文章目录
- 前言
- 一、创建工程
- 二、spring容器配置
- 三、Servlet Context配置
- 四、安全配置
- 五、创建测试
- 七、启动服务器测试
前言
\qquad Spring Boot 是一套Spring的快速开发框架,基于Spring4.0设计,使用Spring Boot开发可以避免一些繁琐的工程搭建和配置,同时它集成了大量的常用框架,快速导入依赖包,避免依赖包的冲突。基本上常用的开发框架都支持Spring Boot开发,例如:MyBatis、Dubbo等,Spring家族更是如此,例如:Spring Cloud,Spring mvc、Spring security等,使用Spring Boot开发可以大大得提高生产率,所以Spring Boot的使用率很高。
\qquad 本文讲解如何通缩Spring Boot开发Spring Security应用,Spring Boot提供spring-bvoot-starter-security用于开发Spring Security应用。
本章代码已分享至Gitee:https://gitee.com/lengcz/security-spring-boot
一、创建工程
-
创建mavn工程security-spring-boot
-
添加依赖
<?xml version="1.0" encoding="UTF-8"?>
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>com.it</groupId>
<artifactId>security-spring-boot</artifactId>
<version>1.0-SNAPSHOT</version>
<parent>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-parent</artifactId>
<version>2.1.3.RELEASE</version>
</parent>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<maven.compiler.source>1.8</maven.compiler.source>
<maven.compiler.target>1.8</maven.compiler.target>
</properties>
<dependencies>
<!--支持spring boot依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-web</artifactId>
</dependency>
<!--支持spring security依赖-->
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-security</artifactId>
</dependency>
<!--支持jsp依赖-->
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>javax.servlet-api</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.apache.tomcat.embed</groupId>
<artifactId>tomcat-embed-jasper</artifactId>
<scope>provided</scope>
</dependency>
<dependency>
<groupId>org.projectlombok</groupId>
<artifactId>lombok</artifactId>
<version>1.16.12</version>
</dependency>
</dependencies>
<build>
<finalName>security-spring-boot</finalName>
<pluginManagement>
<plugins>
<plugin>
<groupId>org.apache.tomcat.maven</groupId>
<artifactId>tomcat7-maven-plugin</artifactId>
<version>2.2</version>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>1.8</source>
<target>1.8</target>
</configuration>
</plugin>
<plugin>
<artifactId>maven-resources-plugin</artifactId>
<configuration>
<encoding>utf-8</encoding>
<useDefaultDelimiters>true</useDefaultDelimiters>
<resources>
<resource>
<directory>src/main/resources</directory>
<filtering>true</filtering>
<includes>
<include>**/*</include>
</includes>
</resource>
<resource>
<directory>src/main/java</directory>
<filtering>true</filtering>
<includes>
<include>**/*.xml</include>
</includes>
</resource>
</resources>
</configuration>
</plugin>
</plugins>
</pluginManagement>
</build>
</project>
二、spring容器配置
Springboot工程启动会自动扫描启动类所在包下的所有Bean,加载到spring容器。
(1)Springboot配置文件
在resources下添加application.properties,内容如下
server.port=8080
server.servlet.context-path=/sercurity-springboot
spring.application.name=security-springboot
(2) 创建启动类
@SpringBootApplication //主类的注解
public class SecuritySpringBootApp {
public static void main(String[] args) {
SpringApplication.run(SecuritySpringBootApp.class, args);
}
}
三、Servlet Context配置
由于Spring boot starter自动装配机制,这里就不需要使用@EnableWebMvc和@ComponentScan,那么WebConfig就如下
(3) 创建WebConfig
@Configuration
public class WebConfig implements WebMvcConfigurer {
//指向登录页面
@Override
public void addViewControllers(ViewControllerRegistry registry) {
registry.addViewController("/").setViewName("redirect:/login");//spring-security默认提供的登录页面
}
}
在application.properties配置视图解析器
spring.mvc.view.prefix=/WEB-INF/views/
spring.mvc.view.suffix=.jsp
四、安全配置
由于Spring boot starter自动装配特性,这里使用@EnableWebSecurity,WebSecurityConfig 如下
创建WebSecurityConfig
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
//定义用户信息服务
@Bean
public UserDetailsService userDetailsService() {
//这里示例使用内存的方式存储用户名、密码和权限
InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
inMemoryUserDetailsManager.createUser(User.withUsername("zhangsan").password("111").authorities("p1").build());
inMemoryUserDetailsManager.createUser(User.withUsername("lisi").password("222").authorities("p2").build());
return inMemoryUserDetailsManager;
}
//密码编码器
@Bean
public PasswordEncoder passwordEncoder() { //原文密码比较
return NoOpPasswordEncoder.getInstance();
}
//配置安全拦截机制
protected void configure(HttpSecurity security) throws Exception {
security.authorizeRequests()
.antMatchers("/r/r1").hasAnyAuthority("p1")
.antMatchers("/r/r2").hasAnyAuthority("p2")
.antMatchers("/r/**").authenticated() //所有/r/**的请求都必须认证通过
.anyRequest().permitAll() //除此之外的请求,都可以访问
.and()
.formLogin() //允许表单登录
.successForwardUrl("/login-success");//自定义登录成功后的页面地址
}
}
五、创建测试
@RestController
public class LoginController {
@RequestMapping(value = "/login-success", produces = "text/plain;charset=utf-8")
public String login() {
return "登录成功";
}
@RequestMapping(value = "/r/r1", produces = "text/plain;charset=utf-8")
public String resources1() {
return "r1资源";
}
@RequestMapping(value = "/r/r2", produces = "text/plain;charset=utf-8")
public String resources2() {
return "r2资源";
}
}
七、启动服务器测试
访问http://localhost:8080/sercurity-springboot
登录zhangsan的账号测试
然后访问/r/r1和/r/r2资源,可以看到zhangsan可以访问r1,但是不能访问r2
![[PG]查看数据库大小](https://img-blog.csdnimg.cn/1d18727fc4e14bbd848f7b60a52cb965.png)
