配置web.xml
添加spring-cloud-starter-security和spring-security-oauth2-autoconfigure两个依赖。
</dependency> <!-- Spring cloud starter: Security --> <!-- Include: web, actuator, security, zuul, etc. --> <dependency> <groupId>org.springframework.cloud</groupId> <artifactId>spring-cloud-starter-security</artifactId> </dependency> <!-- Spring Security OAuth2 Autoconfigure (optional in spring-cloud-security after 2.1) --> <dependency> <groupId>org.springframework.security.oauth.boot</groupId> <artifactId>spring-security-oauth2-autoconfigure</artifactId> </dependency>
此外,它还是一个Eureka Client和Config Client,如何配置Eureka Client和Config Client请看前面章节。
配置WebSecurity
package com.mytools.config; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; import org.springframework.security.core.userdetails.UserDetailsService; import org.springframework.security.crypto.factory.PasswordEncoderFactories; import org.springframework.security.crypto.password.PasswordEncoder; /** * Spring Security Configuration. */ @Configuration public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter { @Autowired private UserDetailsService userDetailsService; /** * password encodeer */ @Bean public PasswordEncoder passwordEncoder() { return PasswordEncoderFactories.createDelegatingPasswordEncoder(); } @Override @Bean public AuthenticationManager authenticationManagerBean() throws Exception { return super.authenticationManagerBean(); } /* (non-Javadoc) * @see org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter#configure(org.springframework.security.config.annotation.web.builders.HttpSecurity) */ @Override protected void configure(HttpSecurity http) throws Exception { //@formatter:off http.authorizeRequests() // configure authorize request rule .antMatchers("/index").permitAll() // .antMatchers("/url/**").hasRole("ADMIN") // some urls have access ADMIN // .anyRequest().authenticated() // any other request need to authenticate .and() .formLogin() // login as form .loginPage("/login") // login url (default is login page with framework) // .defaultSuccessUrl("/index") // login success url (default is index) .failureUrl("/login-error") // login fail url .and() // .logout() // logout config // .logoutUrl("/logout") // logout url (default is logout) // .logoutSuccessUrl("/index") // logout success url (default is login) .rememberMe() // Remember me .key("uniqueAndSecret") // generate the contents of the token .tokenValiditySeconds(60 * 60 * 24 * 30) // 30 days .userDetailsService(userDetailsService) // register UserDetailsService for remember me functionality // .and() //.httpBasic() // use HTTP Basic authentication(in header) for an application ; //@formatter:on } }
说明:
(1)