所需依赖
<dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-web</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-thymeleaf</artifactId> </dependency> <dependency> <groupId>org.springframework.boot</groupId> <artifactId>spring-boot-starter-security</artifactId> </dependency>application.yml
spring: thymeleaf: prefix: classpath:/templates/ suffix: .htmlcontroller层
@Controller public class StudentHandler { @GetMapping("/index") public String index(){ return "index"; } }在引入security依赖下,随意访问页面,都会跳转到login页面
用户名为 user
密码在控制台随机生成
自定义密码
spring: thymeleaf: prefix: classpath:/templates/ suffix: .html security: user: name: root password: 123456创建MyPasswordEncoder类
package com.woongcha.config; import org.springframework.security.crypto.password.PasswordEncoder; public class MyPasswordEncoder implements PasswordEncoder { public String encode(CharSequence charSequence) { return charSequence.toString(); } public boolean matches(CharSequence charSequence, String s) { return s.equals(charSequence.toString()); } }继承PasswordEncoder,encode 方法是将传入的参数转成字符串输出,matches 是将s(前台传过来的密码)与charSequence进行比较.
创建Security类
@Configuration @EnableWebSecurity public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(AuthenticationManagerBuilder auth) throws Exception { auth.inMemoryAuthentication().passwordEncoder(new MyPasswordEncoder()) .withUser("user").password(new MyPasswordEncoder().encode("000")).roles("USER") .and() .withUser("admin").password(new MyPasswordEncoder().encode("123")).roles("ADMIN","USER"); } @Override protected void configure(HttpSecurity http) throws Exception { http.authorizeRequests().antMatchers("/admin").hasRole("ADMIN") .antMatchers("/index").access("hasRole('ADMIN') or hasRole('USER')") .and() .formLogin() .loginPage("/login") .permitAll() .and() .logout() .permitAll() .and() .csrf() .disable(); } }修改Handler
package com.woongcha.controller; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.GetMapping; @Controller public class StudentHandler { @GetMapping("/index") public String index() { return "index"; } @GetMapping("/admin") public String admin() { return "admin"; } @GetMapping("/login") public String login() { return "login"; } }新建三个html页面
admin.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>后台管理系统</h1> <form action="/logout" method="post"> <input type="submit" value="退出"> </form> </body> </html>index.html
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <h1>test</h1> <form action="/logout" method="post"> <input type="submit" value="退出"> </form> </body> </html>login.html
<!DOCTYPE html> <html xmlns:th="http://www.thymeleaf.org"> <html lang="en"> <head> <meta charset="UTF-8"> <title>Title</title> </head> <body> <form th:action="@{/login}" method="post"> 用户名:<input type="text" name="username"/><br/> 密码:<input type="text" name="password"/><br/> <input type="submit" value="登录"/> </form> </body> </html>启动后发现,index页面由user----000和admin—123都能登录,而admin用户还可以访问admin界面,user用户无法访问.
