Spring Boot configures Spring Security to implement simple access interception

1 Spring Security

Spring Security, which is a security framework based on Spring AOP and Servlet filters. It provides a comprehensive security solution, and handles identity verification and authorization at the Web request level and method call level.

Its design is based on a wide range of dependencies within the framework and can be divided into the following sections.

(1) Web/Http security: This is the most complicated part. The authentication mechanism of the framework is realized by establishing filters and related service beans. When accessing a protected URL, the user will be introduced to the login interface or an error prompt interface.

(2) Security of business objects or methods: to control method access rights.

(3) AuthenticationManager: Process authentication requests from other parts of the framework.

(4) AccessDecisionManager: Provide access decision for Web or method security. A default one will be registered, but we can also use a custom AccessDecisionManager by way of ordinary bean registration.

(5) AuthenticationProvider: AuthenticationManager authenticates users through it.

(6) UserDetailsService: It is closely related to AuthenticationProvider and used to obtain user information.

2 Add Maven dependency

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>
        <!-- Spring Security-->
		<dependency>
			<groupId>org.springframework.boot</groupId>
			<artifactId>spring-boot-starter-security</artifactId>
		</dependency>

3 SecurityConfig

Perform request interception.

package com.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity httpSecurity) throws Exception {
        httpSecurity
                // 过滤请求
                .authorizeRequests()
                //允许匿名访问
                .antMatchers("/test/help").anonymous()
                // 除上面外的所有请求全部需要鉴权认证
                .anyRequest().authenticated();
    }
}

4 Create request URL

TestController.java：

package com.controller;

import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/test")
public class TestController {
    @GetMapping("/help")
    public String help(){
        return "hello,Help!";
    }
    @GetMapping("/login")
    public String login(){
        return "hello,login!";
    }
}

5 Debugging results

The URL that can be requested will directly display the result.

For URLs that cannot be requested, 403 will be displayed, indicating that they have no permission to access.