Spring-Security框架學(xué)習(xí)總結(jié)
前提:在做演示之前,我們先創(chuàng)建項(xiàng)目,并將項(xiàng)目導(dǎo)入IDE
測(cè)試項(xiàng)目是否運(yùn)行成功,成功后進(jìn)行正式開始學(xué)習(xí)
一.Case1:只要能登錄即可
目標(biāo):我們?cè)谠L問項(xiàng)目是訪問index可以直接進(jìn)入,不需要攔截,訪問其他路徑是需要進(jìn)行登錄驗(yàn)證,并且允許登錄用戶注銷和使用表單進(jìn)行登錄,不攔截前臺(tái)js,css,image等文件,我們?cè)趦?nèi)存中設(shè)置了一個(gè)admin用戶,可以進(jìn)行登錄
直接上代碼(代碼中會(huì)有注釋):
SecuDemoApplication:
目前創(chuàng)新互聯(lián)公司已為超過千家的企業(yè)提供了網(wǎng)站建設(shè)、域名、網(wǎng)站空間、網(wǎng)站運(yùn)營(yíng)、企業(yè)網(wǎng)站設(shè)計(jì)、拜城網(wǎng)站維護(hù)等服務(wù),公司將堅(jiān)持客戶導(dǎo)向、應(yīng)用為本的策略,正道將秉承"和諧、參與、激情"的文化,與客戶和合作伙伴齊心協(xié)力一起成長(zhǎng),共同發(fā)展。
package com.dhtt.security.SecuDemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
@EnableAutoConfiguration
public class SecuDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SecuDemoApplication.class, args);
}
@RequestMapping("/index")
public String hello() {
return "hello Spring boot....";
}
@RequestMapping("/home")
public String home() {
return "this my home....";
}
}
SpringSecruityConfig:
package com.dhtt.security.SecuDemo;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
@EnableWebSecurity
public class SpringSecruityConfig extends WebSecurityConfigurerAdapter{
/**
* HTTP請(qǐng)求攔截處理
*/
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests()
.antMatchers("/index").permitAll() //主路徑直接請(qǐng)求
.anyRequest().authenticated() //請(qǐng)他請(qǐng)求都要驗(yàn)證
.and()
.logout().permitAll() //允許注銷
.and()
.formLogin(); //允許表單登錄
http.csrf().disable(); //關(guān)閉csrf的認(rèn)證
}
/**
* 處理前端文件,攔截忽略
*/
@Override
public void configure(WebSecurity web) throws Exception {
web.ignoring().antMatchers("/js/**","/css/**","/image/**");
}
/**
* 設(shè)置內(nèi)存中的用戶admin
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().withUser("admin").password("123456").roles("ADMIN");
}
}
然后我們啟動(dòng)項(xiàng)目,在前臺(tái)訪問路徑
(1)訪問http://localhost:8080/index成功
(2)訪問http://localhost:8080/home:
我們發(fā)現(xiàn)前臺(tái)會(huì)為我們跳轉(zhuǎn)到登錄界面,接下來(lái)我們進(jìn)行登錄驗(yàn)證,我們發(fā)現(xiàn)登錄界面沒有跳轉(zhuǎn),證明登錄失敗,此時(shí)我們觀察后臺(tái)
發(fā)現(xiàn)后臺(tái)報(bào)錯(cuò)
(3)報(bào)錯(cuò)問題解決:原因是spring boot的版本和Spring Security的版本問題,我們需要提供一個(gè)PasswordEncorder實(shí)例
MyPasswordEncoder:
package com.dhtt.security.SecuDemo;
import org.springframework.security.crypto.password.PasswordEncoder;
public class MyPasswordEncoder implements PasswordEncoder{
@Override
public String encode(CharSequence rawPassword) {
return rawPassword.toString();
}
@Override
public boolean matches(CharSequence rawPassword, String encodedPassword) {
return encodedPassword.equals(rawPassword);
}
}
SpringSecruityConfig中修改部分:
/**
* 設(shè)置內(nèi)存中的用戶admin
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("admin").password("123456").roles("ADMIN");
}
現(xiàn)在再次運(yùn)行項(xiàng)目訪問/home,我們發(fā)現(xiàn)登錄成功,頁(yè)面成功訪問
Case2:有指定的角色,每個(gè)角色都有指定的權(quán)限
(1)目標(biāo):我們新增一個(gè)USER,對(duì)于ADMIN權(quán)限可以訪問所有地址,但是user的權(quán)限規(guī)定其不能訪問/roleAuth,代碼:
SpringSecruityConfig中修改部分:
/**
* 設(shè)置內(nèi)存中的用戶admin
*/
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("admin").password("haha1996").roles("ADMIN");
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("zhangsan").password("123456").roles("ADMIN");
auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder())
.withUser("username1").password("password").roles("USER");
}
SecuDemoApplication:這里我們添加了新的注解
package com.dhtt.security.SecuDemo;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.EnableAutoConfiguration;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@SpringBootApplication
@RestController
@EnableAutoConfiguration
@EnableGlobalMethodSecurity(prePostEnabled=true)
public class SecuDemoApplication {
public static void main(String[] args) {
SpringApplication.run(SecuDemoApplication.class, args);
}
@RequestMapping("/index")
public String hello() {
return "hello Spring boot....";
}
@RequestMapping("/home")
public String home() {
return "this my home....";
}
@RequestMapping("/roleAuth")
@PreAuthorize("hasRole('ROLE_ADMIN')")
public String role() {
return "HELLO SPRING SECURITY....";
}
}
經(jīng)測(cè)試運(yùn)行結(jié)果與我們的預(yù)期相同,我們使用admin進(jìn)行登錄,地址均可訪問,當(dāng)我們使用user進(jìn)行登錄時(shí),我們發(fā)現(xiàn)/roleAuth路徑訪問失敗,沒有權(quán)限
待續(xù)。。。
新聞名稱:Spring-Security權(quán)限管理框架(1)——根據(jù)角色權(quán)限登錄
網(wǎng)址分享:http://bm7419.com/article8/ipoiop.html
成都網(wǎng)站建設(shè)公司_創(chuàng)新互聯(lián),為您提供網(wǎng)站設(shè)計(jì)公司、域名注冊(cè)、網(wǎng)站收錄、網(wǎng)站設(shè)計(jì)、品牌網(wǎng)站設(shè)計(jì)、靜態(tài)網(wǎng)站
聲明:本網(wǎng)站發(fā)布的內(nèi)容(圖片、視頻和文字)以用戶投稿、用戶轉(zhuǎn)載內(nèi)容為主,如果涉及侵權(quán)請(qǐng)盡快告知,我們將會(huì)在第一時(shí)間刪除。文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如需處理請(qǐng)聯(lián)系客服。電話:028-86922220;郵箱:631063699@qq.com。內(nèi)容未經(jīng)允許不得轉(zhuǎn)載,或轉(zhuǎn)載時(shí)需注明來(lái)源: 創(chuàng)新互聯(lián)