Security framework:
Spring Security + Shiro + OAuth2 in a project which
github Address:
https://github.com/ZiCheng-Web/springboot-security
In common security framework for Java development areas have Shiro and Spring Security.
Shiro is a lightweight security management framework that provides authentication, authorization,
session management, password management, cache management and other functions.
Spring Security relatively complex security management framework, more powerful than Shiro, more fine-grained access control, support for OAuth friendly, and because Spring Security from
Spring family, it can and Spring frame seamless integration, especially in Spring Boot with automation solutions provided, allows more convenient use of Spring Security.
Spring Security There are two important concepts.
They are Authentication (authentication) and Authorization (authorization).
Certification: that confirm whether the user login, and user control.
Authorization: the identification of functional competence users have, and carry out control user rights.
Creating Springboot + SpringSecurity project
pom.xml
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.zicheng</groupId>
<artifactId>springsecurity01</artifactId>
<version>0.0.1-SNAPSHOT</version>
<packaging>jar</packaging>
<name>springsecurity01</name>
<description>Demo project for Spring Boot</description>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.2.4.RELEASE</version>
<relativePath/> <!-- lookup parent from repository -->
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<java.version>1.8</java.version>
</properties>
<dependencies>
<!--导入SpringSecurity依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--导入web依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-test</artifactId>
<scope>test</scope>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
<configuration>
<mainClass>com.zicheng.SpringSecurity01Application</mainClass>
</configuration>
</plugin>
</plugins>
</build>
</project>
Configuration startup class
@SpringBootApplication
public class SpringSecurity01Application {
public static void main(String[] args) {
SpringApplication.run(SpringSecurity01Application.class);
}
}
HelloController write a simple test
@RestController
public class HelloController {
//简单测试一下
@GetMapping("/ hello")
public String hello(){
return "hello";
}
}
Start the project, visit http://127.0.0.1:8080/
default account for the user, the password can be found in the log console. 
application.yml configure the user name password
user name: admin
password: 123456
role: admin
spring:
security:
user:
name: admin
password: 123456
roles: admin
Start the project, landing is used to configure the user name and password, that is admin and 123456.
