a brief introdction
Since the emergence of automatic spring boot, spring security has gradually become popular, mainly because spring security has always been defined as a heavyweight framework, but after the emergence of spring boot, it is different, and spring security has gradually become much simpler
I have been doing java for many years, and found that I have written projects for several years, but I have not had the opportunity to get in touch with spring security-related frameworks. It was not until I came to a company in 2019 to do enterprise digitalization that I started to have some contact with spring security.
Spring security is the security module of spring, which is authentication and authorization. It is also very simple to use. You only need to gently introduce related dependencies, and it will automatically protect your entire web project.
create project
- Create a new spring boot project named security, choose to rely on spring security and spring web
to add maven dependencies
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
- Create a new HelloController class, write an interface, and it will be automatically handed over to spring security for management
@RestController
public class HelloController {
@RequestMapping("/sayHello")
public String sayHello(){
return "十年生死两茫茫,不思量,自难忘----苏轼,hello";
}
}
Test the interface and feel the power of spring security
- Start the project security, the default port number is 8080, because we have not configured the user, spring security will automatically create a default user user for us, and the temporary password will be printed to the screen through the log after the project starts, as shown in the figure
- Access interface: http://127.0.0.1:8080/sayHello, because we have added the spring security security module, all interface access must be authenticated and authorized before normal access. At this time, it will automatically adjust to the login page. Perform login authentication
- Enter the user name: user, password: d00df1eb-4a5f-4126-9a35-44eda4d49dfc, click Login to access the interface normally, note that the password here is a temporary password, and the temporary password will change every time the project starts
Let's take a look at how the spring security security module works
1. When accessing the interface: http://127.0.0.1:8080/sayHello, it will be automatically intercepted and authenticated by spring security, and it is found that the request does not carry a valid cookie authentication authorization. It will be automatically redirected to the default login page for logging in to spring security: http://127.0.0.1:8080/login
2. After the user enters the user name and password, click Login. After the spring security authentication and authorization are successful, the cookie will be reset , and then the redirection will go to the accessed interface address
3. After completing the second step, the user’s access address is redirected back: http://127.0.0.1:8080/sayHello When accessing, a valid cookie is carried, so it can Access the interface normally and return the interface value
At this point, the primary experience version of spring security is complete!