zoukankan      html  css  js  c++  java
  • Spring Boot----安全

    SpringBoot 整合 shiro(略)

     

     

    SpringBoot 整和 Spring Security

    官方文档:https://docs.spring.io/spring-security/site/docs/5.1.6.RELEASE/reference/htmlsingle/

    1、添加依赖

    <dependency>
                <groupId>org.springframework.boot</groupId>
                <artifactId>spring-boot-starter-security</artifactId>
    </dependency>

    2、登录权限配置

    @EnableWebSecurity
    public class MySecurityConfig extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            //super.configure(http);
            //定制请求授权规则
            http.authorizeRequests().antMatchers("/static/**").permitAll()
                    .antMatchers("/leve1").hasRole("vip1");
            http.formLogin().loginProcessingUrl("/login");
    
            //配置注销功能
            http.logout();
    
            //开启记住我功能
            http.rememberMe();
    
        }
        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            //方法1
            //PasswordEncoder encoder = PasswordEncoderFactories.createDelegatingPasswordEncoder();
            //auth.inMemoryAuthentication().withUser("zy").password(encoder.encode("123")).roles("vip1");
    
            //方法2
            auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder()).withUser("zy").password(new BCryptPasswordEncoder().encode("123")).roles("vip1");
        }
    }

    2、注销权限配置

    参考:https://docs.spring.io/spring-security/site/docs/5.1.6.RELEASE/reference/htmlsingle/#jc-logout-handler

     

    Spring Security整和thymeleaf

    参考:https://docs.spring.io/spring-security/site/docs/current/guides/html5//helloworld-boot.html

    1、引入依赖

    <dependency>
                <groupId>org.thymeleaf.extras</groupId>
                <artifactId>thymeleaf-extras-springsecurity5</artifactId>
                <version>3.0.4.RELEASE</version>
    </dependency>

    2、html

    <!DOCTYPE html>
    <html xmlns="http://www.w3.org/1999/xhtml" xmlns:th="https://www.thymeleaf.org" xmlns:sec="https://www.thymeleaf.org/thymeleaf-extras-springsecurity5">
    <html xmlns:th="http://www.thymeleaf.org">
    <head>
        <meta charset="UTF-8">
        <title>Title</title>
    </head>
    <body>
    <form action="/logout" method="get">
        <input type="submit" value="提交">
    </form>
    <div sec:authorize="!isAuthenticated()">
        请登录:游客
    </div>
    <div sec:authorize="isAuthenticated()">
        用户:<span sec:authentication="name"></span>
        --您拥有的权限:<span sec:authentication="principal.authorities"></span>
        <form th:action="@{/logout}" method="post"><input type="submit" value="注销"></form>
        <!--url 必须写成 th:action="@{/logout}" 这种格式,method:post-->
    </div>
    <div sec:authorize="hasRole('vip1')">
        <li>只有有了vip1权限,这个li才会显示</li>
    </div>
    </body>
    </html>

    3、自定义用户登录页面

    1、修改configure方法中的配置

            //走的是controller
            http.formLogin().usernameParameter("user").passwordParameter("password").loginPage("/login");
            //默认login get请求到登录页面
            //默认login post请求处理登录
            //如果自定制了页面,如果loginPage("/login"),提交表单的时候的url是如果loginPage中写的url
    
            //开启记住我功能(自定义的html页面)
            http.rememberMe().rememberMeParameter("remember");

    2、html

    <form th:action="@{/login}" method="post">  //url必须用@{} 来写
        <input name="user">
        <input name="password">
        <input type="checkbox" name="remember">
        <input type="submit" value="登录">
    </form>
    

      

      

  • 相关阅读:
    java相关
    cmd批处理命令及powershell
    火狐浏览器调试模式
    windows 配置java环境变量
    Acwing-279-自然数拆分(背包)
    Acwing-278-数字组合(背包)
    Acwing-277-饼干(DP)
    Acwing-274-移动服务(DP)
    Acwing-275-传纸条(DP)
    Acwing-121-赶牛入圈(二分, 二维前缀和,离散化)
  • 原文地址:https://www.cnblogs.com/yanxiaoge/p/11387734.html
Copyright © 2011-2022 走看看