package com.example.demo.security;
import com.example.demo.service.CustomUserService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
/**
* @author sly
* @version 1.0
* @date 2019/9/25 11:24
*/
@Configuration
@EnableWebSecurity
//@EnableAutoConfiguration
//@EnableGlobalMethodSecurity(prePostEnabled=true)//开启全局 Securtiy 注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
// @Bean
// public CustomUserService customUserService() {
// return new CustomUserService();
// }
@Override
protected void configure(HttpSecurity http) throws Exception {
// //路由策略和访问权限的简单配置
// http
// .formLogin() //启用默认登陆页面
// .failureUrl("/login?error") //登陆失败返回URL:/login?error
// .defaultSuccessUrl("/hello") //登陆成功跳转URL,这里调整到用户首页
// .permitAll(); //登陆页面全部权限可访问
// super.configure(http);
//设置登录,注销,表单登录不用拦截,其他请求要拦截
http.authorizeRequests().antMatchers("/").permitAll()
.anyRequest().authenticated()
.and()
.logout().permitAll()
.and()
.formLogin()
.defaultSuccessUrl("/hello")
.failureUrl("/login?error"); //登陆失败返回URL:/login?error
//关闭默认的csrf认证
http.csrf().disable();
}
/**
* 配置内存用户
*/
@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
// auth
//// .userDetailsService(customUserService()).passwordEncoder(new BCryptPasswordEncoder());
//// auth.userDetailsService(userService).passwordEncoder(new BCryptPasswordEncoder());
//
// .inMemoryAuthentication()
// .withUser("阿毅").password("123456").roles("ADMIN")
// .and()
// .withUser("阿兰").password("123456").roles("USER");
auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
//.passwordEncoder(new MyPasswordEncoder())。
//这样,页面提交时候,密码以明文的方式进行匹配。
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()).withUser("cxh").password("cxh").roles("ADMIN");
}
}
参考https://blog.csdn.net/weixin_39220472/article/details/80865411此文!!!
package com.example.demo.security;
import org.springframework.security.crypto.password.PasswordEncoder;
/**
* @author sly
* @version 1.0
* @date 2019/9/26 13:35
*/
public class MyPasswordEncoder implements PasswordEncoder {
@Override
public String encode(CharSequence charSequence) {
return charSequence.toString();
}
@Override
public boolean matches(CharSequence charSequence, String s) {
return s.equals(charSequence.toString());
}
}