The basic configuration of Spring Security
1. Create a common springboot project, add the following dependence
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
Just add spring-boot-starter-security depend on the project, all project resources will be protected
2. Create a Controller, and add a simple test interface, as follows:
@RestController
public class HelloController {
@GetMapping("/hello")
public String hello() {
return "hello";
}
}
3. Start project to test
wait after the successful launch of the project, and then visit http: localhost: 8080 / hello custom interfaces will jump to the landing page, the landing page is provided with Spring Security, as shown below:
The default user name is user, the default login password is randomly generated each time the project started, here you can see the start of the project log, as shown below:
From the start of the project log can see the default login password, you can access the interface hello after landing a success
4. Configure the user name and password
if developers default username and password are not satisfied, you can configure application.properties, when configured to restart the project, ready to use configured user name and password to log in, and after a successful landing, users also have a role --admin
spring.security.user.name=sang
spring.security.user.password=123
spring.security.user.roles=admin
The memory-based authentication
can be customized to achieve a derived class inherits SecurityConfigurerAdapter more custom configuration Spring Security, for example, memory-based authentication, as follows:
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@Configuration
public class MyWebSecurityConfig extends WebSecurityConfigurerAdapter {
@Bean
PasswordEncoder passwordEncoder(){
return NoOpPasswordEncoder.getInstance();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication()
.withUser("admin").password("123").roles("ADMIN","USER")
.and()
.withUser("sang").password("123").roles("USER");
}
}
Code explanation: Custom MyWebSecurityConfig inherited from WebSecurityConfigurerAdapter, and rewrite configure (AuthenticationManagerBuilder auth) method, two users in this configuration method, the configuration is complete, restart the Spring Boot project, you can use two roles here were landing configuration
