其他分享
首页 > 其他分享> > Spring Security 简单使用记录

Spring Security 简单使用记录

作者:互联网

准备工作

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-security</artifactId>
        </dependency>

        <dependency>
            <groupId>org.springframework.boot</groupId>
            <artifactId>spring-boot-starter-web</artifactId>
        </dependency>

基于内存配置信息

  auth.inMemoryAuthentication().withUser("dream_admin").password("admin").authorities("addUser","showUser","delUser","updateUser");
     auth.inMemoryAuthentication().withUser("dream_add").password("add").authorities("addUser");
   auth.inMemoryAuthentication().withUser("dream_del").password("del").authorities("delUser");
       http.authorizeRequests().antMatchers("/**").fullyAuthenticated().and().httpBasic();
or
       http.authorizeRequests().antMatchers("/**").fullyAuthenticated().and().formLogin();

 

 

 

 

 

 

基于数据库配置信息

@Override
    public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
        //1 query user according to username
        //2 query related permission
        //3 add permissions into security configration
        UserEntity userEntity = userMapper.findByUsername(username);
        if(null == userEntity){
            return null;
        }

        List<PermissionEntity> permissionEntityList = userMapper.findPermissionByUsername(username);
        List<GrantedAuthority> authorityList = new ArrayList<>();
        permissionEntityList.forEach(permissionEntity -> {
            authorityList.add(new SimpleGrantedAuthority(permissionEntity.getPermissionTag()));
        });
        userEntity.setAuthorities(authorityList);
        return userEntity;
    }
        auth.userDetailsService(memberUserDetailService).passwordEncoder(new PasswordEncoder() {
            @Override
            public String encode(CharSequence password) {
                return MD5Util.encode((String) password);
            }

            @Override
            public boolean matches(CharSequence password, String encodePassword) {
                return encodePassword.equals(MD5Util.encode((String) password));
            }
        });
        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry expressionInterceptUrlRegistry = http.authorizeRequests();
        List<PermissionEntity> allPermission = permissionMapper.findAllPermission();
        allPermission.forEach(permissionEntity -> {
            expressionInterceptUrlRegistry.antMatchers(permissionEntity.getPermissionUrl()).hasAuthority(permissionEntity.getPermissionTag());
        });
        expressionInterceptUrlRegistry
                .antMatchers("/login").permitAll()
                //shutdown csrf
                .antMatchers("/**").fullyAuthenticated().and().formLogin().loginPage("/login").and().csrf().disable();

配置相应状态路径跳转

    @Bean
    public ConfigurableServletWebServerFactory  webServerFactory(){
        TomcatServletWebServerFactory factory = new TomcatServletWebServerFactory();

        ErrorPage errorPage400 = new ErrorPage(HttpStatus.BAD_REQUEST, "/error/400");
        ErrorPage errorPage401 = new ErrorPage(HttpStatus.UNAUTHORIZED, "/error/401");
        ErrorPage errorPage403 = new ErrorPage(HttpStatus.FORBIDDEN, "/error/403");
        ErrorPage errorPage404 = new ErrorPage(HttpStatus.NOT_FOUND, "/error/404");
        ErrorPage errorPage415 = new ErrorPage(HttpStatus.UNSUPPORTED_MEDIA_TYPE, "/error/415");
        ErrorPage errorPage500 = new ErrorPage(HttpStatus.INTERNAL_SERVER_ERROR, "/error/500");
        factory.addErrorPages(errorPage400,errorPage401,errorPage403,errorPage404,errorPage415,errorPage500);

        return factory;
    }

标签:return,记录,Spring,HttpStatus,ErrorPage,error,new,Security,password
来源: https://blog.csdn.net/qq_42322158/article/details/116334364