background:
The predecessor of Spring Security was Acegi Security , which was officially renamed Spring Security after being included as a Spring sub-project . As of now, Spring Security has been upgraded to version 5.3.9 , which not only adds a native OAuth framework, but also supports more modern password encryption methods.
maven dependencies:
The content of the complete pom.xml is as follows. It should be noted that the version we use for Spring Boot is 1.5.10 . Its corresponding Spring Security version is 4.2.4.RELEASE .
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>1.5.10.RELEASE</version>
</parent>
<properties>
<maven-jar-plugin.version>3.1.1</maven-jar-plugin.version>
</properties>
<dependencies>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-test</artifactId>
<scope>test</scope>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-aop</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-web</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-config</artifactId>
</dependency>
</dependencies>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-maven-plugin</artifactId>
</plugin>
</plugins>
</build>Add startup class:
It is also necessary to create a new startup class SpringDemoApplication , the code content is as follows:
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
public class SpringDemoApplication {
@GetMapping("/")
public String hello() {
return "hello spring security";
}
public static void main(String[] args) {
SpringApplication.run(SpringDemoApplication.class,args);
}
}Project directory:
The project structure is shown in the figure below:
test:
Start the project, enter http://localhost:8080 in the browser , and the browser will pop up a dialog box that requires authentication, as shown in the following figure:
After introducing the Spring Security project, although there is no related configuration or coding, Spring Security has a default running state , which requires HTTP basic authentication to access the corresponding URL resources. The default user name is user . The password is a string of random codes dynamically generated and printed to the console. Look at the print information on the console, as shown in the following figure:
After entering the user name and password, click the "Login" button to successfully jump, as shown in the figure below:
Of course, in HTTP basic authentication, user name and password can be configured, the most common is to modify in the configuration file under resources , as shown in the following figure:
Restart the program and find that the console no longer prints the default password string. At this time, you can log in with our custom user name and password.
In fact, the vast majority of web applications do not choose the authentication method of HTTP basic authentication. In addition to factors such as poor security and inability to carry cookies , lack of flexibility is also a major disadvantage of it. Usually people prefer to choose form authentication and implement the form login page and verification logic by themselves to improve security.