 作者: chengaofeng
* @date: 创建时间:2018-01-05 09:09:21
* @Description: TODO
* @version V1.0
*/
@EnableWebSecurity
public class SecurityConfig {
@Bean
public UserDetailsService userDetailsService() {
InMemoryUserDetailsManager manager = new InMemoryUserDetailsManager();
manager.createUser(User.withUsername("user").password("password").roles("USER").build());
return manager;
}
}
创建了一个UserDetailsService的bean,采用基于内存的用户数据管理,追加了一个名称是user,密码是password,对应的权限是USER的用户
3.启动类SecurityHelloWorldApp.java
package nariis.chengf.security.samples.javaconfig.helloworld;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
/**
* Hello world!
*
*/
@SpringBootApplication
public class SecurityHelloWorldApp
{
public static void main( String[] args )
{
SpringApplication.run(SecurityHelloWorldApp.class, args);
}
}
4.项目pom文件
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>nariis.chengf</groupId>
<artifactId>security-samples-javaconfig-helloworld</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>security-samples-javaconfig-helloworld</name>
<url>http://maven.apache.org</url>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
</properties>
<dependencyManagement>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.4.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
</dependencies>
</dependencyManagement>
<dependencies>
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<executions>
<execution>
<goals>
<goal>repackage</goal>
</goals>
</execution>
</executions>
<configuration>
<mainClass>${start-class}</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</project>
5.对应的静态html
<!DOCTYPE html> <html> <head> <title>Static</title> <meta name="viewport" content="width=device-width, initial-scale=1.0"> </head> <body> hello security! </body> </html>
6.启动项目运行
可以选择在eclipse中选中启动类,run as->java application来运行,如下图所示
也可以在项目根目录下执行mvn package后打成可执行jar包,采用java -jar ***.jar来执行,下面我们采用第二种来启动我们的项目
6.1 打包
执行完后会在target目录下生成可执行jar
6.2启动
java -jar security-samples-javaconfig-helloworld-0.0.1-SNAPSHOT.jar
7.启动后在浏览器中输入 http://localhost:8080/index.html,如果上面过程中没有错误,我们会被重定向到登录页面
在页面中输入我们创建的用户:User:user;Password:password,点击login,就可以看到我们编辑的index.html的内容
到此,我们spring security的第一个小示例就结束了,下一节接着用一个简单的示例来介绍怎么用数据库存储我们的用户和权限信息
下载源码