Spring Security使用

一、使用下面 Spring Security最简单的配置，就能无偿地得到一个登陆页面

配置DelegatingFilterProxy：

package com.hef.spittr.config;

import org.springframework.security.web.context.AbstractSecurityWebApplicationInitializer;

public class SecurityWebInitializer extends AbstractSecurityWebApplicationInitializer {


}

配置WebSecurityConfigurerAdapter：

package com.hef.spittr.config;

import com.hef.spittr.service.SpitterUserService;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 基于内存的用户存储
     * inMemoryAuthentication() 启动用户存储
     * @param auth
     * @throws Exception
     */
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        //super.configure(auth);
        // 用两个用户来配置内存用户存储
        auth.inMemoryAuthentication()
                .withUser("user").password("password").roles("USER").and()
                .withUser("admin").password("password").roles("USER", "ADMIN");
    }
}

一旦重写configure(HttpSecurity)方法，就失去了这个简单的登陆页面。在configure(HttpSecurity)方法中调用formLogin()之后，还能找回这个功能，此时访问应用的"/login"或者导航到需要认证的页面时，将会在浏览器中展示登陆页面。