WebSecurityConfigurerAdapter:自定义Security策略
AuthenticationManagerBuilder:自定义认证策略
@EnableWebSecurity:开启WebSecuity模式
SpringSecurity的两个主要目标是“认证”和“授权”(访问控制)
“认证”(Authentication)
“授权”(Authorization)
package com.example.springsec; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; //必须配置 aop拦截器 @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { //授权 protected void configure(HttpSecurity http) throws Exception { http .authorizeRequests() .antMatchers("/").hasAnyRole("user");//对映权限允许登陆 // .anyRequest() // .authenticated() http .formLogin() .usernameParameter("username") // default is username 默认用户名 .passwordParameter("password") // default is password 默认密码 .loginPage("/authentication/login") // default is /login with an HTTP get 默认登陆url .failureUrl("/authentication/login?failed") // default is /login?error 默认错误页面 .loginProcessingUrl("/authentication/login/process"); // default is /login 默认登陆成功页面 // with an HTTP // post http .logout() .logoutUrl("/") //登出 url地址 .logoutSuccessUrl("/") //登出成功 url地址 .and() .httpBasic(); http .csrf().disable(); //禁用csrf防御攻击 http.rememberMe().rememberMeParameter("123");//记住账号 name="123" } }https://www.cnblogs.com/luas/p/12188967.html
